Re: Route based VPN Trust Zone Multiple Site IP range
Hello, It looks like, HQ FW is nating all the traffic coming out of tunnel from Site B to HQ firewall's LAN interface IP. Is there a specific requirement to do this? If not, you can just remove this...
View ArticleRe: Route based VPN Trust Zone Multiple Site IP range
Dear Rushi, Appreciate on you response. The reason i'm nating the src is due to the routing issue from the server side. After create the VPN, Site B can ping to Site A firewall IP trust zone...
View ArticleSecurity Board x CPU x unresponsive Problem
Juniper ISG1000 showing Security Board x CPU x unresponsive on its event log with critical level.Software Version: 6.3.0r16a.0, Type: Firewall+VPN (Only as a Firewall no IDP, IDS).Active/Passive...
View ArticleRe: Security Board x CPU x unresponsive Problem
The impact is that you will have less capacity for processing on the ISG. Unfortunately, the syslog message manual has not help on how to troubleshoot this issue....
View Articlescreenos 6.0.0rx
I need the firmware 6.0.0rx because the SSG5 appliancce have the version 5.4.0r16 and I hope to pass to the version 6.2.0rxCan you send me the firmware or the linkk to download?Thanks a lot
View ArticleRe: screenos 6.0.0rx
Please check http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_upgrade.pdf page 8 & 9 (upgrade path) . If device is at 5.4.r16 then you don't need any intermediate upgrade, you...
View ArticleRe: screenos 6.0.0rx
after i proceed the upgrade the sreen console show me: TFTP SucceededSave to flash. It may take a few minutes ...platform = 25, cpu = 12, version = 18 update new flash image (020dc920,15240212)platform...
View ArticleRe: screenos 6.0.0rx
I already have mentioned you may hit situation and have given few link which gives details about this issue. For now you can bypass the image authentication using the below command and then proceed...
View ArticleSite to Site VPN NAT between SSG Firewalls and Checkpoint
Hi, I have the following setup and would like to do VPN and NAT Public IP from VPN FW to Checkpoint: SSG 140 (VPN FW) -> SSG 20 (DMZ FW) --> INTERNET -->CHECKPOINT Any tips on this? Thanks in...
View ArticleRe: Site to Site VPN NAT between SSG Firewalls and Checkpoint
Hi, Please check the below few docs and let me know if they help :...
View ArticleHi Thank you for the links. I configured VPN tunnel on th...
HiThank you for the links. I configured VPN tunnel on the VPN firewall but my challenge is the DMZ firewall in front of the VPN firewall. How do I pass through this firewall? I was thinking port...
View ArticleClik here to view.
Re: How to restrict access of specific dial up VPN IP to internal network on...
Hello, sorry i am not able to post currect SSG config I have tried with another GTW and Phase2 but this didi not help
View ArticleRe: Site to Site VPN NAT between SSG Firewalls and Checkpoint
I have configured route based VPN tunnel and NAT on the VPN Firewall which is behind a DMZ firewall. Can you advise me how I can pass VPN and NAT through the DMZ firewall? The setup is like is this...
View ArticleSecondary IP Address
Hi, I'm trying configure VPN and NAT on SSG140 which behind a SSG20 DMZ firewall. Currently there is a public ip subnet on the primary interface on the Trust interface of the DMZ. I have to use a new...
View ArticleRe: Secondary IP Address
OWA and a load balancer resides in the DMZ and uses the secondary ip address as their gateway and it works. Don't understand why the DMZ can't ping this secondary ip on the Trust interface.
View ArticleRe: Secondary IP Address
Please check if below solves your query: Incoming traffic is supported for devices on the same subnet as the secondary IP; but traffic that is directed to the secondary IP itself will not generate any...
View ArticleRe: Secondary IP Address
If this limitation is a problem, you could create a tagged sub interface and place the new ip range on this instead of a secondary ip address. this interface could be placed into the same zone as the...
View ArticleRe: Site to Site VPN NAT between SSG Firewalls and Checkpoint
1: If your VPN FW has public IP then why are you doing any NAT on the DMZ firewall?2: If you are using any secondary IP on VPN FW firewall and want it to respond ato any traffic destined to it then...
View ArticleRe: Site to Site VPN NAT between SSG Firewalls and Checkpoint
Hi, We have client on the remote end that require us to hide source address behind a single IP address. The NAT is configured on the VPN FW. I will configure the subinterface with tagging. Do I need...
View ArticleRe: Site to Site VPN NAT between SSG Firewalls and Checkpoint
If you have everything setup on the VPN firewall then no need to do anything on the DMZ firewall, just make sure it doesn't do any NATting for VPN/NAT traffic coming from the VPN firewall. Thanks,Vikas
View Article