SSG ScreenOs Upgrades
I have some SSG5, 20 & 140 firewalls to upgrade, all are currently running 6.2.0r5.0 & i am looking to go to version 6.3.0r21.0.To my knowledge, none of the existing firewalls currently have a...
View Articletwo default routes to the internet with failover...
dears, my device is SSG350is there any way to add two defualt routes towards the internet and if the first internet link went down it will automatically forward the trafiic using the second...
View ArticleRe: SSG ScreenOs Upgrades
I would recommend disabling DHCP server before upgrading, then reenable it after the upgrade. You do not need to upgrade the bootloaders on SSG devices, and should be able to upgrade directly to...
View ArticleRe: two default routes to the internet with failover...
You could unset VSD group 0 and set VSD group 1, then reconfigure the LAN to use VSD1 and the WAN side to use VSD 0. You would also be able to use track-ip on the WAN interfaces as well doing this.
View ArticleRe: SSG ScreenOs Upgrades
Hi Colin, 6.2r5 and 6.3r21 are signed with different image signing keys. So, you will have to either update or delete the key before upgrading to r21. Details here:...
View Article[ScreenOS] PBR setup for multi interfaces
Hi, I have a setup in which I need to direct some traffic to my static ADSL connection, yet direct the rest to the our fast VDSL. Device: NetScreen 25ethernet1: Trust (our subnet)ethernet2:...
View ArticleRe: [ScreenOS] PBR setup for multi interfaces
Hi Damien, Yes, you can leverage PBR here. 1. Create an extended ACL, with destination IP == the IP of the website2. Create a match group and add the ACL to this3. Create an action group, pointing to...
View ArticleConfiguring Route based VPN on 2 site but failed to access server on the same...
Hello Contributor/Expert and all members, I've a weird incident on my VPN configuration. Would appreciate if someone can contribute some knowledge and expertise. The scenario is: - Server in HQ need...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
It is probably a routing issue. Sounds like the server is probably sending the out a different path than what it came in on.
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi Rseibert,Thanks for your kind input.The routing issue at which site/router? Do i need to add routing at server? The server is using Windows server. Currently the server network card are pointing to...
View ArticleRe: [ScreenOS] PBR setup for multi interfaces
Thanks for that info. I eventually did it with static routes into the routing table. My initial problem is that both of the public interfaces were using PPPoE with dynamic IPs, so its default metric...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi, A simple test to narrow down on a routing isue would be to NAT the traffic before it leaves the SSG.On the policy that permits traffic from Site-B to the server, enable Src-NAT and use the SSGs...
View ArticleThe boot loader ISG2000 authentication issues
Hello.I have a question.I ISG2000. However, this does not run.I would like to know why.Thank you!! OS Loader File Name [Load1000v103.d]: Load2000v117.dSelf IP Address [192.168.1.1]: TFTP IP Address...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi Gokul, Thanks for your advice. Do i need to NAT the Untrust port? Or the port which facing the VPN tunnel (trust zone)? My config: port 0 (un-trust) and bgroup 0 (trust). I've enable the policy -...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi, Use the interface-IP that faces the server.In simple terms, on the policy that allows traffic From Remote To Server, enable Src-NAT, select 'use egress interface IP' option.
View ArticleRe: The boot loader ISG2000 authentication issues
Looks like image authentication issue. Most likey, your device has the old authentication key and you are trying to upload bootloader signed with the new key. If the device boots up with the old key,...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
The interface IP (bgroup 0-trust zone) which facing the server is in NAT mode. And I've enable the Src_NAT in the policy from remote (Site B trust Zone) to Server (Site A trust Zone) still no luck....
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi All, A heads up on the issue that I'm currently facing. If I do the traceroute from remote site to Site A, the SSG box at remote site can reached the LAN (bgroup-trust) IP. SSG140-> trace-route...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi, If NAT-ing did not resolve the problem, more likely it is not a routing issue on the server LAN. Does Site-A have the necessary policies to allow this traffic?If the config looks good, you can...
View ArticleNetscreen 25: VIP port forward failing after adding in second untrusted...
Hi, I had ADSL on one interface with VIP port fowarding to various servers which was working fine. I then added a VSDL on another interface, configured the routing table metric so this became the...
View Article