Tag Archives: Juniper NSM

Juniper ScreenOS DHCP Relay featured image

Juniper ScreenOS DHCP Relay: “Use Interface as Source IP for VPN”

I had strange looking DHCP packets in my network as I tested around with DHCP relays on the Juniper SSG firewall. Some packets were blocked and I didn’t know why. After some troubleshooting it was clear that the checkmark “Use xy Zone Interface as Source IP for VPN” has a big impact in all environments even without the usage of a VPN!

Continue reading Juniper ScreenOS DHCP Relay: “Use Interface as Source IP for VPN”

Juniper SSG NSRP featured image

Juniper ScreenOS NSRP: Configuration via GUI, NSM, and CLI

Short step-by-step screenshot guide for an initial configuration of NSRP of two Juniper ScreenOS firewalls, such as the SSGs. One screenshot pack for the https GUI and another one for the Network and Security Manager (NSM) since I am always searching for the positions of the commands on it. Finally, I am listing the appropriate CLI commands.

Continue reading Juniper ScreenOS NSRP: Configuration via GUI, NSM, and CLI

Juniper-ScreenOS-autocorrect-Route-Entry

Juniper ScreenOS Firewall autocorrects Route Entries

I was a bit confused today as I saw a “wrong” route entry in the config of an SSG firewall. The route had not the correct “network/netmask” notation but a “host-address/netmask-of-the-network” notation. However, the SSG autocorrected this false route entry to the correct subnet id in its routing table.

Continue reading Juniper ScreenOS Firewall autocorrects Route Entries

Ausrufezeichen-Attack-DB-Member

Juniper NSM: Exclamation Mark due to Attack Database Version Mismatch

Short and very specific notice: How to remove the exclamation marks on the Juniper NSM device list for firewalls that have an outdated attack database version. This happens if the license for the deep inspection expires and the device still has an old sigpack version. Since the NSM later on has newer ones, it marks the firewall with a yellow symbol. To have a consistent “green” view of all firewalls, the following steps can be done to remove the exclamation mark.

Continue reading Juniper NSM: Exclamation Mark due to Attack Database Version Mismatch