Re: HMAC-SHA256 backward compatibility to 128 bits
I have checked few other VPN flow basic and it seems size=96 is not Truncation in your flow basic output, it's length of data with padding that will be encrypted as per encryption algorithm-CBC etc....
View ArticleClik here to view.
Low memorry on SSG5
Hi, Please look at the picture below. It just happned this morning that the system has low memorry. Could you please show me a way to check and fix ? Am I under an attack? Thanks Loc
View ArticleRe: Low memorry on SSG5
Attacks usually spike the CPU, not the memory. A few things I would suggest. 1. Upgrade to 6.3r222. Check the number of sessions you have on the device (get session info)3. Check what is using the...
View ArticleClik here to view.
Re: Low memorry on SSG5
The result as above, please have a look and advise. Thanks Loc
View ArticleRe: Low memorry on SSG5
Looks like it is due to the number of active VPNs you have. What does "get sa active" show?
View ArticleClik here to view.
Re: Low memorry on SSG5
The logging you show for user accounts suggests there are scripts trying to access your device regularly. You can prevent this by applying the manager-ip filters and restrict login to only ip address...
View Articleannouncement of ext DIP prefix in BGP
Hi,I have an ISG2000 (6.3.0) with two L3 external interfaces, running BGP over both for redundancy. Outbound NAT is achieved by having both of these interfaces in a loopback-group, and then utilising a...
View ArticleRe: announcement of ext DIP prefix in BGP
Hi,Perhaps you could configure the range as a secondary IP address on the loopback interface?Cheers,Ashvin
View ArticleRe: announcement of ext DIP prefix in BGP
Hi Ashvin, Thanks for the suggestion. I had thought of that too, but secondary ips cannot be added to loopback interfaces unfortunately. /Pete
View ArticleRe: announcement of ext DIP prefix in BGP
Have you tried proxy ARP for the return traffic, check if this helps. set interface interface proxy-arp-entry <ip_min> <ip_max> unset interface interface proxy-arp-entry <ip_min>...
View ArticleRe: Unable to come out of Firmware boot loader in ISG 1000 and unable to...
Dear PradeepSK, We have same issue , Could you please share the old boot Loader. Thanks in advance. BR
View ArticleRe: announcement of ext DIP prefix in BGP
I believe you can do this using the manual prefix addition with the "no check" option. For the above command to work, you need to have one active route for this prefix in the local routing table....
View ArticleRe: announcement of ext DIP prefix in BGP
Hi Steve, Perfect, that did the trick, thanks! /Pete
View ArticleSSG 140 Backup NSRP set to ineligible
Hi, I have an issue that in my NSRP pair one is set to ineligible. Whilst not normally a major issue, these devices were set for the same management IP so only the Master could be accessed....
View ArticleRe: SSG 140 Backup NSRP set to ineligible
I'm not clear on exactly what your issue is here. Do you not know how to remove ineligiable from the backup device or are you saying you cannot access the backup device on the node specific ip address?
View ArticleRe: SSG 140 Backup NSRP set to ineligible
Hi, I know how to remove the ineligible status. I cannot access the device. Since the Management IP is the same on both unit and access is only to the Active Unit it means I cannot access the Backup...
View ArticleRe: SSG 140 Backup NSRP set to ineligible
Thanks for the clarification. I'm not aware of any way to access a device without a mgmt ip assigned. And I can't find any documentation in searches for controling the slave from the master node. the...
View ArticleRoute based VPN Trust Zone Multiple Site IP range
Dear All Expert, Ive created route based VPN for 2 sites.The scenario as below: Site A (HQ) -Trust bgroup (LAN): 10.20.5.27/25 -Site A will connected to servers in LAN environment ie: 10.20.5.7/24 Site...
View Article