Re: Upgrade Path
You can upgrade from 6.0 to 6.3 directly. But the Juniper signing keys have changed and you will also need to update the certificate as the first step in the upgrade process 1-upload new signing...
View Articlecannot get ssg5 software upgrade
Hello all,I am wondering if anyone can help. We purchased a SSG5 and before connecting to the internet we thought we'd upgrade the software.We contacted juniper and as we hadn't bought from an...
View ArticleRe: high cpu isg2000
The data is similat to the old one -> Syslog and ICMP Type-11, Code-0 consuming the most flow CPU resources. More than the syslog traffic, I would consider the ICMP traffic to be a problem. But the...
View ArticleClik here to view.
How to configure web-filtering?
Hello all, I have a problem regarding of web-filtering.I've used a filrewall : ISG-1000. I already know that ISG-1000 do not support to block HTTPS(443).So, I decided that I have to block URL by...
View ArticleRe: cannot get ssg5 software upgrade
The only option I can think of is to see if the current firmware on the device is one of the versions listed here as having the vulnerability. After this was released last year, Juniper did offer free...
View ArticleRe: How to configure web-filtering?
You only need the rule to be in the direction that the tcp session is initiated, number 1 in your case. But I don't think your white list url filter will work. My recollection is that there is no ssl...
View ArticleRe: cannot get ssg5 software upgrade
Cheers, The current version we are on is 6.1 which is much older. It is the security aspect that we were worried about and were hoping to upgrade. If 6.1 has no security issues I guess we can continue...
View Articlehow to do commit check and show | compare in NS500
Hi all Suddenly I find myself having to touch an old NetScreen 500 and I have only touched SRX before. I know in SRX there is show | compare and commit check. But reading through the NS500 CLI guide I...
View ArticleRe: how to do commit check and show | compare in NS500
ScreenOS doesn't use commit. As soon as you press enter on the CLI, the configuration is live. You do need to save the configuration to flash however. The command to do that is "save".
View ArticleRe: How to configure web-filtering?
The only way to use SSL decryption is with an external websense server. Also, traffic would never hit any rule below rule 3, as it is an any any rule.
View ArticleRe: Basic BGP Configuration
Actually this is still on hold. So I'd be able to do Active/Active and split out the one interface on each unit for the BGP configuration and then have the remaining traffic pass through SSG-1 until...
View ArticleRe: cannot get ssg5 software upgrade
There are the normal type of security patches up the ScreenOS software chain. But the one I mentioned above was more eqgregious and therefore prompted Juniper to allow upgrades outside of the normal...
View ArticleRe: Basic BGP Configuration
With ScreenOS NSRP clusters you don't need configure VRRP, the failover between interfaces is part of the clustering. And the two nodes do back each other up for the main flows. This document gives...
View ArticleRe: How to configure web-filtering?
Hello expert,But, I configured No.1 case to disable... Should I revert something sir?SK.
View ArticleRe: cannot get ssg5 software upgrade
Hi Steve, Yes we bought it used. What annoyed us is that the only reason Juniper can't create a new contract for us is because their systems cannot handle pricing for a EOL product. We offered to pay...
View ArticleRe: Basic BGP Configuration
Thanks Spuluka. Would something like this work (using static routing for now, will have to modify for BGP): Device Aset nsrp cluster id 1unset nsrp vsd-group id 0set nsrp vsd-group id 1 priority 1set...
View ArticleRe: Basic BGP Configuration
You need to put the two ip addresses onto different interfaces. The two VSD groups are used on the same interface when you have addresses in the same subnet that can be used for failover on that...
View ArticleClik here to view.
is my packet going out of the firewall or not!?
Hi all I need a bit of help with one, cause I am very new to NetScreen so I am a bit confused by this debug trace that I took. It seems to me that my packet is leaving the firewall, but at the same...
View ArticleRe: is my packet going out of the firewall or not!?
The packet isn't being sent out as ARP for C.C.C.C is failing. search route to (ethernet1/2.1, B.B.B.B->A.A.A.A) in vr trust-vr for vsd-0/flag-3000/ifp-ethernet1/2.9 [ Dest] 14.route...
View Article