Re: [j-nsp] Juniper SA SSL VPN static ip for user

2012-02-04 Thread Barny Sanchez
the suggestion from Jof is clever but it doesn't scale. I am afraid that you would require of an external device to help you accomplish this, such as using a Radius and Attribute Value Pairs (AVP) to send back to the SA the associated IP for an user (framed-ip-address) upon connection.

Re: [j-nsp] Juniper SRX and ssh freeze

2010-12-21 Thread Barny Sanchez
Yes it is supported in SRX, and you are right not supported in ScreenOS, it drops it. Thanks! - Barny On Dec 21, 2010, at 8:08 PM, Julien Goodwin jgood...@studio442.com.au wrote: On 22/12/10 04:53, Alfred Schweder wrote: Does SRX support ssh keepalive (like M- or J-serie)? SSGs drop the

Re: [j-nsp] SRX for MPLS

2010-10-21 Thread Barny Sanchez
://www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdf Thanks, Barny Sanchez Sr. Consulting Engineer, Security Products Solutions Juniper Networks On Oct 21, 2010, at 9:13 PM, Tim Eberhard wrote: I don't believe that's the case. You can do MPLS (I can't say I've ever done it, but I know

Re: [j-nsp] NSM, IDP200 and SRX240

2010-06-04 Thread Barny Sanchez
You will be fine running 2010.2 to manage both the IDP and the SRX. Thanks, Barny Sanchez | Consulting Engineer - Security Systems | Juniper Networks | voice: +1.774.318.9140 | bar...@juniper.netx-msg://47/bar...@juniper.net On Jun 4, 2010, at 1:26 PM, Crist Clark wrote: I was told

Re: [j-nsp] Logging default deny traffic on SSG-550?

2010-03-12 Thread Barny Sanchez
, as this will be dropped. So you would need to configure explicit intra-zone policies where needed. Thanks, Barny Sanchez | Consulting Engineer - Security Solutions | Juniper Networks | Direct: +1.774.318.9140 | bar...@juniper.net mailto:bar...@juniper.net (Message sent via my mobile device, sorry for any typos

Re: [j-nsp] ISG 1000

2010-03-07 Thread Barny Sanchez
Yes, no problems supporting all of this. Thanks, Barny Sanchez | Consulting Engineer - Security Solutions | Juniper Networks | Direct: +1.774.318.9140 | bar...@juniper.net mailto:bar...@juniper.net (Message sent via my mobile device, sorry for any typos and shortness of my response

Re: [j-nsp] DNS

2010-03-01 Thread Barny Sanchez
policy. This is the bare minimal things to check, but there are other problems to consider, such as: 1) NAT misconfiguration. 2) Routing missconfiguration. 3) Without knowing anyting more about your environment, could be a vsys problem (high-end firewalls). 4) VPNs involved? Thanks, Barny