Re: Multiple VPNs ( to Azure)
You can have one route based and the other policy based. Which VPN to use is determined by a route lookup. When traffic is initiated for the route based VPN, the route will point the traffic to a...
View ArticleRe: SSG320 Interfaces inaccessable
Hello, Here is the KB article for the configuration to send logs to external syslog server on ScreenOS devices. https://kb.juniper.net/InfoCenter/index?page=content&id=kb4759 Which ScreenOS version...
View Articlepolicy traffic shaping not working
I want to slow down the connection to youtube.com by using policy traffic shaping from Untrust to Trust zone. What I set: From Untrust 172.217.194.136/32 (youtube) to Trust any gbw 512 policy bandwidth...
View ArticleRe: policy traffic shaping not working
You have the policy in the wrong direction. Also, GBW means that you are reserving 512k for Youtube.
View ArticleRe: policy traffic shaping not working
Hello,Youtube has many addresses and they change depending on who You ask :-). Here is an example from where I am:C:\WINDOWS\system32>nslookup www.youtube.com. 8.8.8.8 Server:...
View ArticlePort forwarding failing despite following KB4740 and three-step guide
Hello all, I've tried setting up port forwarding through my SSG5 which I just acquired.I'm not an IT-er by trade, but an educator/teacher of mathematics & entry-level IT. I managed to set up port...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
added policies to allow traffic from modem's IP through SSG5 client IP to the PC, with specified services/ports specified.The policy should be from a source of any address not the address of the modem...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Thank you for your answer. That must be where I mixed up the two guides.I have updated the policies as per your instructions, however the ports still show as closed.I have attached my updated...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
The configuration looks good. What is the ip address on eth0/0 and how is any forwarding to that address done on your modem? You mention that it has a dhcp reservation, so I am wondering if this is...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
The modem has public external IP and DHCP server set in the 192.168.192 range, and eth0/0 gets 192.168.192.3 from the modem.On the modem I have set forwarding for the ports from external ip as...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
The configuration seems to be fine on the FW. We need to first confirm if the traffic is being sent to the FW or not and also if it is sent then why it getting failed, Can you please collect the below...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
I used telnet to access the SSG5 as I do not have a console set up.I was able to get the 'get tech' output, and set ffilter for traffic, however I got no output from the 'debug flow basic' command.Am I...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
I forgot to ask if you turned off "server auto detect" when you created the VIP forwarding ports. this requires that a ping test work before it will forward traffic and can take your vip offline in...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Allright, I ran the debug and got this as output. I hope it's enough, I can run the debug longer if needed.And I have indeed had the auto-detect turned off. EDIT: Additionally, I snooped the ports and...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
I think I see the error. Your custom service objects set BOTH the source and destination ports. You need to remove the source port restriction. They will be sourced from any random port but will...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
You are right indeed, the port now shows as open! Thank you both, for all the help and insight.I will go through all data again myself and make sure I understand why the errors occured, so I can fix...
View ArticleRe: boot loader, key image and OS....oh my --- SSG20 in constant boot-upgrade...
Apologies firstly for responding to an old post. We are however facing the same issue with ssg5ssg20.6.2.0r4-ef2.0 not being available for download anymore on the Juniper.net webpage. I dont suppose...
View ArticleRe: boot loader, key image and OS....oh my --- SSG20 in constant boot-upgrade...
You would need to contact JTAC.
View ArticleRe: boot loader, key image and OS....oh my --- SSG20 in constant boot-upgrade...
The screenos 6.2 step up version is still posted on the download site here. https://www.juniper.net/support/downloads/?p=ssg5 switch the selector from 6.3 to 6.2 and it is the only version showing.
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
TCP and UDP are separate service objects. When you create a service you are seleting both the protocol and the port. So fi you need both then you need to create two services.
View Article