Re: SRX to SSG5 Route-based VPN with GRE?
Steve, Thanks kindly for your reply, but I think are signals are getting a bit crossed here: - I'm not attempting to "run IPSEC over GRE", I would like to run "GRE inside/through IPSEC", which is very...
View ArticleRe: SRX to SSG5 Route-based VPN with GRE?
GRE over IPSEC is supported by both ScreenOS and Junos. I think you read the kb incorrectly. What the kb seems to me to say is that you need the screenOS vpn tunnel interface and gre interface in the...
View ArticleRe: SRX to SSG5 Route-based VPN with GRE?
In Juniper (both ScreenOS and Junos) OSPF and multicast are supported natively in the IPSEC tunnel - no need of GRE tunnel inside the IPSEC tunnel. This scenario is only needed for compatibility with...
View ArticleRe: SC-CPA on SSG5 not function
HI STEVEThe Url Filtering is Disable, whats happening?Thanks,RAFAEL
View ArticleRe: SC-CPA on SSG5 not function
Sorry, I'm not sure what you mean by disabled. First, I want to confirm that your license is recognized and installed. you should see the expiration date here: Configuration > Update >...
View Articlehigh CPU utilization
Dears, i have SSG350 firewalls, recently i noticed that the CPU is getting veryhigh on peak time during the day (check attached image), logs are not showing any kind of attacks on the firewall, i need...
View ArticleRe: SRX to SSG5 Route-based VPN with GRE?
Thanks, Mircho. It would be helpful if I could find some literature that spells that out 100%, even if it's a specs sheet, or whitepaper, etc. There seems to be a lot ot ambiguity about it. To...
View ArticleRe: high CPU utilization
You will need to get the cpu utilization details during the period when this occurs on the CLI. This will help identify the source of the cpu utilization.get perf cpu detaiFollow the instructions...
View ArticleRe: SRX to SSG5 Route-based VPN with GRE?
I can't find any clear documentation for you. But I can assure you that both ScreenOS and Junos can run OSPF directly on the vpn tunnel interfaces and pass the OSPF multicast making full neighbors....
View ArticleRe: SRX to SSG5 Route-based VPN with GRE?
I follow you now. Thanks. So I'm looking at the syntax from the Day One guide, and it looks like it assumes you are only passing a single network between SRX/SSG. In the even that you wanted to...
View Articlessg14- Report - Interface Bandwidth
I see total allocated gbw with a value. I have checked few other ssg140s they dont see that value.I dont have any traffic shapping configured on this interface. bandwidth: physical 1000000kbps,...
View ArticleRe: SRX to SSG5 Route-based VPN with GRE?
Yes, the sample is showing just on local subnet and the vlan interface on the SRX. This could also be multiple interfaces as your note. But you can have the vlan side of the OSPF setup on the switch....
View ArticleRe: SC-CPA on SSG5 not function
the report from the License information is:...Drp: EnableDeep Inspection: EnableDeep Inspection Database Expire Date: DisableSignature pack: Signature update key is missingIDP: DisableAV:...
View ArticleNetscreen Redundant Interface
In Redundant Interfaces, when one of the interface is active and other is passive, and we configured OSPF over that redundant interface, will disabling of the primary interface in that redundant...
View ArticleRe: Netscreen Redundant Interface
Hello, Redundant interface has a MAC address of the first interface added while creating it irrespective of which physical interface is up. So as long as both the physical interfaces are part on same...
View ArticleRe: SC-CPA on SSG5 not function
You setup shows that the url filtering license is not installed at all on the device. So perhaps this was factory reset or otherwised missed. Was the url filtering license previously installed and...
View ArticleDisable Interface? (Reposted in right topic)
Accidentally posted this in the JunOS thread... firewall in question is running ScreenOS, I have a bit of an odd issue. I have a firewall with two VPN tunnels up to two different VPN hubs. I need the...
View ArticleRe: Disable Interface? (Reposted in right topic)
You can do this with a route based VPN using floating static routes and VPN monitoring with rekey. Enable monitor with rekey on the VPN for hub1, then set your route preference for that VPN lower than...
View ArticleRe: Disable Interface? (Reposted in right topic)
Thank you for the reply! I actually tried that this morning... Tunnel.1 bound to Hub1Tunnel.2 bound to Hub2Both VPNS set monitor optimized rekey set route HUB2_WAN_IP/32 interface tunnel.1 preference...
View ArticleRe: Disable Interface? (Reposted in right topic)
Disable monitor/rekey on the Hub2. Unfortunatly, you will have to wait for the hub2 IKE to time out before it will show down. If both sides are set with the floating routes, then when hub1 comes back...
View Article