here Harri.
Hope this helps,
-Tim Eberhard
On Mon, Sep 9, 2013 at 9:16 AM, Harri Makela harri_mak...@yahoo.com wrote:
Hi There
I got following report from after the vulneraboility scanning. Now first
we don`t use IPv6 and secondly how we can check on Juniper that versio is
SSH 4
.
Thanks,
-Tim Eberhard
On Tue, Aug 13, 2013 at 8:37 AM, Franco Ghashehbaba
francogb...@gmail.comwrote:
Hello everyone,
I'm trying to get Flow Session Analyzer for Mac OS, I have been seeing lots
of link but at the end
I can not get it. Dose anyone has actual program so I can install
I gave a talk on this at the bajug2. There are a couple of ways to do this,
take a look at the slides from my talk. found here:
http://www.slideshare.net/timeberhard/tim-eberhard-bajug3talk
It also covers a tool I wrote to analyze the session tables and syslog
messages for top talkers.
Sure
There are two methods possible ways of doing this (to me).
1) Stand up two VPN tunnels and just have one down at all times. You would
use your existing configuration (assuming it's main mode) and just change
the source IP where you expect the VPN initiator to come from.
2) Change your existing
,
-Tim Eberhard
On Apr 27, 2013, at 10:14 AM, James Howlett jim.howl...@outlook.com wrote:
Hello,
I have a network build on J4350 and SRX240 and i need to upgrade. I was
thinking about switching two devices for SRX1400.
My network has 2 full bgp feeds and some peerings. We use about 150
you said you don't use already) but
those may not be an issue in your environment.
Hope this helps,
Tim Eberhard
On Apr 24, 2013, at 10:23 PM, Dale Shaw dale.shaw+j-...@gmail.com wrote:
Hi all,
This post relates to a previous post of mine on asymmetrically routed
UDP traffic:
https
is that critical you should have a lab to test this in.
Good luck,
-Tim Eberhard
On Fri, Mar 8, 2013 at 9:50 AM, Andy Litzinger
andy.litzin...@theplatform.com wrote:
We're evaluating SRX clusters as replacements for our aging ASAs FO pairs in
various places in our network including
12.3, right on time.
On Feb 2, 2013, at 1:40 PM, Paul Goyette pgoye...@juniper.net wrote:
12.3 has now been released.
Yes, there was a posting delay due to PSN-2013-01-823, but
posting is now complete.
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
I always thought the SRX240H was the memory upgraded version to the
240B (aka base). The 240H2 I believed has the memory upgrade and a
faster (possibly just overclocked?) processor.
Perhaps I am incorrect though. The H2 line is pretty new and I haven't
touched one yet to compare.
On Fri, Jan
That will *only* grab traffic to the control plane, not through the
interfaces. For what its worth.
-Tim Eberhard
On Tue, Dec 11, 2012 at 12:24 PM, 叶雨飞 sunyuc...@gmail.com wrote:
monitor traffic no-resolve interface x write-file xxx.pcap
or, if you prefer, simply start shell then tcpdump
proper TCP state is
always a good security practice.
-Tim EBerhard
On Mon, Nov 12, 2012 at 1:07 PM, Benny Amorsen benny+use...@amorsen.dk wrote:
Julien Goodwin jgood...@studio442.com.au writes:
Sadly SRX doesn't (or at least a few years ago didn't) consider TCP
keepalives sufficient to keep
tcp sessions with active TCP keepalives.
I've never had a problem where an application sent keepalives at a
rate greater than the default time out (say time out is 30 minutes,
keepalives are every 10 minutes). Then that session can last as long
as it wants. This is expected behavior.
-Tim Eberhard
. If you still doubt this feel free to
reference juniper's documentation.
http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-44055.html
-Tim Eberhard
On Mon, Nov 12, 2012 at 3:25 PM, Benny Amorsen benny+use...@amorsen.dk wrote:
Tim
High end SRX's support tap mode. Branch as far as I know do not.
http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-security/topic-45272.html
Hope this helps,
-Tim Eberhard
On Wed, Sep 12, 2012 at 10:33 AM, William McLendon wimcl...@gmail.com
.
Hope this helps,
Tim Eberhard
On Sep 8, 2012, at 7:28 AM, Mark Radabaugh m...@amplex.net wrote:
My suggestion would be a managed Ethernet switch on whichever side of the
J2350 that you can put it with a SPAN port to dump traffic to Wireshark. It
should be fairly easy to spot the offending
A quick search on that error message says it's a return routing issue.
http://kb.juniper.net/InfoCenter/index?page=contentid=KB21363cat=JUNOSactp=LIST
-Tim Eberhard
On Tue, Jun 26, 2012 at 8:03 AM, f...@flipstar.net f...@flipstar.net wrote:
Hey everybody,
I wonder if anybody is successfully
created for traffic dropped by a firewall filter.
I hope this helps,
-Tim Eberhard
On Mon, Jun 25, 2012 at 7:06 AM, Scott T. Cameron routeh...@gmail.com wrote:
On Mon, Jun 25, 2012 at 6:56 AM, Pavel Lunin plu...@senetsy.ru wrote:
This is exactly what happened. The session table filled up. One
haven't
already configured that.
Here is a quick link on how to set up routing on the back up SRX.
https://www.juniper.net/techpubs/en_US/junos/topics/reference/configuration-statement/backup-router-edit-system.html
Hope this helps,
-Tim Eberhard
On Tue, Jun 19, 2012 at 7:26 AM, Scott T. Cameron
than a year.
It's first release (re-release after being rewritten from scratch) was
11.4, most recently and greatly needed update is 12.1.
I hope this helps,
-Tim Eberhard
On Mon, Jun 11, 2012 at 6:52 PM, Patrick Dickey dickeypj...@yahoo.com wrote:
Morgan- I would take a good hard look at Junos
Ben,
let me introduce you to my little friend called the global address
book. Introduced in 11.4.
set security address-book global address p1 192.168.1.13/32
-Tim Eberhard
On Mon, Jun 11, 2012 at 7:04 PM, Ben Dale bd...@comlinx.com.au wrote:
What would really help though is if Junos allowed
Mixed mode is not supported on an srx.
For a layer 3 ip you have to use an irb interface. This is non-routable so it
may not be what you're looking for. It's used for management of the device
typically. At best it's an ip to ping.
On May 31, 2012, at 12:59 AM, Per Granath
hope this clears things up,
-Tim Eberhard
On Thu, May 31, 2012 at 9:05 AM, Per Granath per.gran...@gcc.com.cy wrote:
Flexible Ethernet services should be supported since 10.1.
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/release-notes/10.1/topic-42298.html
rare it does happen every now
and again depending on the ISP. As far as I know there hasn't been an
feature to tweak the TTL for dhcp discover requests.
I hope this helps,
-Tim Eberhard
On Mon, May 28, 2012 at 5:29 PM, Aaron Dewell aaron.dew...@gmail.com wrote:
Hi all,
I've been having
upon start up.
Hope this helps,
-Tim Eberhard
On Sat, May 5, 2012 at 7:51 AM, David Klein davidkl...@dhk.com wrote:
How do you disable IDP and UTM?
Thanks...
-David Klein
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net
If I recall correctly, I looked into this previously and found that
this was due to idp being enabled (which it is by default) but not
being used by policy. I want to say the fix to stop these
non-impacting albeit annoying log messages is to just disable IDP all
together.
Hope that helps,
-Tim
you'll be fine. If they need
to go from vlan 100 to 200 you'll need to do a vlan rewrite.
Hope this helps,
-Tim Eberhard
On Mon, Apr 9, 2012 at 7:06 AM, bruno bruno.juni...@gmail.com wrote:
i am running 11.4R1.6
root@R1# run show version
Hostname: R1
Model: srx210h
JUNOS Software Release
show version
Hostname: Lab-SRX240-11
Model: srx240h-poe
JUNOS Software Release [11.4R1.6]
Hope this helps,
-Tim Eberhard
On Tue, Mar 20, 2012 at 12:09 PM, Leigh Porter
leigh.por...@ukbroadband.com wrote:
From: Ben Dale [mailto:bd...@comlinx.com.au]
Hi Leigh,
On 20/03/2012, at 10:53 PM, Leigh
the 240. It's an amazing firewall
for the price. Stick to 10.4 or something in the 11.x code and you'll
be fine. I think you'll be shocked how stable and bug free it is after
hearing all the bad items on this list.
Good luck, hope this helps.
-Tim Eberhard
On Mon, Mar 5, 2012 at 5:28 PM, TCIS List
Srx's, assuming you're running in flow mode will not load balance as of today.
The forwarding table will show two routes, but it will only pick one.
This has been discussed here previously, a quick google search of ECMP and SRX
should help.
Good luck, sorry to give you the bad news..
Tim
on the roadmap to be supported,
then again I haven't seen much of the 12.x roadmap as of late. I would
talk to your SE about this if it's something you need to have to find
out if/when it will be supported and under what circumstances.
Good luck,
-Tim Eberhard
On Sat, Nov 19, 2011 at 8:26 PM
buy a couple of larger flash disks in bulk? Otherwise clean up the
file system, load the code from sftp/ftp/tftp and upgrade with
no-copy. That way you don't have to transfer it locally.
Hope this helps,
-Tim Eberhard
On Mon, Nov 7, 2011 at 8:18 AM, R. Benjamin Kessler
ben.kess...@zenetra.com
and a screenshot are all posted over on
sourceforge. : https://sourceforge.net/projects/nslg/
Feel free to let me know what you think if you use it.
Thanks,
-Tim Eberhard
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman
available upon request. Please let me know what you think and
if you find a bug let me know. This is the very first release.
Hopefully it helps some people out. Lots of folks have been emailing
me requesting it.
Thanks,
-Tim Eberhard
___
juniper-nsp mailing
I've noticed the same. Since 10.4r5 the dhcp client has issues. We
rollback code and it works without any problems. Same issues on 11.1
code. Fun stuff to troubleshoot.
-Tim Eberhard
On Wed, Oct 12, 2011 at 8:09 PM, Brent Jones br...@servuhome.net wrote:
On Wed, Oct 12, 2011 at 2:07 AM, martin
to spend some time
in the lab.
Thanks!
On Aug 27, 2011, at 3:02 AM, Tim Eberhard xmi...@gmail.com wrote:
ECMP doesn't work as of today in branch series SRX's if advanced
security features are enabled such as NAT, IDP, ALG's, and such. The
problem is with the flow module and where routing
. This is not ideal and I wouldn't ever
recommend it for a customer environment.
Best of luck. I hope the branch guys can get this fixed. ScreenOS has
been able to do this for a while. I'm told this may get addressed in
12.1 but nothing is official.
-Tim Eberhard
On Fri, Aug 26, 2011 at 10:33 AM
. :)
-Tim Eberhard
On Sat, Aug 27, 2011 at 12:22 PM, Daniel Daloia daniel.dal...@yahoo.com wrote:
If that's true then that's horrible news. The data sheet for the sex branch
series lines says that it can do ECMP, but says nothing about mixing it with
advanced services. This seems so trivial. Going
*some* useful information can be found here:
http://juniper.cluepon.net/Category:Hardware
Lots of big blank spots and lots of older information, but it's a good
start and about as good as you're going to get (as far as I know of)
without being an internal Juniper employee.
Good luck,
-Tim
Olives are great for these types of scripts. An olive vmware machine can be
hosted on anything and just be used for config verification.
Hope this helps,
-Tim Eberhard
On Jan 14, 2011, at 3:40 PM, Nvvk Brnn saveda...@gmail.com wrote:
Hi:
I have some perl scripts that generate Juniper
You can change the admin user netscreen to anything you want.
On Tue, Jan 4, 2011 at 3:46 PM, Deric Kwok deric.kwok2...@gmail.com wrote:
Hi
ls it possible to change / delete the default logon: netscree?
If yes, pls let me know
thanks
___
router and do MPLS but the MPLS router+firewall isn't possible.
security {
forwarding-options {
family {
mpls {
mode packet-based;
}
}
}
}
Hope this clears things up,
-Tim Eberhard
On Thu, Oct 21, 2010 at 9:59 PM, Jai
will never be as good through a vpn tunnel as not. With
IPSEC comes additional over head and packets in many cases will need to be
fragmented or the MTU made smaller. This is just a draw back of using an
IPSEC VPN.
I hope this helps,
-Tim Eberhard
On Wed, Sep 15, 2010 at 12:44 PM, Nick Ryce nick.r
It's always a wise choice to go with Jtacs recommended version of junos for
your platform.
-Tim Eberhard
On Aug 31, 2010, at 2:11 AM, Salik Mobin softc...@yahoo.com wrote:
Dear Fellows,
Can anyone suggest a stable Junos from 10.x trail?
TIA
Co-current sessions are 1.3.6.1.4.1.2636.3.39.1.12.1.2.0
As far as I know there is no OID for session set up rate or ramp rate.
Hope this helps,
-Tim Eberhard
On Sun, Aug 29, 2010 at 11:04 PM, matthew zeier mze...@gmail.com wrote:
Having trouble finding the OIDs to trend concurrent sessions
like you are describing. In 10.0 Juniper did a revamp of the vpn code/design
and things are greatly improved (but by no means bug free).
-Tim Eberhard
On Wed, Aug 18, 2010 at 10:34 AM, Fahad Khan fahad.k...@gmail.com wrote:
Dear Folks,
I am running various IPSEC VPN tunnels on SRX, but seeing
You could always run trackip on the SRX to monitor the path to the
switch. Pinging a L3 interface on the core switch itself.
Hope this helps
-Tim Eberhard
On May 26, 2010, at 6:27 AM, Fahad Khan fahad.k...@gmail.com wrote:
Dear Folks,
I am just shocked to know that IDP8200 does
/junos-security10.1/junos-security-swconfig-security/topic-43676.html
Hopefully this helps,
-Tim Eberhard
On Wed, May 26, 2010 at 7:27 AM, Fahad Khan fahad.k...@gmail.com wrote:
Ah! great... IP monitoring will work, I ll test it and see..
Thanks Scott.
Tim, can you explain how can we do Track
in the last hour.
These are permitted connections.
Hope this helps,
-Tim Eberhard
On Wed, Mar 24, 2010 at 7:39 AM, Ibariouen Khalid
ibariouen.kha...@ericsson.com wrote:
Hi all
Can someone tell me what's the meaning of the following output ?
Is it the number of sessions
a tool to analyze your session table that I wrote that
will tell you what kind of traffic you have passing through your firewall.
The tool is called NSSA (Netscreen Session Analyzer).
Hope this clears things up,
-Tim Eberhard
On Wed, Mar 24, 2010 at 7:53 AM, Ibariouen Khalid
ibariouen.kha
.
-Tim Eberhard
On Tue, Mar 23, 2010 at 7:21 AM, Fahad Khan fahad.k...@gmail.com wrote:
Seems to be looking some thing wrong with session table??
any one faced same thing with SRX650??
regards,
Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fa
-directionally ensuring any side can create
the session and that should fit your needs. Even if the session times out
with syn-checking disabled and it's permitted by policy it will be instantly
recreated with the next packet.
Hope this helps,
-Tim Eberhard
On Sat, Mar 6, 2010 at 3:34 AM, Michel de Nostredame
I just tried to update a JTAC case and I'm getting the same problem. So not
just your issue Paul. Hopefully it's resolved soon.
-Tim Eberhard
On Thu, Feb 25, 2010 at 8:04 AM, Paul Stewart p...@paulstewart.org wrote:
Hi folks - am I the only person having issues with Juniper's website
The first thing I would check is the logs. Do you see a rdp deamon problem
or anything along those lines?
On Mon, Oct 5, 2009 at 2:21 AM, Michael Dale md...@dalegroup.net wrote:
Hi All,
I'm having some issues with my SRX210 running JunOS 9.6
I'm using an SSG 20 ADSL mini-pim (which could be
Security line up that was released. The JNCIE-FWV did not cover
that in any form. I assume they are going to integrate the new OS and
platform into the test and then release it.. at least I hope they release
it.
Sorry I couldn't give you a decisive answer but hopefully this helps,
-Tim Eberhard
On Fri
or other such harmful things when using an external source such as
gegereka.
-Tim Eberhard
On Wed, Jul 15, 2009 at 3:48 AM, George gmb...@cellulant.com wrote:
Hello again.
Just to confirm the steps if they are correct:
1. download the firmware I want to upgrade to ie 5.2.0r2.0 (Do i get
it completely
segmented.
I am by no means a Vsys expert although I do have a a couple of 5400's that
have 300 or so on each. I can say I'm pretty happy with their capabilities
over all.
Good luck,
-Tim Eberhard
On Tue, Jul 14, 2009 at 9:09 PM, Clue Store cluest...@gmail.com wrote:
Hi List
from 5.0 to 5.4 going back shouldn't be much of a problem.
Good luck,
-Tim Eberhard
On Mon, Jul 13, 2009 at 7:12 AM, George gmb...@cellulant.com wrote:
Sorry guys,
The two firewalls are in completely two different networks and in no way
work together. The reason I mentioned the two
You configuration will remain after the upgrade/reboot.
Downgrading is the same process as upgrading as long as you're going from
say 5.2 to 5.0. Just load the 5.0 image and reboot. The 5.0 image is blown
away when you load the newer screenOS.
Good luck,
-Tim Eberhard
On Mon, Jul 13, 2009 at 11
instantly.
merging part 1000 lines via tftp takes just 10-15 seconds.
Good luck,
-Tim Eberhard
On Fri, Jun 26, 2009 at 6:52 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
All,
We have a (quite busy) netscreen 5400, which we occasionally need to make
big policy updates to. It goes very slow if we
the ALG's (application layer gateways). Again
if the end goal here is to use this device as a router, I agree with it.
If you're trying to use the security{} options as a firewall then do *not*
follow that KB.
Good luck,
-Tim Eberhard
On Mon, Apr 6, 2009 at 1:37 AM, t...@osystems.ru wrote
Leslie,
please issue the get perf cpu all detail command to see if which CPU is
going up. I suspect you're hitting an ALG or this is going to CPU for some
odd reason.
-Tim Eberhard
On Tue, Feb 10, 2009 at 1:46 PM, Leslie les...@craigslist.org wrote:
I'm having a strange problem that I haven't
Can you debug the traffic and send me the output?
'debug tag info' is sufficient.
On Wed, Feb 11, 2009 at 5:20 PM, Leslie les...@craigslist.org wrote:
It's always the flow cpu that spikes up
Tim Eberhard wrote:
Leslie,
please issue the get perf cpu all detail command to see if which CPU
=book_resultresnum=1ct=result
Good luck,
-Tim Eberhard
On Tue, Jan 27, 2009 at 4:40 PM, Andrew Jimmy go...@live.com wrote:
You are concerned about DoS attacks against a key perimeter router in your
company. Configure router so that it limits the aggregate rate of ARP
traffic toward the route processor to 75
I've also seen I wish this ran JunOS bumper sticker. That one was made by
a Juniper employee and the marketing dept made a few runs of those as well.
.
-Tim Eberhard
On Wed, Dec 10, 2008 at 6:28 PM, Aviva Garrett [EMAIL PROTECTED] wrote:
Juniper Marketing made them a while ago, so
Just as important..
To do a no shut on that port..
unset interface eth0/0 phy link-down
On Mon, Nov 10, 2008 at 4:23 AM, GIULIANO (UOL) [EMAIL PROTECTED]wrote:
For ethernet interfaces:
set interface eth0/0 phy link-down
Hello is it possible to shutdown an interface in screenos?
i
Juniperforum.com is a decent place to chat it up with other netscreen users.
-Tim Eberhard
On Mon, Oct 13, 2008 at 6:35 PM, Janet Sullivan [EMAIL PROTECTED] wrote:
It seems the old qorbit nn list is no more. Where do all the netscreen
types hang out these days? I don't see a netscreen
I've been playing with it for a while now. Looks sweet..
There are some JunOS-ES stuff I am not a fan of (The policy system needs a
*LOT* of work) however over all the product is there. I would love to hear
from others as they test/deploy it now that NDA is finally lifted..
-Tim Eberhard
On Mon
JunOS-ES is their new firewall platform. One could safely assume that this
is their new firewall platform (It'll be officially out next month).
Until the SRX all JunOS-ES firewalls have ran on lower end software based
devices (SSG-550M, J routers, etc)
Hope this clears it up slightly.
-Tim
68 matches
Mail list logo