Re: Port forwarding failing despite following KB4740 and three-step guide
I will run the commands and log the session later today. I am quite sure there is UDP traffic, though rarely. These are excerpts from the SSG5 log (there are more, just picked two at...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Hi , I will just again brief you about my understanding of the issue , Please correct me if I am wrong: Issue : The port forwarding configured on the interface e0/0 for the host (192.168.192.3) and...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
The messages are from the screen service that detects outside of normal volumes in various traffic and then supresses those further connections. If this is a false positive of legitimate traffic you...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
All scans I do don't show any UDP traffic coming in on the debug logs.I'm going to try to setup a VPS this week so I can run the wireshark capture. Will let you guys know when I have a succesfull log!
View ArticleClik here to view.
Re: Port forwarding failing despite following KB4740 and three-step guide
Hello Steve, Thanks for providing the clarity on the traffic flow .Ideally SSG FW should allow both the protocols (TCP and UDP) irrespective even though the traffic is for the same port and also...
View ArticleSSH Key Size-NS5200
I am looking for info on changing the ssh key size on a NS52000 to 2048, or is this even possible.Thanks
View ArticleRe: SSH Key Size-NS5200
Hi r24481, This is however partially possible, we have two key pairs for any SSH connection Host keys (firewall public and private key)User keys (client public and private key). It is possible to use...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Hopefully this will do it!
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Hi , I reviewed the debug files attached. I am not able to any UDP traffic on the FW. Did you get a chance to perform the packet capture on the port upstream to the device which can confirm that the...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Since getting the capture to work is proving more difficult than it seems, I'm starting to feel like the application/service is the problem rather than the FW forwarding traffic. I will be subtracting...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Running snoop on the SSG should get the same information on the ingress interface.https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411 It would be nice to get this in the queue for being...
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Hey Steve, it was more that I don't want to waste your & Rishi's time trying to fix something that might not be a big issue.I tried using snoop on the interface but don't get any UDP packages in...
View ArticleMultiple IPSEC VPN to Azure with ssg 140
I currently have a site-to-site IPsec vpn tunnel configured and working to Azure. I need to create a second site-to-site IPsec VPN tunnel to a different Azure gateway. I only have one public...
View ArticleRe: Multiple IPSEC VPN to Azure with ssg 140
Hi, I hope you have validated the working and non working configs on either side. What do you see in the get event? Thanks,Vikas
View ArticleRe: Port forwarding failing despite following KB4740 and three-step guide
Hey Steve, it was more that I don't want to waste your & Rishi's time trying to fix something that might not be a big issue. I tried using snoop on the interface but don't get any UDP packages in...
View ArticleAddress Objects in different Zones
Hi,Based on the below configuration, the address object "cms01" is referred in different zones.So my question is the address object is significant to the respective zones only or is it global ? set...
View ArticleRe: Address Objects in different Zones
Hi Rajesh, Though the names of the address objects are same, they are two different objects configured in two different Zones. The scope for each of the objet is limited to the respective zone in which...
View ArticleRe: New release of NSSA - The Netscreen Session Analyzer
Found it in this article - http://www.r33net.de/juniper-netscreen-sessions-analysieren/Download Link
View ArticleRe: New release of NSSA - The Netscreen Session Analyzer
Thanks for the link. That's fantastic. I don't have to convert from python to Windows package. I thought I had the latest, but I had 2.3.
View ArticleSSG20 Assistance with VPN Tunnel
We have been asked to create a VPN tunnel between a vendor and a site of ours. The vendor is claiming our internal address is already taken by another client. For arguments sake, we will say it is...
View Article