Re: High cpu with small amounts of VPN traffic
When you use 256 bit AES encryption, it is done in CPU. If you have fragmentation, that will also increase the CPU load.
View ArticleNSRP, two SSG350Ms, and unmanaged switches in the Untrust Zone
Hi Guys, I've implemented the attached toplogy as a temporary measure whilst we decide the future architecture of our changing environment - only upstream interfaces are shown. So far this works...
View ArticleRe: NSRP, two SSG350Ms, and unmanaged switches in the Untrust Zone
Hi Mark, The Active/Passive setup looks fine and is as per the concept of NSRP. Your statement that the failover works seemlessly actually confirms it too.Regarding few packets seen on the snoop of...
View ArticleRe: High cpu with small amounts of VPN traffic
This is a design limitation. As mentioned in the previous response - AES-256 encryption-decryption is handled on the CPU of ISGs rather than on the ASIC chips. The CPU on these platforms can get...
View ArticleRe: Do you know how to configure PAT?
Hi Guys, can you please share configuration for NAT/PAT for MX-5t routers ? reply on : shirish2489@gmail.com
View ArticleSSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP
Hello Experts: Have an SSG5, I am currently connected to an Internet link of my ISP with dynamic IP at the ETH 0/0 interface and when checking in the interface list I see that it obtains a private IP...
View ArticleRe: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP
Good day, Are you following this KB? https://kb.juniper.net/InfoCenter/index?page=content&id=KB4582&cat=DNS&actp=LIST I am not sure if this applies, but it seems you can hardcode the...
View ArticleRe: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP
Unfortunately there is nothing the SSG can do to change its behavior. The SSG and client only knows the address that the ISP gave the SSG so that is all it can report to DynDNS. In this case your...
View ArticleRe: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP
I did exactly this without change in the IP, however I was clarified that the problem is on the side of the ISP I really appreciate the attention and response
View ArticleRe: SSG5 HOST DYNDNS IS ASSOCIATING THE PRIVATE IP
Thanks spulka, it's clear to me I will review this with my ISP
View ArticleHow to remove entry from BGP advertisment
Hello, We have BGP VPN to teo remote systems with IPs 172.188.32.45 and 172.188.33.45 . We are using same VR for both VPNs. How we could stop local network 192.168.6.0/24 to be advirtised via BGP to...
View ArticleRe: How to remove entry from BGP advertisment
Hi Beko, Please refer to KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB23528 . This explains with an example configuration. Thanks,PradeepPlease Mark My Solution Accepted if it...
View ArticleScreenOS - How can I read the "get session" output correctly?
Hi guys, Following a flow captured from an old NetScreen in my company (for security reasons, I changed the IP addresses):id 1916387/s1*,vsys 1,flag 00200440/4000/0003/0000,policy 2549,time 1, dip 0...
View ArticleVPN tunnels usage - SSG140
Hi,I´d like to know how to check the VPN usage for the SSG140.The get license shows 500 VPN Tunnels:SSG140A(M)-> get license-key Model: Advanced Sessions: 48064 sessions Capacity: unlimited number...
View ArticleRe: ScreenOS - How can I read the "get session" output correctly?
Many my dubts have been solved by this documentation:https://kb.juniper.net/InfoCenter/index?page=content&id=KB24728&cat=NS_5400&actp=LIST Nevertheless I don't still understand what are the...
View ArticleRe: ScreenOS - How can I read the "get session" output correctly?
Yes, the if number in the session output should match the interface number in get system. You can see if session is "working" by checking that there are packet counts in both directions. Typically the...
View ArticleRe: VPN tunnels usage - SSG140
correct the tunnel count is based on the active security associations on the device and the licensed limits.
View ArticleRe: ScreenOS - How can I read the "get session" output correctly?
Ciao Spuluka! ---------------------Yes, the if number in the session output should match the interface number in get system.---------------------in "get sys" output I can't see the interface number,...
View Article