Would you interpret it?
SSG320M-> set inter vlan1 gateway 1.1.1.1Gateway ip cannot be set on this interface. To add default-route, use"set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 1.1.1.1" Can you...
View ArticleSSG-140 Block/Deny By Country
I have a SSG-140 and I have reached the "Max Address Book Entries". Is there a way to block by country or whitelist by country? For example, on my Linux rigs I can create a whitelist.txt with the...
View Articlealarm LED light on SSG140 wont turn off
Hi, the alarm light on our SSG140 is not turning off. we have already clear the alarm and events and nothing is showing anymore on the CLI and home page of WebUI, and we already rebooted the firewall,...
View ArticleJuniper CIO Response to unauthorized code in ScreenOS
Juniper Networks CIO responds to recent unauthorized code in ScreenOS VPN and Authentication. Explains how they confirmed that Junos does not have the issue and what further remediation will occur in...
View ArticleProxy ARP and DIP configuration on SSG Firewall
Hello, I'm having a few issues setting up proxy ARP and DIP on a SSG firewall - (Error message is attached) It is complaining about the fact the interface has an IP in a different subnet than the proxy...
View ArticleClik here to view.
Originally ScreenOS does not support 3389 ??
Hello all, I have a SSG-320M. I'm wondering why ScreenOS does not support MS-WEB-SERVER(3389)?So, I had no choice but to add portnumber 3389 by force by using "service custom tap". Like below, I...
View Articlehow to read the get session command output
>get session alloc 176/max 128000, alloc failed 0, di alloc failed 0 id 25599/s**,vsys 0,flag 00000040/0000/00,policy 1,time 6, dip...
View ArticleNeed Some help with a BGP Config.
I have a config working on Junos and it is as below. I don't know bgp on the screen os boxes well enough to get the same thing working there. basically I will get a bgp peer take all routes they...
View ArticleClik here to view.
HA configuration, the reason as alarm event ?
Hello all,I'm configuring HA while seeing the site : http://kb.juniper.net/InfoCenter/index?page=content&id=KB6015&actp=searchHowever, after configuring HA, I figured out the both...
View ArticleOSPF configuration
Hi all I have a question. I have 3 sites (SiteA, SiteB and SiteC). All these sites are connected with an MPLS. On ecah site, I have : dedicated firewall to protect Internet access, Juniper SSG320 to...
View ArticleHA configuration, Active-Active or Active-Passive?
Hello all, I have 2 questions.First, how can I know Active-Active or Active-Passive status? Second, What is the difference primary backup and backup?(By any chance, primary backup == backup?)...
View ArticleInitiate IPsec S2S VPN via L2TP IPsec W7 client
HiWe own a ssg350M that host about 50 IPSEC S2S tunnel. I have setup a L2TP/IPSEC tunnel(policy base VPN) with certificate(W7 client) to the same firewall so the question is the following. Is the...
View ArticleTelnet command to test port open at the other end.
ssg20-tbtafw-> telnet 172.28.224.35 1521 ^---------unknown keyword telnetssg20-tbtafw-> My SSG20 does not have telnet on it. Do you know away to do like this in SSG20? Thanks Loc
View ArticleClik here to view.
Where is the issue?
Hi, Could you help to tell where the issue is? From my PC (10.0.0.92) i can ping 172.28.224.249 well. But i can not access to port 1521 to the address. Log file on the FW: If you need more...
View ArticleNAT DIP
set policy id 43 from "Trust" to "Untrust" "10.167.16.0/23" "10.115.115.0/24" "ANY" nat src dip-id 6 dst ip 172.28.225.0 172.28.225.255 permit log set policy id 43set log session-initexit Could you...
View ArticleClik here to view.
Send Internet and Several Subnets down tunnel to hub, but not local traffic.
Hi, I could really use a hand on this please. I'm sure some of you guru's must have run into this Hub: SSG140Spoke1: SSG5The Problem tunnel (Spoke1) uses tunnel.1 for it's default gateway, unumbered...
View ArticleClik here to view.
SSG20, command line to move rules
I need to move rule 67 to be above rule 2. Could you suggest the command line to do it ? Thanks Loc
View ArticleClik here to view.
Can the traffic flows well without NAT?
Hello, I'm so shocked because I just saw the weird situation. First of all, plz see the below catured picture. To sum up,1. I configured HA configuration between SSG-140 deivces.2. I configured IP...
View Articlepacket loss inside VPN tunnel, but not on outside between the two SSG's
I am having an awfull few days, can not get my head around this problem.I have a VPN tunnel between an SSG140 and a SSG5, the SSG140 is in Belgium, the SSG5 is in Hong Kong.People in the Hong Kong...
View ArticleClik here to view.
Unable to access MIP
Hi All, I've configured a MIP on Untrust Interface and created a policy as below. However I'm unable to access it from outside. This was working all while until last week when we changes the ISP to a...
View Article