Possible to route traffic over VPN and public interface (same destination IPs)
Is it possible to configure the SSG FW to route traffic over the vpn tunnel and public interface from the same source ip subnet going to the same destination IPs for both the vpn tunnel and the public...
View ArticleRe: Possible to route traffic over VPN and public interface (same destination...
This is what policy based routing is for. Please see https://www.juniper.net/documentation/software/screenos/screenos6.3.0/630_ce_Routing.pdf chapter 6 (page 146).
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
Hi t-niiwa,What is the current status? Does the issue is resolved after tweaking the tcp-mss value?
View ArticleRe: Want to take backup of FW config automatically
Hi Folks,Some old thread which you may be interested with… https://forums.juniper.net/t5/ScreenOS-Firewalls-NOT-SRX/Want-to-take-backup-of-FW-config-automatically/td-p/274662
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
I adjusted the values of tcp-mss and vpn-tcp-mss, and the message decreased.And since last week, it ceased to appear.It seems that the problem has been resolved.
View ArticleRe: The message "fails to authenticate the packet." is repeatedly output
Hi t-niiwa Good to hear that...
View ArticleSSG 5
I need help,I already read the SSG5 cli guide, but i can't find.I need a command to SSG5 equivalent to command "show configuration" like another firewalls,to see the policies installed.
View ArticleRe: SSG 5
The equivalent of the "show" command is "get". I think the command you are looking for is "get conf"
View ArticleRe: SSG 5
ScreenOS is also not hierarchical in organization but flat file. The to view portions of the configuration you would use include instead of match. And you can use short versions of the commands with...
View ArticleRe: SSG5 problem after firmware update 6.3.0r24.0 (Firewall+VPN)
Hi there, I currently use a SSG-5-SH with a out of dated firmware (v 6.3.0R11). So I want to upgrade the firmware, the latest firmware available on your website is the version 6.3.0R24). I can find the...
View ArticleRe: SSG5 problem after firmware update 6.3.0r24.0 (Firewall+VPN)
Correction : I can NOT find the r24-B version, can someone please help me on this ? Seb1 wrote:Hi there, I currently use a SSG-5-SH with a out of dated firmware (v 6.3.0R11). So I want to upgrade the...
View ArticleRe: SSG5 problem after firmware update 6.3.0r24.0 (Firewall+VPN)
The "b" version was only needed for the ASIC based ScreenOS devices ISG and NS series. For the SSG series you can still use the original release.
View ArticleSSG140 - Two interfaces same external IP Range. Apply firewall rules to traffic.
Hi, we have a unused SSG140 on our datacenter. Without SSG140 we are working actually.Datacenter give us two ranges 200.x.x.x/24 and 100.x.x.x/24 and two gateways 200.x.x.1 and 100.x.x.1 on same...
View ArticleRe: SSG140 - Two interfaces same external IP Range. Apply firewall rules to...
The answer to my problem is Transparent Mode.Thanks
View ArticleRe: SSG140 - Two interfaces same external IP Range. Apply firewall rules to...
You do have two layer 3 subnets and broadcast domains. Note that transparent mode expects that it is being inserting into a single broadcast domain. So if you use the same device for both of these...
View ArticleRe: New release of NSSA - The Netscreen Session Analyzer
Does anybody still have a copy of this for Windows 7, desperately need this. email pbubu13 at gmail.com thanks, Paul
View ArticleRemove Parant Interface IP
Hello,I would like to remove ethernet0/3 IP - 133.133.233.233 of my running SSG which is running 6.3.0 now-----set interface ethernet0/3 ip 133.133.233.233/28set interface ethernet0/3 routeset...
View ArticleRe: Remove Parant Interface IP
You need to remove any NAT objects from eth0/3 first. You do not need to remove them from the sub interfaces. After that, you can remove the IP using "unset interface eth0/3 ip" followed by "unset...
View ArticleRe: Remove Parant Interface IP
1) I should remove those related policy first?Yes, policy releated to the interface should remove first.Then you can remove any address objects and the interfaceAfter the interface is removed you can...
View ArticleClik here to view.
Site-to-site policy-based VPN between Juniper GT5 and Cisco 841
I'm trying to create policy-based VPN connection between Cisco 841 and Netscreen-GT5, but IKE Phase-1 protpcol is not finished at GT5 side. GT5 log:## 2018-01-12 17:35:58 : IKE<39.110.248.241>...
View Article