On 9/20/2011 7:25 AM, Phil Mayers wrote:
On 20/09/11 11:07, Stephan Tesch wrote:
On Tue, 20 Sep 2011 08:31:33 +0100, Phil Mayers wrote:
'unset flow tcp-syn-check' is what you want but unfortunately it is a
global setting, so all or nothing...
Are you sure? I don't think that's what he wants;
On 20/09/11 11:07, Stephan Tesch wrote:
On Tue, 20 Sep 2011 08:31:33 +0100, Phil Mayers wrote:
'unset flow tcp-syn-check' is what you want but unfortunately it is a
global setting, so all or nothing...
Are you sure? I don't think that's what he wants; as suggested by the
name, this relaxes th
On 20/09/11 11:27, Josh Farrelly wrote:
Hi there.
Removing this option seems to have solved our issue.
In which case I'm happy to be wrong!
Glad you solved it.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/
: Re: [j-nsp] Netscreen Firewalls and TCP States/Bypass
On 09/20/2011 04:06 AM, Stefan Fouant wrote:
> 'unset flow tcp-syn-check' is what you want but unfortunately it is a
global setting, so all or nothing...
Are you sure? I don't think that's what he wants; as suggested by
On Tue, 20 Sep 2011 08:31:33 +0100, Phil Mayers wrote:
'unset flow tcp-syn-check' is what you want but unfortunately it is
a global setting, so all or nothing...
Are you sure? I don't think that's what he wants; as suggested by the
name, this relaxes the requirement for the 1st packet to be a
On 09/20/2011 04:06 AM, Stefan Fouant wrote:
'unset flow tcp-syn-check' is what you want but unfortunately it is a global
setting, so all or nothing...
Are you sure? I don't think that's what he wants; as suggested by the
name, this relaxes the requirement for the 1st packet to be a
syn/syn+
'unset flow tcp-syn-check' is what you want but unfortunately it is a global
setting, so all or nothing...
You can issue a 'get flow' after the configuration change to verify the
behavior.
Stefan Fouant
JNCIE-M, JNCIE-ER, JNCIE-SEC, JNCI
Technical Trainer, Juniper Networks
Follow us on Twitter
Hi all
Does anyone know whether the Juniper Netscreen SSG20, running:
Hardware Version: 710(0)
Firmware Version: 6.1.0r2.0 (Firewall+VPN)
Has any ability to bypass the checking of TCP states for certain
interfaces/hosts?
I have a situation where we have one configured in a topology
8 matches
Mail list logo