Policy shows grey even when domain name is resolved.
When I add a policy on ssg550 Trust to untrust . I am adding domain name in untrust which fw is able to resolve. But still this policy comes as greyed .
View ArticleRe: Policy shows grey even when domain name is resolved.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB4113&actp=search is the KB to configure adress, use doamin instead of IP. Also, make sure you have dns server ip configured/reachable...
View ArticlePolicy Source NAT over an IP SEC VPN
Hi I have a need to configure NAT on a Juniper netscreen 500 firewall running OS 5.4.0r21.0 (Firewall+VPN). Old I know, but I cannot do anything about this for now. I am unfamiliar with NAT on a...
View ArticlePython Paramiko with netscreen
Hello, I am trying to use python script to connect to netscreen firewall using paramiko and grap some commands output. It works fine with Juniper SRX, however it is not working on netscreen. If any...
View ArticleRe: Policy Source NAT over an IP SEC VPN
As you have realized, in this situation both sides of the VPN need to do NAT to overcome the routing issues for the communications subnet. These are the ScreenOS side instructions. I am not sure, but...
View ArticleRe: Python Paramiko with netscreen
I would start by trying a smaller return command. The get config returns a lot of data. This is only one line. get domain This will help determine if the issue is command specific or general.
View ArticleRe: Python Paramiko with netscreen
I manage to fixed after changed my code remote_conn_pre = paramiko.SSHClient() remote_conn_pre.set_missing_host_key_policy( paramiko.AutoAddPolicy()) remote_conn_pre.connect(ip, username=username,...
View ArticleNetScreen 204 Intermittent connectivity issues
Hello, We have an older 204 that we're using to DHCP addresses for our DMZ that as of the last week has started to become unreliable... when looking through the logs, there are hundreds of lines of...
View ArticleRe: NetScreen 204 Intermittent connectivity issues
Below is the details of the error you are referring to : Message: MAC address %m has declined address ⟨IP address⟩.Meaning: The DHCP client has detected an IP address conflict and has declinedthe...
View ArticleRe: NetScreen 204 Intermittent connectivity issues
1. The fact that it shows 0.0.0.0 is confusing. We tested what the log would look like if there was an actual IP conflict in place and instead of declining 0.0.0.0 it showed the actual address it was...
View ArticleRe: NetScreen 204 Intermittent connectivity issues
It seems client is sending DHCP DECLINE message which will not have any source address, same as DHCP discover/request messages. this could be the reason you are seeing 0.0.0.0 there. If you know any...
View ArticleRe: NetScreen 204 Intermittent connectivity issues
When we typically see a decline though it shows as : MAC address 54e2ab4f6383 declined address 192.168.x.xIP address 192.168.x.x is assigned to 54e2ab4f6383 And in our current logs, we see the IP...
View ArticleRe: NetScreen 204 Intermittent connectivity issues
If we know when and on which device issue will happen next OR if we can reproduce the issue then a packet capture on the client during the issue state can be helpful. Thanks,Vikas
View ArticleSSG550M Firmware upgrade from 6.3.0r15a.0 to 6.3.0R22
Hi All, My colleague to try upgrade the firmware from 6.3.0r15a.0 to 6.3.0R22 but it's was unsuccessful. Kindly advice do we have to upgrade the firmware patch by patch or is there any other way that...
View ArticleRe: SSG550M Firmware upgrade from 6.3.0r15a.0 to 6.3.0R22
Upgrade from 6.3.0r15a.0 to 6.3.0R22 doesn't need any intermediate upgrade, you directly can upgrade to the 6.3.0R22. If you are getting **bogus image***** , image uthentication failed then please...
View ArticleRe: VPN failing at early IKE state
The preshared key was re-entered and it worked. Thank you for your assistance. Appreciate it.
View Articlessg140 passive fw taking traffic
I have ssg140 in active/passive working. For some reason Trust interface on passvie which shows Inactive is taking traffic.
View ArticleRe: ssg140 passive fw taking traffic
How are you seeing the traffic on the passive device? They will accept self traffic for the mgmt interfaces but should not be accepting transit traffic packets.
View ArticleRe: ssg140 passive fw taking traffic
Via monitoring tool and also when I check policy logs on passive firewall.Regards,Inderjit Singh | IP Network EngineerD: 61399234394 E: inderjit.singh@commander.comA: Level 3, 55 King Street,...
View Article