4byte (32bits) BGP AS on SSG5 (6.3.0r24)
Hi All, Due to peering network changes I need to change the AS number from 16 to 32bits.However, even with the latest ScreenOS this seems not possible.In the virtual router I can only select up until...
View ArticleRe: 4byte (32bits) BGP AS on SSG5 (6.3.0r24)
Only 16 bit AS numbers are supported in ScreenOS.
View ArticleRe: 4byte (32bits) BGP AS on SSG5 (6.3.0r24)
Once software at Juniper goes EOL, they still have releases several times a year, for ScreenOS the last post was on June 1st. However, these are maintenance releases that have bug and security fixes....
View ArticleClik here to view.
Help with a security policy issue
Hi all - hoping for a little bit of peer advice here: i have an SSG 550M 'hub' fw which tunnels out to several remote internet based juniper fw's. We create tunnels between them and route the traffic...
View ArticleRe: Help with a security policy issue
You would need to run a debug flow basic to see how the traffic is being processed. It's possibly an issue with the routing. https://kb.juniper.net/InfoCenter/index?page=content&id=KB23844#basicdebug
View ArticleRe: Help with a security policy issue
I agree this is most likely a missing or incorrect route. Run this on the cli get route prefix 192.168.222.0/24 confirm that the whole subnet is correctly pointed to the expected tunnel interface and...
View ArticleRe: Help with a security policy issue
thank you - so in this case actually this SSG 550 does have MULTIPLE routes for various segments of the 192.168.222 network...in this case its 192.168.222.80/28 that i want to route out via my tunnel....
View ArticleRe: Help with a security policy issue
1: debug flow basic will give you all the details, why it's getting blocked.2: In your logs there some Source NAT when it's working and there is no nat when it's not, not sure if this is relevant.3:...
View ArticleRe: Help with a security policy issue
Please confirm that the tunnel interface is in the same zone as the other tunnels matching the destination zone in the security policy.
View ArticleRe: Help with a security policy issue
bingo this was my issue (tunnel interface in wrong zone)....thank you very much i really appreciate this assistance
View ArticleRe: Suddenly Azure VPN stopped working on our SSG5...
We have had the same issue on our SSG550M. Only recreating the tunnel at Azure's end fixed it.
View ArticleRe: Suddenly Azure VPN stopped working on our SSG5...
You seem to have DHCP IP on the Eth0/0, was there any IP change on this interface ? If Azure is expecting any certain IP for authentication and it's not matching then it will fail. Please check with...
View Articleunable to add read-only user
Hi all,My client is still using an old Netscreen 50 running 5.4 r24. Since we manage this device, we have agreed with the them that only we will have root access and that they can have read-only...
View ArticleRe: unable to add read-only user
Make sure you are logged in as the root user. Read/write will not be able to create users.
View ArticleRe: unable to add read-only user
Thanks rselbert. As you can see, I'm logged in at root level.
View ArticleRe: unable to add read-only user
Can you run the command "get admin user login"? "Get admin user" only displays the configured admin users. If you are logged in via external auth, it could be R/W.
View ArticleRe: unable to add read-only user
XXXFW01(M)-> get admin user loginNo. Name Vsys Date Time Source IP Addr Auth Type--- ---------- ---------- ---------- -------- ------- --------------- --------- 1 admin Root 2017-09-04 19:49:23 ssh...
View ArticleRe: unable to add read-only user
You are authenticated via RADIUS, so you probably have R/W and not root. You need to log in via the local admin account, or configure your firewall and RADIUS server to allow root login.
View ArticleRe: unable to add read-only user
According to this article https://kb.juniper.net/InfoCenter/index?page=content&id=KB5688Is it game over as far as this is concerned?
View ArticleRe: unable to add read-only user
Not necessarily. If the devices are in a cluster, you could disconnect the backup device so that it cannot reach the RADIUS server. This will allow you to log in via the local device.
View Article