Re: load balanced Netscreen 204 | 2 ISP
You could use Equal Cost Multipath, then track-ip to monitor/control the interface status.
View ArticleRe: load balanced Netscreen 204 | 2 ISP
Hello, Thank you, about the ecmp I will have problem with the http went sessions right, cause I don't have my owns public ips. Do you test this? Or any guide to do it? Best regardsRh
View ArticleSSG ScreenOS, Source routing and IP tracking
Hi ScreenOS boffins out there,I have a need to get as much parity in WCCP as I can from ScreenOS.I think PBR/Source Routing with IP tracking/monitor will do it.It will give me failover with link...
View ArticleRe: How can I deal with SPEED?
What are the subnet masks and interface configurations for the DMZ? Are the VIP and "real" addresses here overlapping? does the DMZ interface overlap with the untrust interface? For other factors to...
View ArticleTCP DUP ACK
Hi, Have a SSG140 that is generating Tcp dup ack packets and retransmission.Have not fault with switch behind (changed ports), MTU match all over (1500) and there is no packet loss.Changed the firewall...
View Articletrust and untrust for the same network
Is it logical when a screen OS configuration has trust and untrust for the same network? set address "Trust" "89.111.0.0/255.255.0.0" 89.111.0.0 255.255.0.0set address "Untrust"...
View ArticleRe: trust and untrust for the same network
Generally not. Those are address book entries, so they are user defined.
View ArticleRe: TCP DUP ACK
The firewalls do not generate duplicate ACKs unless they are doing SYN proxy. Do you happen to have these devices in a cluster?
View ArticleRe: trust and untrust for the same network
Its also Junos concept[edit]master@SRXme# run show configuration | display set | match 10.222.0.0/16 set security zones security-zone untrust address-book address VOICE_LAN 10.222.0.0/16set security...
View ArticleRe: TCP DUP ACK
Hi,Both firewalls are standalone.I see both tcp dup ack and retransmission in the packet dump. As far as I can see this problem occure when the packets goes thru the firewall.
View ArticleRe: TCP DUP ACK
Have set up a port-mirror on the ex4200 infront/befind the ssg140.On wan I see tcp dup ack, but on lan (trust) i see massive tcp out-of-order.
View ArticleRe: How can I deal with SPEED?
Thank you for replying.But, I already solved..That's why my customer do not increase the connection number at Server.Hmm... Anyway, in order to reply to your response,What are the subnet masks and...
View ArticleRe: Closed - Parent Close
I have a similar issue: but I cannot just diable something as it is a production environment. Currently ALG is in enabled state for me. Can you please suggest what would happen if I disable it?
View ArticleRe: Monitor/Alert on config out of sync
Hi Thanks for the response. Yes, we are using SIEM for logging. But, Im having trouble finding info on an event being logged for the firewalls being out of sync. But, that would be ideal if that is...
View ArticleRe: Monitor/Alert on config out of sync
I found a pdf with all the screenos messages. I think this one on page 208 is the one to search for. MessageThe NSRP configuration is out of synchronization between the local device and the peer...
View ArticleRe: Monitor/Alert on config out of sync
Hey Thanks for the information. If I do a “get log system” it has the log messages that I am looking for. If I can get them to log to our siem via syslog I can alert on that. But, I cannot find...
View ArticleRe: Monitor/Alert on config out of sync
These are "event" messages on the ScreenOS setup. This particular one is "critical" level. You need to make sure two things are configured: Configuration > Report Settings > log settings For the...
View Articlescreen OS to SRX
hello Champion, here i am facing a little problem while converting security policies from screen OS to SRX please if anybody convert the below config or guide me either iam going right way or not ? set...
View ArticleRe: screen OS to SRX
set security policies from-zone DMZ1 to-zone Trust policy 326 match source-address NCR Outbound SSLset security policies from-zone DMZ1 to-zone Trust policy 326 match source-address NCR Predictive...
View Article