Clik here to view.
Re: Has SSG20 firewall implanted the NTP RFC standard
You will configure the NTP server settings in the web UI under: Configuration > Date/Time menu You can use ip address or DNS name if DNS is configured and working on the device.Source interface is...
View Articleroute based vpn - internal servers not reachable from outside
Hi All, I have a route based vpn. My peer IP is 198.1.1.1.Below is the configuration extracted from the firewall.tunnel.1 is associated with eth3/0 (wan).From remote network i can access firewall using...
View ArticleRe: route based vpn - internal servers not reachable from outside
Hi, I think you initiated a PING from 171.1.1.1 to 136.1.1.1 , this flow worked fine with but destination IP seems to be changing in the begining. Please check if you have any other D-nat which is...
View ArticleRe: route based vpn - internal servers not reachable from outside
As Vikas mentioned, you seem to be correct that a d-nat is occuring on the flow. I see you already looked at the MIP for the tunnel interface and assume it does not include this one but only the one...
View ArticleMoving away from SSG (ScreenOS) to SRX (JunOS): best way to proceed?
Our SSG install base is going EoL and we are planning moving to JunOS. I am in a typical small business environment with a large number of IPSec VPNs (~100).The SSGs are used to filter incoming...
View ArticleRe: Moving away from SSG (ScreenOS) to SRX (JunOS): best way to proceed?
I would connect the SSG and SRX as follows. SRX WAN to the upstream internet on their own address with the default route and the like setup. Create a routed link /31 or /30 between the SSG and the SRX...
View ArticleClik here to view.
SSG550 VIP: TCP connection all Reset.
We setup new server(192.168.53.47) in "Trust" zone with VIP to port 443 but all TCP connection(Untrust to Trust) was reset due to sequence number error (I analyzed from Wireshark), TCP connection was...
View ArticleRe: SSG550 VIP: TCP connection all Reset.
I have no choice but to move the host Server to DMZ zone and it works fine. But I still having this issue just for this CentOS, my another Windows Server is fine.
View ArticleClik here to view.
ISG2000 Login LDAP admin user issue
HI Friends,we have two ISG2000 firewalls in active/passive mode installed, Yesterday by mistake while creating a new user, we changed the admin user from NetScreen to new user jams, and this is only...
View ArticleClik here to view.
[HELP] - Firmware pdate SSG140
Good morning y'all,I've been entitled the management of our company server room and I'm now in the middle of reorgaanizing policies inside our firewall.It's a Juniper SSG140 and I just found out that...
View ArticleRe: [HELP] - Firmware pdate SSG140
On the Juniper support site go toCase manager > Create a caseSelect the "Admin Service" as the case type Provide all your information and request access to the the download pages that you need for...
View ArticleRe: ISG2000 Login LDAP admin user issue
You will need the authentication to go to local after LDAP the options are not pretty.Kill the network access path from the firewall to LDAP so it won't get a response and proceed to localtemporarily...
View ArticleRe: ISG2000 Login LDAP admin user issue
Thank you Mr Steve Puluka for your valuable comments, on passive firewall, we always use netscreen password, as its is not communicating with LDAP, and it should work for local, may be i have done some...
View ArticleRe: ISG2000 Login LDAP admin user issue
When you view the configuration from other ldap logins does the jams user change seem be in place? I assume the old user/password does not work.Does jams work on the secondary firewall with the default...
View ArticleDst IP session limit
Dst IP session limitThe log is full of this, where XXX.XXX.XX.XX is external DNS server, YY.YYY.YYY.YYY is my external ip, what happen? how to fix it? thanks.2018-05-14 11:15:44 crit Dst IP session...
View ArticleRe: Dst IP session limit
You are hitting the default dos filter limit for the screen function. If you are sure the traffic is legitimate then you can adjust the limits per your needs or turn off this particular screen....
View ArticleRe: SSG550 VIP: TCP connection all Reset.
Hi, Not really sure if you are hitting the bug exactly.For one, the issue is not zone dependent. So, moving to DMZ shouldn't be a fix. Next, I wouldn't expect ALG to modify anything in the SYN-ACK...
View ArticleRe: Dst IP session limit
thanks, but where i can view these sessions in details? as at the Home page > Resources Status > Sessions bar is in yellow colour
View ArticleRe: Dst IP session limit
When you hit the screen no session is created but the traffic is dropped instead. You need to evaluate the application running on that particular ip and make a judgement if these are legitimate...
View ArticleRe: Modify the routing behavior of an SSG5-Serial firewall.
Hey Vikas, sorry for the delay on this. However, this does not work as in our case the interface receives an IP from DHCP.Any other suggestion?
View Article
