Clik here to view.
Self-signed Certificates on NSRP Cluster
Hi! Our self-signed certificates on SSG320's have expired and I have generated new ones.While the new certificates are working fine (although the cipher suits are insanely outdated ) on the...
View ArticleRe: Self-signed Certificates on NSRP Cluster
When you select a new cert in management this is suppose to sync in the configuration to both devices. You should be able to manually force the config synce after selecting the new cert in mgmt if the...
View ArticleSSG140 maxed out at about 75MB when traffic shaping is turned on
All,I'm seeing an issue where simply turning on traffic shaping without any policy or bandwith configuration on the interface results in a max throughput of about 75MB. I have a 300mb internet...
View ArticleOSPF help with 'recv bad LSR from neighbor'
I'm trying to get OSPF over an IPSec tunnel between an SSG-20 and a Ubiquiti EdgeRouter. The tunnel is fine and works well with static routing, but OSPF is not working. They are exchanging OSPF data,...
View ArticleRe: OSPF help with 'recv bad LSR from neighbor'
Hi, Based on the logs you have:You recieved a OSPF DBD packet from 10.10.10.99 with "seq 0x81db7" & went from Exstart to Full state (MTU of 1436)Then there is NBR seqmismatch event, a bad one and...
View ArticleRe: OSPF help with 'recv bad LSR from neighbor'
Hi, Other than the MTU, SeqNumberMismatch as per RFC (section 10.3) says:https://tools.ietf.org/html/rfc2328#section-10.3 A Database Description packet has been received that either a) has an...
View ArticleRe: OSPF help with 'recv bad LSR from neighbor'
MTU is 1436 on both ends Connectivity is fine, the tunnel is fully functional with static routing.
View ArticleRe: OSPF help with 'recv bad LSR from neighbor'
Hi, The log indicates that we recieved the DBD with seq 0x81db7 from neighbor 10.10.10.99 flags are INIT, MORE & MASTER: ## 2018-03-30 22:34:31 : ospf: recv pkt on tunnel.9,...
View ArticleRe: SSG140 maxed out at about 75MB when traffic shaping is turned on
Hi Mark, I have seen it happening if it's not configured properly, I would recommend to keep it off if not using. Please follow the below KB and control the bandwidth on the correct ingress/egress...
View ArticleRe: SSG140 maxed out at about 75MB when traffic shaping is turned on
Thanks Vikas,Could you give me some insight into what may not be configured properly? I don't have any interface limits configured nor policies configured. If I simply turn on traffic shaping (set...
View Articlepurpose of bgroup
What is the use of bgroup for the interfaces? they work like link agg? I can't find a good guideline that explain this. any help?
View ArticleTranslating IP
Hello all, Please help me figure out how to create rule for my purpose. I would like to retranslate public IP to private IP when trying to connect to external IP from internal network. Let's say i...
View ArticleRe: purpose of bgroup
They are more like switch ports. You place interfaces into the bridge group (bgroup), then assign the IP/subnet to the group.
View ArticleRe: Translating IP
For the internal traffic you will need to use "u-turn" nat. the issue is that because the source and final nat destination are in the same subnet, the traffic is asymmetrical. the reply goes directly...
View ArticleModify the routing behavior of an SSG5-Serial firewall.
Folks,Presently we have configured VPN on a Juniper SSG5-Serial firewall. The default route this firewall gets is over it's Untrust Interface because the Untrust Interface receives an DHCP IP address....
View ArticleRe: Modify the routing behavior of an SSG5-Serial firewall.
Hi, Please try https://kb.juniper.net/InfoCenter/index?page=content&id=KB17943 , add the route tfor the VPN peer and others as per need. Thanks,Vikas
View ArticleNS5200 and MIP Problem
Hope someone can see what i am missing or doing wrong. My Scenario is the folowing, i have a NS5200 running on 6.3.0r25.0. It hangs of my Cisco Router via a port 2/1 and has an Address of...
View ArticleRe: NS5200 and MIP Problem
I have not done this in a long time but my recollection is that you write that policy based on the destination nat address and not the public address since the policy check comes after static and...
View ArticleRe: SSG550 Reboot 3-4 times per day :(
Did performing the unset on those two command lines resolved the issue. Have you experienced any more crashes. unset alg appleichat enableunset alg appleichat re-assembly enable
View ArticleHas SSG20 firewall implanted the NTP RFC standard
Dear all, at Honeywell we sell safety Systems. One of our customers is using the SSG20 firewall as an NTP server to synchronize the time with our safety system. Does the SSG20 firewall have the NTP RFC...
View Article