Monitoring (current bandwidth usage..)SSG FW interface
Hi I have SSG FW and want to moniotr interface traffic. on Junos, there is " monitor interface x " so we can see realtime traffic. I am wondering if SSG FW has any similar command that I can check....
View ArticleRe: Monitoring (current bandwidth usage..)SSG FW interface
There is not a way to do this in ScreenOS. You would have to look at the interface counters (get counter stat) and compare.
View ArticleSSG Group address modification
HiI would like to remove the one address from only group entry, leave the entry, what is best way to remove from group entry?1)set group address “inside” "SERVER” add "10.10.10.1”set group address...
View ArticleRe: SSG Group address modification
The command isunset group address “inside” "SERVER” remove "10.10.10.1" As for the quotes, all versions of ScreenOS should accept them.
View ArticleCheck if packet is hitting fw when troubleshooting for new policy
Hi When we add new policy and troubleshooting if something is not working as expected, i want to know if the packet is hitting FW.In Cisco ASA, there is gui monitoring logging is available so we know...
View ArticleRe: Check if packet is hitting fw when troubleshooting for new policy
You could create a global policy that is any any any deny and place that at the bottom of the policy table, then enable logging on that policy. The other options are debug flow basic with flow filters...
View ArticleAllow PING from Specific IP Address to Outside.
Juniper Screen OS. SSG5 v6.3 I am new to Juniper stuff. I have juniper firewalls that are pingable but I only want to allow specific IP Addresses to ping the Outside (Untrusted) interface from the...
View ArticleRe: Allow PING from Specific IP Address to Outside.
There is not a way to limit this. You either allow ping on the interface, which allows anyone to ping it, or disable ping on the interface, allowing no one to ping it.
View ArticleMultiple vlan from one zone to Multiple zone
HiI would like to confirm my understanding is correct. Now, let's say, i have 3 sub interface but it is belong to all the same zone and I want to divide three different zones.Config is quite straight...
View ArticleRe: Multiple vlan from one zone to Multiple zone
You will need to reverse 1 and 2. You need to create the zone before you can assign the subinterface to it. Other than that, you would need to change your MIP policy from untrust to (new zone). Also,...
View ArticleClik here to view.
Questions about the basic route settings(SSG-350M)
Model: ssg-350M Ienter themost basicsettingswith the CLII found astrange thingI've enteredthe default gateway of theuntrustI could not find it in the "get config" And as shown belowIfmore I can...
View ArticleRe: Questions about the basic route settings(SSG-350M)
The first screenshot shows a static entry that you created. Those are able to be deleted as they are part of the configuration. The second screenshot shows the default route as a connected route,...
View Articleinterface on vsys
We have an isg2000 with multiple sys. We have a need to add an additional vlan/subinterface to the trust side of the vsys.. Can I do this without interrupting current production on that interface?for...
View ArticleRe: interface on vsys
You can add the interface to the VSYS as long as you log into the root VSYS first, then enter into the VSYS. This wouldn't impact traffic.
View ArticleRe: interface on vsys
Thank you. If I use the GUI. and log into the vsys. Would I add a Sub-if? and add it to the trust interface? Event though there already is a sub-interface being used in production on that vsys. Thanks.
View ArticleRe: interface on vsys
Yes. You can have multiple sub interfaces on the same interface. From the GUI, click on the dropdown and select sub-IF, then click new. From there, select your interface, tag, zone and IP.
View ArticleRe: Questions about the basic route settings(SSG-350M)
Can I always get a cli script samples that make a normal state?
View ArticleRe: Questions about the basic route settings(SSG-350M)
In the first screen, I can not access the Internet. How Can I state from the first screen and second screen should be like?
View Article