Re: ECMP
Hi Mr Spuluka,Good day,Thank you for perfect answer,Please could you advise me if I change the configuration from ECMP to PBR, Is this affect on Policy base VPN?Which I have Policy base VPN to 70 branch.
View ArticleRe: ECMP
The configuration of policy based VPN itself would not change when you use PBR. But depending on what traffic you have on the 5 upstreams and where the source and destination is on the network, the...
View ArticleClik here to view.
Re: NS-208 : imagekey.cer problem (netscreen 208)
thanks reply i'm late. because, my heart frozen and broke down.so please understand me your recommand command i knowi have a lot of experience ScreenOS update in my situation, i have a NS-208this...
View ArticleRe: NS-208 : imagekey.cer problem (netscreen 208)
thanks for reply...my repley is so late. very sorry to you...if you are engineer, you understand my condition in this situation. your advice is good and proprietybut, i can't find this product ScreenOS...
View ArticleRe: NS-208 : imagekey.cer problem (netscreen 208)
In short, you need a NS-208 image signed with new key.Sorry, but this is a very tough situation. JTAC is the only team that might be able to help you. But, NS-208 is EOL and I don' think you will be...
View ArticleRe: License
You are welcome!Please mark this thread as resolved if you feel your queries are answered.
View ArticleSimple block policy from "external" to "Untrust"?
Hi everyone, a simple question. I want to block an ip address, that tries to access my juniper directly. It tries to establish a VPN connection. This gets rejected because there is no VPN gateway...
View ArticleRe: Simple block policy from "external" to "Untrust"?
Hello, If it is an ISG1000 or ISG2000 or NS5200 or NS5400, you can use following command: set cpu-protection blacklist id (source-IP or range/subnet) (destination-IP or range/subnet) protocol 17...
View ArticleRe: Simple block policy from "external" to "Untrust"?
From what you stated, the firewall is already dropping it. If you do not want that traffic to arrive at the firewall, then you would need to block it upstream.
View ArticleRe: Simple block policy from "external" to "Untrust"?
1. Yes, it is a SSG5 and / or a SSG 140. Sorry...I missed to mention that. 2. No, the packet is not blocked. This is why I receive the messages, that a packet has been rejected, because no...
View ArticleRe: Simple block policy from "external" to "Untrust"?
As the traffic is destined to the IP address of the firewall itself, the only way to block these would be to drop them further upstream. All devices have to process the traffic that arrives on it and...
View ArticleRe: Simple block policy from "external" to "Untrust"?
So you tell me to either place another firewall in front of the SSG and filter there or ask my provider to block that "single" IP?I think I have to look for an alternative real quick.Thank you for your...
View ArticleRe: Simple block policy from "external" to "Untrust"?
One of the limitations on the ScreenOS platform is that there is no way to write security policies for traffic with a destination of the firewall ip address. (self traffic). There are some basic...
View ArticleRe: Simple block policy from "external" to "Untrust"?
Hello, Unfortunately with SSG5/SSG140, you will need to block the traffic upstream. Juniper SRX devices give you an option of 'firewall filters' which can be applied to interfaces to block such traffic...
View ArticleSSG-5 bgroup Interface IP vs. Manage IP
I have some SSG-5s that I set up years ago. The bgroup Interface IP AND the Manage IP are the same. I have read that this is the default condition. Yes I have!I have also received error messages when...
View ArticleRe: SSG-5 bgroup Interface IP vs. Manage IP
I am able to set the bgroup interface and manage ip to be the same using ScreenOS 6.3r23 on my lab device. What version of code are you running? Typically I erase both addresses and put the new...
View ArticleRe: SSG-5 bgroup Interface IP vs. Manage IP
Hello, When changing the IP address (Manage IP) of the bgroup from x.x.x.a/24 to x.x.x.b/24 through webGUI, device will throw a message that they can not be same. If you still go ahead with the...
View ArticleSuddenly WEBUI and SSH don't work on SSG-5
I was working on setting the manage IP address on this system when the WEBUI stopped working.Now neither the WEBUI nor SSH are working - but they had been.The SSG responds to pings at the right...
View ArticleRe: Suddenly WEBUI and SSH don't work on SSG-5
Hi Fred,+ Have you made any change after which you were not able to access the device?+ Are you able to telnet the device?+ Are you try to manage the device from the internal network or external...
View Article