Re: unable to add read-only user
Considering that this is a production device, I would like to avoid any disruptive config and only have it as a last resort. given my 'admin' config:XXXFW01(M)-> get conf | inc admin set auth-server...
View ArticleRe: unable to add read-only user
You have "set admin privilege read-write." This means anyone authenticated via RADIUS will have read-write. ssg5-serial-wlan-> set admin auth remote ?root remote ROOT privileged...
View ArticleRe: unable to add read-only user
I really haven't figured how to make that config on the Radius server yet. Will I get the same results if I try this instead: "set admin auth server "Local" ?
View ArticleRe: unable to add read-only user
If you set "set admin auth server local" you would only have local authentication. However, this command has to be ran as the root user. R/W users are not allowed to change this.
View ArticleIs it ISG2000 support mix mode setup?
Hi All, Kindly need some clarification whether the ISG2000 (cluster) support the Mix mode(L3/L2) setup. When look the KB it conflict between this kb. KB4263 said support mix mode but KB27831 said not...
View ArticleRe: Is it ISG2000 support mix mode setup?
Hi, L2/L3 mixed mode is not supported. Thanks,Vikas
View ArticleSSG5 - Package dropping
We have a SSG5 as a perimeter firewall to the Internet... recently we started experiencing problems where we would loose packages to the Internet, all of a sudden, without any apparent reason, making...
View ArticleRe: SSG5 - Package dropping
Could you please provide a debug and snoop during the issue. https://kb.juniper.net/InfoCenter/index?page=content&id=KB23844#basicdebug
View ArticleRe: SSG5 - Package dropping
Are you able to log into the SSG5 during the incident? Do the policy logs for internet access show hits during the incident? Do you have monitoring in place that can tell what the cpu utilization and...
View ArticleRe: SSG5 - Package dropping
Are you able to log into the SSG5 during the incident?- Yes, but logs don't show anything related to the package loss.Do the policy logs for internet access show hits during the incident?- Nope. I'll...
View ArticleRe: SSG5 - Package dropping
Hi there folks, I did set the debug/snoop commands and re-routed the Internet to the local link; I also re-setted the interface with the local ISP to mode ROUTE, instead of NAT (as configured before)....
View ArticleRe: SSG5 - Package dropping
You will need to run snoop and debugs while the issue is occurring. By default, as soon as any administrator exits the firewall all debugs and snoops are turned off.
View ArticleRe: SSG5 - Package dropping
Do the policy logs for internet access show hits during the incident?- Nope. I'll follow the suggestion to run a debug/snoop, but for that I'll have to re-route the default route to the local link and...
View ArticleRe: SSG5 - Package dropping
Guys, It happened again, as I suspected, since no one commented on the theory of the interface mode set to NAT instead of ROUTE...This time I managed to run debug/snoop captures before switching to...
View ArticleRe: SSG5 - Package dropping
Do you need to NAT the traffic? Per the debugs, the traffic is sent out of the firewall, response is received by the firewall and sent out to a Dell.
View ArticleRe: SSG5 - Package dropping
As rseibert notes, the debugs show there is no nat on the traffic. You mention that the SSG is uing interface nat mode instead of route mode. I don't remember if that shows up in the debug or not....
View ArticleHaving a problem SSG5 with polycom HDX6000
Hi all, I have configured SSG5 for VC polycom HDX6000.I can call to some the remote side (I can see and hear any thing from them).But for the only one remote side I cannot see and hear from them.at the...
View ArticleRe: Having a problem SSG5 with polycom HDX6000
Hi, Only one site is not worklin, you can see incoming call and the site can't see hea anything. Sounds like an issue with the RTP channle communication issue at the remote session. You need to take...
View ArticleRe: Having a problem SSG5 with polycom HDX6000
HI vikassingh, I am not familar for Juniper product that using CLI to find out reason.so do you have any more sugguestion with easy way to find out.if the reason of trouble come from the remote...
View ArticleRe: Having a problem SSG5 with polycom HDX6000
Just want to make sure I understand the descripton correctly. You are saying you contact multiple remote sites via the polycom calls and only ONE remote site shows the issue. What are the differences...
View Article