11.1 release notes say that SRX supports the Pulse client. Reading the
release notes on the Pulse client doesn't give me the warm fuzzies,
though. And you wouldn't get anywhere near the level of control over the
device or connection as you would with an SA.
Glenn
On 4/24/11 3:14 PM, OBrien, Will
Under 10.2r3 (and 10.0), source NAT from the loopback doesn't work, so, if
you are trying to resolve public DNS, it will fail. I am not sure if this
has been fixed, if anyone has it working, I'd love to know how and what
version. JTAC's answer is, Disable default-address-selection.
Not trying to
Clarke,
Thanks for the examples.
My first thought was to build custom UUID applications, but I soon decided
that wasn't an option. MS can't even provide a accurate list of UUID's,
without going to the individual product teams. Managing the list, with MS'
almost whimsical approach to standards
suppose, are to go through all of our
DC's and define static RPC ports in the registry or setup IPSec sessions
between the servers.
Glenn
From: Scott T. Cameron routeh...@gmail.commailto:routeh...@gmail.com
Date: Sat, 2 Apr 2011 15:38:22 -0600
To: Glenn Krutsinger
gkrutsin
Hello all,
Is anyone running MS products through SRX firewalls? How are you getting RPC to
work? According to engineering, the ScreenOS ms-rpc-any isn't included in
JUNOS, although, I do see the ALG catching the info based off of endpoint
mapper sessions. Add to that the fact that MS changed
Hello Paul,
Thanks for sharing your findings. We also require full tunneling for our VPN
users, I'm not sure why the brains at Juniper are forcing split-tunneling for
client VPN on the SRX.
I am in the midst of configuring SRX firewalls to replace some SSG5's. Reading
up on the Dynamic VPN
Hello,
You will create a new MIP on the DMZ interface using an IP in the DMZ address
space.
If traffic is destined for the Untrust zone, the server will use the Untrust
MIP. If it routes to the DMZ, it will use the DMZ MIP.
Our old mail system used this design for OWA (Untrust) and SMTP relay
I would have to say no, since a MIP is a NAT built from Zone X to Zone Y. Not
to mention, the MIP on Untrust is in a different address space than the network
on the DMZ interface.
From: Kamal Dissanayaka [mailto:kamalas...@gmail.com]
Sent: Monday, June 07, 2010 8:37 AM
To: Glenn Krutsinger (GMC
Be wary of how you configure logging on the IDP as it can really hammer your
NSM server, both in CPU and log volume. We pointed our IDP to a SEIM system
(e.g. Qradar, STRM, etc). for log collection and analysis.
SRX management doesn't seem to be that resource intensive in NSM, I think 2008
9 matches
Mail list logo
