Started 3 days, 3 hours ago (2009-11-27 08:31:00)
by muttbarker
OK - Dumb question time - did you configure the DMZ I/F to allow for ping?
Posts by:
day
week
month
|
||||||||||||||
|
Forum profile page for Firewalls on http://www.juniper.net.
This report page is the aggregated overview from a single forum: Firewalls, located on the Message Board at http://www.juniper.net.
This forum profile page summarizes the general forum statistics such as: Users Activity, Forum Activity, and Top Authors, which are reported in either a table or graph below for a given reporting time period.
Additional forum profile information for "Firewalls" on the Message Board at http://www.juniper.net is also shown in the following ways:
1) Latest Active Threads 2) Hot Threads for Last Week Warning: These statistics are generated using 'best efforts' and can experience delays and reporting errors at times. Please note that such statistics do not constitute a forum's popularity and/or exact posting volumes at any given reporting period. |
||||||||||||||
|
|
|||||||||||||
Posting activity on Firewalls:
|
Firewalls Posting activity graph: |
|||||||||||||
Top authors during last week: |
|
|||||||||||||
Latest active threads on Firewalls::
Started 6 days, 4 hours ago (2009-11-24 06:46:00)
by SSHSSH
yes , you are right in case of Dedicated management ports , you should give ecah of them a different ip
Thread:
Show this thread (4 posts)
Size: 120 bytes
Related Threads: Same Site | All Sites Customize: 
Started 3 days, 4 hours ago (2009-11-27 07:08:00)
by mehdi
hi dkrut i have met the same situation, last mounth, i have did that : I have dowload the config files for the both devic, after that i have opned it with winmerge application for editing the files , i have replaced only old ip address to new ip address for iterfaces untrust "IP ISP" and all mip and vip. and after that i compared the old file and a new file with Winmerge application. ...
Thread:
Show this thread (2 posts)
Size: 910 bytes
Related Threads: Same Site | All Sites Customize:
Started 3 days, 5 hours ago (2009-11-27 06:22:00)
by Diggers
The major difference is that the SRX will run on JUNOS
Started 3 months, 1 week ago (2009-08-19 17:44:00)
by firewall72
Hi, The only way I know to accomplish this is to move your egress interfaces to a single VR. For example, E1 would be in the trust-vr, E3 and E4 would be in the untrust-vr. You would then have a default route in the trust-vr that points to the untrust-vr and two default routes in the untrust-vr (via each ISP gateway). I've configured equal metrics across ISP's using ECMP and unequal metrics...
Thread:
Show this thread (9 posts)
Size: 847 bytes
Related Threads: Same Site | All Sites Customize:
Started 6 days, 4 hours ago (2009-11-24 06:57:00)
by yuvaraj
No, HA is working on L2, So Physical HA link is mandatory for High Availablity. You need one physical interface atleast to send control messages and sync RTO/configurations.
Thread:
Show this thread (3 posts)
Size: 203 bytes
Related Threads: Same Site | All Sites Customize:
Started 1 week ago (2009-11-22 19:40:00)
by ITSupport
I am also new to Junipers but I have learnt something in last few months. In your situation the traffic is not going out from TRUST to UNTRUST. As you mentioned you must check your route and policy configuration. You must have proper route and policy as below: ROUTE: FROM ----- TRUST LAN ------TO ---- UNTRUST ------VIA GE-0/0/1 POLICY: FROM ----- TRUST LAN TO UNTRUST --- ALLOW ...
Thread:
Show this thread (3 posts)
Size: 1,089 bytes
Related Threads: Same Site | All Sites Customize:
|
Hot threads for last week on Firewalls::
Started 5 days, 23 hours ago (2009-11-24 11:42:00)
by muttbarker
How did you create your whitelist URL's? Perhaps you have a problem with them. For example if you allow the following: www.facebook.com and then you try and go to the French version fr-fr.facebook.com you will fail. You have to wildcard your entries IE - *.facebook.com
Thread:
Show this thread (7 posts)
Size: 353 bytes
Related Threads: Same Site | All Sites Customize:
Started 1 week ago (2009-11-22 11:38:00)
by arizvi
Started 3 days, 3 hours ago (2009-11-27 08:31:00)
by muttbarker
OK - Dumb question time - did you configure the DMZ I/F to allow for ping?
Started 1 week ago (2009-11-22 14:50:00)
by contra
depending on your setup you could configure Bridge Groups set interface bgroup0 zone "untrust" set interface bgroup0 port ethernet0/1 set interface bgroup0 port ethernetx/x set interface bgroup0 port ethernetx/x set interface bgroup0 port ethernetx/x set interface bgroup0 port ethernetx/x
Thread:
Show this thread (5 posts)
Size: 379 bytes
Related Threads: Same Site | All Sites Customize:
Started 5 days, 23 hours ago (2009-11-24 11:47:00)
by muttbarker
At a high level you will need to do the following: 1- Create the NAT relationships - this is done on the outbound (untrusted) I/F. You have your choice between MIP, DIP and VIP entries. If you bring up the I/F you will see the options at the top of the page. Select one and then select the question mark in the upper right corner and you can get some nice help documentation on this. 2- You ...
Thread:
Show this thread (4 posts)
Size: 931 bytes
Related Threads: Same Site | All Sites Customize:
Started 6 days, 4 hours ago (2009-11-24 06:46:00)
by SSHSSH
yes , you are right in case of Dedicated management ports , you should give ecah of them a different ip
Thread:
Show this thread (4 posts)
Size: 120 bytes
Related Threads: Same Site | All Sites Customize:
Started 3 months, 1 week ago (2009-08-19 17:44:00)
by firewall72
Hi, The only way I know to accomplish this is to move your egress interfaces to a single VR. For example, E1 would be in the trust-vr, E3 and E4 would be in the untrust-vr. You would then have a default route in the trust-vr that points to the untrust-vr and two default routes in the untrust-vr (via each ISP gateway). I've configured equal metrics across ISP's using ECMP and unequal metrics...
Thread:
Show this thread (9 posts)
Size: 847 bytes
Related Threads: Same Site | All Sites Customize:
Started 1 week ago (2009-11-23 09:37:00)
by shadow
You need to make sure that your policy has the network address translation setup as well. From the CLI set policy from "DMZ" to "Untrust" "Any" "Any" "Any" nat src permit log save From the Web Gui Edit the rule you have already created, then click on advanced and make sure that source translation is checked with use egress interface IP. Then click okay and give it a try.
Thread:
Show this thread (3 posts)
Size: 473 bytes
Related Threads: Same Site | All Sites Customize:
Started 2 weeks, 4 days ago (2009-11-12 06:52:00)
by muttbarker
Yes - I have setup W2K8 for Radius Auth - it is similiar to W2K3 but you have to configure the "NPS" Network Policy Server for your radius setup. This is comparable to the W2K3 setup you would do under Internet Authentication Services. Add "Network Policy and Access Services" to your DC and then configure network ports, clients and policies under Server Manager -> Roles -> Network Policy and ...
Thread:
Show this thread (10 posts)
Size: 552 bytes
Related Threads: Same Site | All Sites Customize:
Started 6 days, 4 hours ago (2009-11-24 06:57:00)
by yuvaraj
No, HA is working on L2, So Physical HA link is mandatory for High Availablity. You need one physical interface atleast to send control messages and sync RTO/configurations.
Thread:
Show this thread (3 posts)
Size: 203 bytes
Related Threads: Same Site | All Sites Customize:
|
|||||||||||||
Home |
About Us |
Submit Your Site |
Update Your Site |
Get Search For Your Site |
Partners |
Contact |
Search Plugin |
Blog |
 |
Last Searches | Top Searches |
Designated brands and trademarks are property of their respective owners.
Use of this website constitutes acceptance of BoardReader's User Agreement and Privacy Policy.