Re: VPN users in another security zone
Hi, Usually VPN policy lookup happens from the decryption interface's zone to the destination address zone. And mostly it's either untrust to LAN side or tunnel interface zone to LAN side zone. 1: Is...
View ArticleRe: VPN users in another security zone
Hi, It is Policy based VPN. I reffer to users connecting to VPN from outside (Internet).
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
Hi, I tried to make the vlan1 trunk port, but wether it is set or not, I still can't access the WebUI.I also tried to retag my management vlan from actual tag 30 to tag 1, but won't help. I'll try...
View ArticleRe: VPN users in another security zone
I understand that you are using policy based dial-up vpn. By default it should be using IKE gateway interface as source zone(e.g. Untrust). So you would be using a policy e.g: set policy from "Untrust"...
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
If nothing works then we can do a debug flow basic to see wha't happening with the incoming management traffic. https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208 Thanks,Vikas
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
When in transparent mode the mgmt vlan1 is always untagged. ScreenOS expects the device to be in a single broadcast domain and the ip address for management in untagged frames. I am pretty sure this...
View ArticleClik here to view.
SSG550M Active/Passive HA Link
Hi guys. I am about to configure 2xSSG550M in L3 Active/Passive HA mode. Is it possible to connect the HA link passing through switches? These 2 SSG5 will be connected to EX3300 series switches. Refer...
View ArticleRe: SSG550M Active/Passive HA Link
Yes, you can connect the HA links via switches when necessary. See the monitoring setup discussion in this kb article on how to test these links....
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
Hi, Hmm okay, what could then be the solution? Putting the NS50 in L3 mode with as many sub IFs as vlans?Or maybe placing it in front of the router? But then I'm not sure how to access the WebUI.. Any...
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
This is an unusual setup. But I think it should work. Add the desired interfaces to a bgroup create sub interfaces on the bgroup for each vlan and assign the necessary tagon the mgmt vlan also assign...
View ArticleProblem VPN between ScreenOS firewall and USG Huawei firewall
Hi , I have problem VPN between ScreenOS firewall and USG Huawei firewall inet-------SSG 5juniper --------------- USG Huawei ------ inet dynamic ip static ip...
View ArticleRe: Problem VPN between ScreenOS firewall and USG Huawei firewall
Hi- When you have one side dynamic vpn and the other is static you need to use "Aggressive Mode" instead of "Main mode" at both sides .- As the SSG device has a Dynamic IP , we would be using FQDN...
View ArticleRe: NetScreen 50, transparent mode, tagged vlans and webui?
Hi, Thanks to both of you! I'll make it this way, we'll see if it works.I think it will also be easier to manage trafic that is flowing through the FW. Again, thanks for your help!~Kiwis.
View ArticleIPSec VPN between SSG 140 and WatchGuard M300
Does anyone have any experience in getting a SSG140 setup with a WatchGuard firewall (M300) with regards to an IPSec VPN? Reluctantly, I am moving away from SSG and wanted to make sure Co-existence...
View ArticleRe: IPSec VPN between SSG 140 and WatchGuard M300
Ni first hand experience. But, if you can post a screenshot of the proposal sets available on the watchguard, it would help.
View ArticleRe: IPSec VPN between SSG 140 and WatchGuard M300
You can create custom sets on the SSG so you can simply use the default on the WatchGuard and build a matching proposal set on the SSG: Web menu:VPN > AutoKey Advanced > P1 Proposal VPN >...
View ArticleRe: IPSec VPN between SSG 140 and WatchGuard M300
Hi everyone, Here is a link to the P1 and P2 options. WatchGuard Phase 1 and 2 I did see the options in the SSG to create a custom P1 and P2 but I could not pair the values up with the WatchGuard ones.
View ArticleRe: IPSec VPN between SSG 140 and WatchGuard M300
I see most of the supported encryption,hash,auth alogorithems on the Watchdog. Please let me know what combination you want to try and we can let you know how to check that on the netscreen. Or please...
View ArticleRe: IPSec VPN between SSG 140 and WatchGuard M300
Hi Vikassingh, I don't have a WatchGuard unit in front of me. Before I get an eval unit, I wanted to make sure that is was possible and from the sound of it, it should be. As for the combination, I...
View ArticleRe: After upgrading ScreenOS, have a problem.
Similar issue, Cannot bind image.cer file as cannot enter CLI mode.did you find any solution? please post here. ********Invalid DSA signature********Bogus image - not authenticated
View Article