Re: SSG -140 gig interface dropping when changed to 1000 full
Well the only two options you have is to set 1000 full and auto. Both don't work with the provider at 1000 full. Ask the provider to change to auto. Then set your side to auto and if that does not...
View ArticleClik here to view.
Re: Upgrade SSG550 failed
Dear Spukula, I have seen the Juniper official updload wrong image for SSG550M (it is SSG5_SSG20 version). Unbeliveve Another question, if i need upload to 6.2r5 so i will update key or not? Thanks
View ArticleRe: Upgrade SSG550 failed
To see if you already have the new signing key you use the cli command in the kb article and check. If the key is not updated you will need the new one for any current download.
View ArticleRe: Unable to come out of Firmware boot loader in ISG 1000 and unable to...
Hi, Can you please share the old loader version.I am also facing same issue.my mail id is viks.rwt111@gmail.com. i urgent
View ArticleRe: Unable to come out of Firmware boot loader in ISG 1000 and unable to...
You don't need old versions of the files for recovery. All the instructions needed to use the new files are in this kb article. https://kb.juniper.net/InfoCenter/index?page=content&id=TSB16495 If...
View ArticleSSG20 site to site dynamic vpn dont work issue
Dear All,i tired all senarios to make two SSG 20 to have site to site vpn using dynmaic ip address in site B, not no worthy. It works when both sites have fixed ip address but when Site B has dynamic...
View ArticleRe: SSG20 site to site dynamic vpn dont work issue
Site B has a private IP address. As such, this would need to be NAT'd, and requires NAT-T.Site B config:set ike gateway "sana_Dynamic" address 82.114.183.222 Aggr local-id "aden.com"...
View ArticleRe: SSG20 site to site dynamic vpn dont work issue
Thanks rseibert for your kind replay. the ethernet0/2 of site B is connected to adsl modem having dynmaic public ip address, so, shall i proceed with what you advise or switch to policy based vpn as...
View ArticleRe: SSG20 site to site dynamic vpn dont work issue
Route vs policy based doesn't matter for VPN establishment. You would need NAT-T enabled for both.
View ArticleRe: Cannot allocate SIP call because device is fielding too many calls,...
Hi (and Help !),I'm currently facing the same issue :-/According to previous given solution (above), I wish to increase the maximum number of SIP calls on the SSG5 device. I read it is possible to...
View ArticleRe: IKEv2 doesn't support ECDH
I know this is an old post. And I am facing this problem now.Is there any official announcement indicate that IKEv2 cannot be use in ScreenOS? If that's the case, why there is options for select DH 19...
View Articleslow Internet connection
Hi,My Internet connection is very slow, my provider is able to see many traffic that fill the bandwidth.On Juniper, Is it possible to have information about this traffic, (client IP, protocol, time...
View ArticleRe: IKEv2 doesn't support ECDH
DH 19 and 20 are supported with IKEv1, but not with IKEv2. This is why those options are available when creating P1 proposals, as the P1 proposals are not specific to the IKE version.
View ArticleRe: slow Internet connection
In the mgmt web interface on the ScreenOS firewall you will want to look at the logs for the trust to untrust policy. Menu: Policy > Policieson the list find the trust to untrust sectionIn the...
View ArticleRe: slow Internet connection
Depending on the device type, you can run a few things. If it is an SSG, then you can use the following. set pps. -- Turns on packets per second countingget pps -- Displays information You can also do...
View ArticleVPN tunnel going up and down (how to check if ISP has block ESP traffic)
Found this KB https://kb.juniper.net/InfoCenter/index?page=content&id=KB9488&actp=METADATA.At step 4. The VPN become stable after disabled Monitor.If I am not go to ask the ISP (or they don't...
View ArticleRe: VPN tunnel going up and down (how to check if ISP has block ESP traffic)
Hi, 1: How frequent VPN flaps ? Does the peer device support the VPN monitoring, what device is that ? https://kb.juniper.net/InfoCenter/index?page=content&id=KB39882: Each ESP packet will have...
View ArticleRe: VPN tunnel going up and down (how to check if ISP has block ESP traffic)
Hello vikassingh,1. The ScreenOS version is 6.3.0r13.0. The peer device is Palo Alto PA-820. Is there any list show which firewall support VPN monitoring with Juniper firewall?2. I've no idea about ESP...
View ArticleRe: VPN tunnel going up and down (how to check if ISP has block ESP traffic)
Hi, If everything is stable without VPN monitor then mostly it's not an issue with the ISP. In my previous KB it explains how VPN monitoring work. By default the feature will work only if you have VPN...
View ArticleRe: VPN tunnel going up and down (how to check if ISP has block ESP traffic)
Hello vikassingh,Will try add proxy-id at both side to see if that work. If still fail, I think I am going to give up as the KB said VPN monitoring is not design for non-Juniper device.
View Article