Re: ssg140 passive fw taking traffic
The passive node should only accept traffic addressed to the mgmt ip addresses on the device. If you are sure the policy counts are incrementing while the device is passive, I would start by running...
View ArticleClik here to view.
Re: NetScreen 204 Intermittent connectivity issues
Running Wireshark shows the following :
View ArticleRe: NetScreen 204 Intermittent connectivity issues
It has got only Client sending packets, what is coming from server? Can you attach the whole pcap file during the issue? BR,Vikas
View ArticleError in updating attack database on ISG2000-IDP
Error Code:Error Text: Exception caught during Update Device:Device has returned an Error. The file might be invalid one. Return value: -4904Error Details: No Details Available.
View ArticleNSRP issue
Any one experienced any issue related to nsrp, in which backup firewall countinously getting the bgp idle message logs and keep on refereshing the dns entries. The firewall in question is acting as...
View ArticleRe: Error in updating attack database on ISG2000-IDP
Error Screenshot attached.. IDP files version: detector2.so 3.5.141421 engine 3.4.139311 pcid 3.4.139311 scio 3.4.139311 get chassisChassis Environment: Power Supply: Good Fan Status: GoodCPU...
View ArticleRe: ssg140 passive fw taking traffic
I am also facing some what similar issue, in which seeing BGP state change and DNS connection messages are generated from backup firewall and getting failed.
View ArticleRe: NSRP issue
But since the interfaces are in down state so why the firewall is generating the bgp message of going to IDLE state and actual status of bgp is in ACTIVE. Similar to the DNS query why an backup one is...
View ArticleRe: NSRP issue
For the DNS entries, the firewall cannot have a policy that does not contain an IP address, and the DNS host cache does not sync between the two devices. As such, each device must do their own DNS...
View ArticleRe: Error in updating attack database on ISG2000-IDP
This kb describes the issue, you will need to identify which attack objects are not compatible with your platform and edit the rules accordingly....
View ArticleNetScreen IPSEC VPN
I have run into a brick wall trying to setup an IPSEC site2site VPN with a Juniper ISG 1000 on one end and a Cisco router on the other. What makes this configuration even more complicated is that I...
View ArticleRe: NetScreen IPSEC VPN
1: Do you have route configured to point the traffic to the tunnel interface? other routes are in place?2: 'get event' should show the vpn related event, whether device tried to initiate IKE packets or...
View ArticleRe: Error in updating attack database on ISG2000-IDP
Hi Error is related to invalid file Device has returned an Error. The file might be invalid one. Return value: -4904 Please attached Error Screenshot for exact issue Regards,Prem
View ArticleRe: NetScreen IPSEC VPN
1. I do have a route that point to the tunnel.6 interface2. 'get event' returns nothing regarding the VPN tunnel3. I pretty much followed these instructions with the exeption of step 1.4 I used a...
View ArticleRe: NetScreen IPSEC VPN
1. The IKE gateway should be bound to loopback and not the physical IF2. The physical IF and loopback should be in the same zone Also, enable 'rekey' along with monitoring.
View ArticleRe: NetScreen IPSEC VPN
Changing it to the loopback interface and setting the rekey option does force the tunnel to initiate. Unfortunately now I'm working through another problem. I'm getting this on my Cisco device logs:...
View ArticleRe: NetScreen 204 Intermittent connectivity issues
So... to troubleshoot we took out the switch that runs from the firewall to the wireless router and connectivity has returned to normal and has been stable for almost 3 days. We surmise that someone...
View ArticleClik here to view.
SRX to SSG5 Route-based VPN with GRE?
Alright, so here it goes: I nailed up a simple lab environment, after a few attempts of failing, and now successfully have a functional Route-based IPSEC Tunnel between an SRX100B and SSG5. The code on...
View ArticleRe: SRX to SSG5 Route-based VPN with GRE?
I'm the author of Recipe #12 in the 2014 Cookbook. I have not generally used gre over ipsec in recent years because I'm comfortable with the level of encryption security provided by current IPSEC...
View Article