L2TP over IPsec to Microsoft RRAS
I have a Routing and Remote Access Server behind my SSG and I would like to use it for L2TP VPN. When I try to forward UDP 500 using VIP on my interface, I get a message saying it's not supported, 500...
View ArticleRemove a VPN Tunnel
Hi, I 'simply' need to remove a VPN tunnel from my SSG 140 firewall. When I go to the VPN>Auto Key and hit rrmove on the tunnel I need to delete, I get the following message... This VPN has tunnel...
View ArticleRe: Azure Dynamic Gateway VPN - IKEV2_E_AUTH_PAYLOAD_FAILURE - SSG-500
See - Azure-vpn-config-samples/tree/master/Juniper/Current/SSG or the attachment. It's working for SSG-140 ScreenOS 6.3R21. Don't be worry about these messages, it works either: Nov 4 12:31:09...
View ArticleMIP on one of the trust network IP device for DMZ access
Hello, It a SG140 FW. I have a device in trust network which I want it to be seen by DMZ device by using MIP 1 to 1. I don't want to use any routing between DMZ and trust network. Anyway to do...
View ArticleRe: L2TP over IPsec to Microsoft RRAS
The issue is that only one device can use a specific ip address & port combination at a time. Since the SSG is using this port you cannot forward it to another device. Since this is a protocol...
View ArticleRe: Remove a VPN Tunnel
You would remove the AutoKey IKE object first, I suspect this is still there. Then remove the tunnel binding from the Autokey Advanced > GatewayThen remove the Autokey Advanced > gateway object...
View ArticleRe: MIP on one of the trust network IP device for DMZ access
I don't see why this would not work. A little unusual application, but the feature seems to apply. Create the MIP on the DMZ interfaceCreate the policy from "any" address or the specific ones you want...
View ArticleRe: MIP on one of the trust network IP device for DMZ access
Thanks for your feedback.Yes it special request for this to work on in such a way. I did on what you mentioned on the DMZ interface create the MIP as belowMAPPED IP is 10.1.1.250Host IP is =...
View ArticleRe: MIP on one of the trust network IP device for DMZ access
You have the use the MIP object on the Trust side of the policy to be sure to involk the translation, not the "any" object.
View ArticleSSG Firewall log compression transfer.
Hi, On the ssg 550 firewall, Ftp or otherwiseCan I send the log to another server as a compressed file? Please answer me. Thank you.
View ArticleRe: MIP on one of the trust network IP device for DMZ access
Hello thanks for the feedback. Tried on it still no luck. Policy as below.Trust (source-any) DMZ(destination-MIP 10.1.1.250) permit.DMZ(destination-MIP 10.1.1.250) Trust (source-any) permit.
View ArticleRe: MIP on one of the trust network IP device for DMZ access
Sorry for the confustion, but you have the policy backwards. Your policy should be any device in the DMZ zone and your MIP is the server in your Trust zone.
View ArticleRe: MIP on one of the trust network IP device for DMZ access
Sweet child of mine!!!!!!!!!!!!!!!!!! Works!
View ArticleSSG5 Performance Issues
Hello New to the foruma. I have issue when trying to transfer larger files like 2 to 3 Mbps through different zones in the SSG5. I did a get inter eth0/3 and see below it shows a half-duplex...
View ArticleRe: SSG5 Performance Issues
Hi , You can experience the latency due to incorrect duplex settings . I would suggest you to configure the interface e0/3 to full duplex and also change the duplex of HP HP V1910-48G switch to full...
View ArticleRe: SSG5 Performance Issues
I frequently see this happen when one side of a link is half duplex. You will not see the errors on the one side but the other side will show lots of errors. I suspect the switch port would show the...
View Article[ASK] apply pbr on sub interface Juniper ssg550
Hi, I about to configure PBR on my customer ssg550 production device,so it seems i need apply the PBR on subinterface. is anyone has ever tried configure PBR and apply it on subinterface?is this will...
View ArticleRe: SSG Firewall log compression transfer.
Hi Tae, You will not able to able send the log file as a compressed file from firewall.The logs file can be saved to TFTP server in .txt fomat. For Example, You can try to save the output of the get...
View ArticleRe: [ASK] apply pbr on sub interface Juniper ssg550
Hi Rajas, You can apply PBR configuration on subinterface. It should work without any issues. You can take reference of the below mentioned configuration which I tried in lab: Sample Configuration: 1....
View ArticleRe: SSG140 Different Interface Routing and VLANs
Thank you Gokul, this worked well. Apologies for taking so long is accepting the solution.
View Article