Re: How to Block specific internal IP address.
Source address is : 192.168.1.48/24 The /24 mask means you are blocking the entire subnet. If you want to block just one host you will use /32 192.168.1.48/32
View ArticleRe: How to Block specific internal IP address.
"Source address is : 192.168.1.48/24 The /24 mask means you are blocking the entire subnet. If you want to block just one host you will use /32 192.168.1.48/32" You are a genius, Spulka. Big...
View ArticleRe: DNS A/AAAA no response from Proxy
Can you please collect snoop, along with the debugs collected earlier - for both success and failure cases? Recommended filters: snoop filter ip src-ip 8.8.8.8 src-port 53snoop filter ip src-ip 4.4.4.4...
View ArticleNetscreen MIP - nat exempt
Hello, If you configure a MIP on a netscreen. Is there any way to also override the 1 to 1 nat for specific policies? Thanks
View ArticleRe: DNS A/AAAA no response from Proxy
Hi, In the logs and captures we see A record and AAAA, both are coming almost at the same time and client is using the same source port to send these two DNS queries. then the DNS proxy debugs are...
View ArticleAutomatic Backup
How Can I create an automatic backup in ScreenOS without using an script?
View ArticleRe: Apple iPhone/iPad VPN to ScreenOS - now possible!
Hello Chris, I've have the same behavior with my SSG20 :- When using LAN (192.168.1.0/24) as destination in the policy, i'm not accessing to my LAN but I can access to the web.- When using single IP ou...
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
Unfortunately, it relapsed.It seems that it can not be solved by the previous method.
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
Is the VPN still up during the incident?
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
VPN is connected. It seems that there is a problem only in one-way communication. Office (A) Connection with SSG 140 ... (B) with VPN, "fails to authenticate the packet." Has not appeared Office (B)...
View Article5gt elastix SIP
Hi everybody We are configuring Juniper Netscreen 5GT to allow VoIP traffic via elastix PBX The Elastix PBX has local address 192.168.1.8, which I associated with its external IP, a.b.c.d by way of a...
View ArticleRe: 5gt elastix SIP
Have you tried enabling the SIP ALG? You need something that will handle translating to/from 192.168.1.101, as the mobile phone will try to connect to this IP. The SIP ALG will rewrite the...
View ArticleRe: 5gt elastix SIP
thx a lot from the conf shown above<unset alg sip enableset vip multi-port>already conf. thx
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
This does indicate a problem with the data quality making it through the tunnel. Since this seems to be triggered by large file transfers you can try to set a lower maximum segment size for the ssg on...
View ArticleRe: 5gt elastix SIP
You need the high ports for the audio signal. You can get these by adding that block to your vip if it will support such a large range Or turn back on the sip ALG and associate the SIP application...
View ArticleRe: 5gt elastix SIP
thx,would you mind show me how to turn back in policy. e.g.remove "unset alg sip enable"set policy id 6 from "Untrust" to "Trust" "Any" "192.168.1.8/32" "_SIP"orset policy id 6 from "Untrust" to...
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
Thank you very much.I set "set flow tcp - mss 1300". Also checked "set flow vpn - tcp - mss <number>" described in "KB6346". [ScreenOS] What does 'set flow all-tcp-mss' and 'set flow tcp-mss'...
View ArticleRe: 5gt elastix SIP
Something like this, you set your sip service and tell ScreenOS to use the SIP application. So the ALG will open the high ports for the calls. The SIP ALG needs to be on for this. set policy id 36...
View Article