Modify the routing behavior of an SSG5-Serial firewall.
Folks,Presently we have configured VPN on a Juniper SSG5-Serial firewall. The default route this firewall gets is over it's Untrust Interface because the Untrust Interface receives an DHCP IP address....
View ArticleNS5200 and MIP Problem
Hope someone can see what i am missing or doing wrong. My Scenario is the folowing, i have a NS5200 running on 6.3.0r25.0. It hangs of my Cisco Router via a port 2/1 and has an Address of...
View ArticleHas SSG20 firewall implanted the NTP RFC standard
Dear all, at Honeywell we sell safety Systems. One of our customers is using the SSG20 firewall as an NTP server to synchronize the time with our safety system. Does the SSG20 firewall have the NTP RFC...
View Articleroute based vpn - internal servers not reachable from outside
Hi All, I have a route based vpn. My peer IP is 198.1.1.1.Below is the configuration extracted from the firewall.tunnel.1 is associated with eth3/0 (wan).From remote network i can access firewall using...
View ArticleMoving away from SSG (ScreenOS) to SRX (JunOS): best way to proceed?
Our SSG install base is going EoL and we are planning moving to JunOS. I am in a typical small business environment with a large number of IPSec VPNs (~100).The SSGs are used to filter incoming...
View ArticleClik here to view.
SSG550 VIP: TCP connection all Reset.
We setup new server(192.168.53.47) in "Trust" zone with VIP to port 443 but all TCP connection(Untrust to Trust) was reset due to sequence number error (I analyzed from Wireshark), TCP connection was...
View ArticleClik here to view.
ISG2000 Login LDAP admin user issue
HI Friends,we have two ISG2000 firewalls in active/passive mode installed, Yesterday by mistake while creating a new user, we changed the admin user from NetScreen to new user jams, and this is only...
View ArticleClik here to view.
[HELP] - Firmware pdate SSG140
Good morning y'all,I've been entitled the management of our company server room and I'm now in the middle of reorgaanizing policies inside our firewall.It's a Juniper SSG140 and I just found out that...
View ArticleDst IP session limit
Dst IP session limitThe log is full of this, where XXX.XXX.XX.XX is external DNS server, YY.YYY.YYY.YYY is my external ip, what happen? how to fix it? thanks.2018-05-14 11:15:44 crit Dst IP session...
View ArticleNetscreen SSG140 and TACACS.net Authorization
Hello Guys, I am setting up TACACS for admin login but having some issue to get pass through the authorization via TACACS server. I dont have any idea how to configure the "authorization.xml" in the...
View ArticleSSG320 Interfaces inaccessable
Hello - I have a SSG320 running version 6.3.0 r25. A few months ago the device stopped passing traffic. I was unable to ping interfaces and the console port was frozen. Lights looked normal with the...
View Articlehigh cpu - ip spoofing on mgmt int
I have high cpu on a netscreen isg-2000. Juniper is saying it could be due to ipspoofing that is on the mgmt interface. Im not sure as the ipspoofing events have been happening for a while now.. but...
View ArticleHelp Updating and Securing a SSG 5
I have been using a Netscreen SSG-5 firewall for my home office since 2009. It has been a few years since I updated the firmware or configuration and I need some advice/help. I recently received an...
View ArticleChassis Environment ssg 550
Hello,in our network we have over 100 firewalls, divided between SSG-320M and SSG-550M, with ScreenOS and Software Version: 6.3.0r21.0.These firewalls are clustered in pairs and having to change one of...
View ArticleNetscreen route based vpn phase 1
Hi,I am trying to setup a new VPN, without giving complete segments in the routes.My goal is to first make the phase 1 up, but it tries to establish for 40 secs and then it goes idel for 10 secs.I...
View ArticleClik here to view.
ssg debug explanation
Hi,I am able to ping to this destination over VPN and VPN is configured in my SSG firewall.I would like to know the debug analysis like after the packet goes to eth3/3 i do not see the message which...
View ArticleMultiple VPNs ( to Azure)
Hello,We have existing site-to-site IPsec tunnel from our on-prem gateway (Juniper SSG320) to Azure cloud gateway, it is a policy-based VPN. We would like to create a new VPN tunnel, this time a...
View Articlepolicy traffic shaping not working
I want to slow down the connection to youtube.com by using policy traffic shaping from Untrust to Trust zone. What I set: From Untrust 172.217.194.136/32 (youtube) to Trust any gbw 512 policy bandwidth...
View ArticlePort forwarding failing despite following KB4740 and three-step guide
Hello all, I've tried setting up port forwarding through my SSG5 which I just acquired.I'm not an IT-er by trade, but an educator/teacher of mathematics & entry-level IT. I managed to set up port...
View Article