I am tried of not finding a good documentation on now to configure netscreen-25 firewall.
This is the current setup;
Ethernet Drop -> Netscreen (connected via straight RJ-45)
NetScreen -> Switch (Connected via cross-over cable)
This is the what I want to be able to do...
I am assigned a 76.36.57.32/27 subnet
Netmask 255.255.255.224
Gateway 76.36.57.33
1) Make Netscreen accessible via IP 76.36.57.34 for remote management.
2) I dont want netscreen to assign IPs for my wired devices because I've already set all their IPs and those are the ones I want to use.
Now, I did read the manual [url] and went to Network -> Interfaces -> Ethernet 1 Trust *edit* and in the "IP address" box I typed 76.36.57.34 and netmask "/27".
In the "Manage IP" box, I typed 76.36.57.39/27 according to the manual.
After doing all that, I cant access any of my "wired" devices behind firewall and neither can I access the firewall itself with the IP I assigned.
I've been looking at these two Firewalls for a quite some time and I am not sure which one I should go with. Price is not a factor since both are around the same price range.
The firewall is going to be in between my DROP and LAYER3 Switch.
So...FastE -> Firewall -> Layer3
As you can see, I dont want any fancy VLAN stuff or anything like that since my switch can take care of all that. I just want a firewall which is easy to configure and manage and has DDoS protection built-in.
If you have any other hardware based firewalls in the price range of ASA 5505 and Netscreen 5GT then I would want to hear about those as well.
I have two netscreen 25 firewalls linked together via an ethernet cable.
If I connect the ethernet cable to switches I get around 90Mbps. However, if I connect the firewalls together I barely get more than 30Mbps (25Mbps average using iperf). All rules are set to talk to each other and the setup works, but I don't understand where the speed has gone.
The firewall ports and firewall performance per port is rated at 100Mbps and there is little traffic on the other network ports. I have both interfaces set to auto neg duplex as if set to 100 full I get even worse performance.
We're thinking about purchasing the firebox x750e. Any experience with these? I see a lot of negative feedback on the x500 series but could not find anything on the x700s.
Does the watchguard, netscreen, and sonticwall firewalls all require an annual renewal fee?
I see some x700s on ebay for under $500. What's bad about buying these used ones?
I need to protect about 80 servers from certain attacks some of them are being victim of. Altogether, these servers use about 200Mbps being almost all of them webservers. The last time, one of them was a victim of a DDoS attack which made all the rest get some packet loss (because this attack was consuming all the bandwidth we had available).
I was looking at Juniper solutions, however I get a bit confused with all the products they have to offer. First, I was looking at IDP series, but they seem a bit pricey and I believe I donīt need all those IDP functions those devices are capable of. NetScreen is also too expensive for me. Iīm looking at a budget of 10.000$ aprox.
I found SRX series and after taking a look at SRX240 and SRX650 specs [url] those firewall numbers seem very nice and perfect for my problem. Would this be a wise choice? This device would act also as the main router for our racks. Please let me know if there are other recommendations that fit the specified budget (10K).
Can anyone give any real world numbers as to what each model of the Juniper-J series router is capable of? How much do these routers cost, and where is the best place to get them from?
Does anyone have any experience running Juniper SSG-550 firewalls in a high-traffic hosting environment?
I run network operations for a hosting provider in Australia. We currently have two J4350s running as border routers, and we are looking at putting two Juniper SSG-550s behind the border routers to do stateful firewalling / NAT.
We'll be using active/active NSRP on the SSGs for load balancing and failover.
My concern is that these devices may not be able to handle our traffic load. They have a hard-set limit of 256,000 "concurrent sessions" which may not be enough for us in peak times. Almost all of our traffic is HTTP though, so I would imagine sessions would timeout quite quickly?
In one of our racks, we now just have two Procurve (J4900B) switches, and run software firewalls on our CentOS servers. We are now looking towards a hardware firewall to ease managment and reduce load on our servers.
One of our suppliers reccomends the SSG140 from Juniper, and it seems to cover our needs. The SSG320 however seems to have more features, like layer3 routing. Could this device replace our Procurve switches, and act as a firewall/switch?
Anyone familiar with these devices and have some input on what to choose? How does the anti-ddos and bruteforce attack functions work out, do they hold up? Anyone tested the Deep Inpspection Signature module? Is it worth having for a ISP/Webhost?
I've been reading and searching on here as much as I can to try to help me in making a decision, unfortunately when I think I know what to do, I read something else and get confused again.
We are in the process of moving networks within our datacenter and will have 2 drops coming into our half-cabinet. We have about 7 servers in there, some for our own use and some for clients. In all cases, we manage the servers and are the only ones with root access (no need for VLANs for the purpose of protecting IPs etc).
We currently have a single drop and use an HP procurve 2524 layer2 switch that has been in there for over 6 years and never had a single hiccup. We also don't push much traffic at all though. Under 5mbps combined.
My question though is this: moving to the new network we will have 2 drops that are set up as HSRP on their end (upstream of me, I don't have to worry about having two switches). In order to use the dual feeds, we will need a Layer3 switch. One feed will be active, the other is not, both are connected to the switch via a VLAN and provide a gateway for VLAN2 to use. I have never used a layer3 switch, though I'm not *too* concerned since I don't expect we'll be doing anything too complex. My understanding is that one VLAN (VLAN1) will be set up with an IP address assigned to each drop and that VLAN1 will create a gateway for VLAN2. The second VLAN (VLAN2) will be all our "inside" client IPs that will then route through VLAN1.
I was briefly checking out the cisco 3750, but I think it's overkill...? I don't want to spend too much money, since I don't think we need any complex setups, at the same time, I don't want to waste money by buying something that won't work efficiently down the road.
My immediate short-list is now an HP procurve 2610, an HP procurve 3500 J9470A (not the YL), and a Cisco 3560 24-TS.
Of course, then someone mentioned Juniper (whom I have zero experience with either) and hence the title to my thread... I'm thoroughly confused. I was looking at the EX3200-24T.
Ok, so if I have to boil this down to some simple requirements/thoughts... here goes:
1. I only need 24 ports for now.
2. I use SNMP currently to monitor usage for clients (and overall)
3. I like HPs and have used them for layer2, I like their lifetime warranty and software availability
4. I don't have direct experience with Cisco at all.
5. Aside from routing from one VLAN (provider side) to another VLAN (my side), I don't think I need any other special features (hence the hp 2610 being ok I think, since it offers "lite layer3")
6. Some people say HP is great for layer2 but not for layer3? Now I dont' know what to think.
7. Currently use about 2mbps and might jump to 3 or 4mbps, but don't have major needs. I'd like for this switch to be able to last me a while though... so maybe 20~40mbps+? (but still not the hundreds of mbps that others here push
8. If possible, I'd LIKE to limit some servers to 1mbps or 2mbps on a per-port basis... but this is not a hard requirement. (I think this takes the 2610 out).
Budget: I like the $500 price tag of the 2610, but can spend the $1500~$2000 for the HP 3500, Cisco 3560, or Juniper. I would just rather not, if the price/features are not justifiable.
Hopefully I've provided enough information for someone to offer their insight? I think a few strategic key points or questions from someone with more experience might be what I need to help me bust through the "too many choices" fog and end up with the best switch for my situation...
we have this Juniper SSG5 firewall, our very first Juniper and wanted to use it.
While I am able to use it in NAT mode, I have been unsuccessful to use it in route mode.
We have Public IPs from the same segment and I wanted to use it with the firewall but it appears that I can't assign IPs for each port if the IP is from the same segment.
Does it mean that we can't use it other than in NAT mode?
What we want to accomplish is to have one of IPs to act as gateway and filter or route in/out traffic to/from our other IPs.
I have a SSG-320M I manage, and would like to know if I can block traffic to our web servers based on the user agent hitting us? I know user agents that keep using more and more IP addresses to crawl us, one already taking up some 30 or 40 addresses under my policies and its a pain to identify these by hand and keep updating the firewall every few days to add new IP addresses for them. Is there somewhere I can add part of the user agent I do not want to ever see again? Right now I do this by having a policy at the top saying "BadBotsGroup" is denied. But I want to deny anyone with a user agent "OneUserAgent" or "SecondUserAgent"
It seems so important and simple, but I do not see anything about being able to do this. Thanks for help and pointers. Right now we have special code at the top of our sites that blocks these bots, but I would much rather do it in one location at the firewall.
Looking to upgrade to a new switch and have the following in mind. Budget is around 1-2k. We're pushing 500mbps upstream so i want to make sure that the unit can handle that well. Lots of full speed traffic between servers too.
No fancy features required, and the only need is port trunking, which all of these have.
I look at the specs for latency and pps, but I'm not sure if you can trust these figures.
Anyone have experience with the following.
HP Procurve 2910al-24 $1430 latency <2.9us 131 Mpps 176 Gbps Bonus: 10Gb capability with expansion module
to build a new 10GE network and have received offers from Juniper and Cisco distributors.
Juniper seems to be a bit more expensive. It was our first choice at the beginning untill we saw many big ISP's using cisco 6509 with SUP720-3BXL for routing.
Is there anyone with experience on both products? How about support for both of these?
I have IIS with the default site and a site i created. it appeared to be configured correctly but even from the server if i try to "browse" any of the pages i still get "internet explorer cannot display the page" from my site and "under construction" from the IIS default site.
I have a machine which runs on Desktop board with 1 LAN port built in. I just bought a new USB-LAN and plug into the USB but I have question about how to configure it. I cannot see eth1 inside /etc/sysconfig/network-scripts, so where can I configure USB LAN?
I'm over here trying to rebuild php with GD in WHM, I go through the entire motion of Apache Update (with GD selected as a PHP Module) and ummmm... after it's done, I check my phpinfo() and there is no GD section, let alone has the build date been changed.
I am moving my servers this week and my new host doesn't do domain hosting. This is my first time doing it, I need help in pointing my domain to the new server. I just need the basic settings for A, CNAME and MX records.
how to which will help me to make a correct configuration of mail server. I want to set up a mail server with e.g three domain names and all three domain names will have few similar email addresses like info, sales, marketing and so on. I know that this can be done by using control panels but I am not big fan of control panels I want to do a pure Linux administration using the command line.
Is there somewhere that either has a tutorial or explains how a DR site is setup and activated when the primary site goes down? And how do you configure it to fail-over to the primary site again once it is back up and running?
I'm planning to have a certain hardware configuration in place at a primary site (load balancers/web/app/database/SAN) supporting a service that MUST remain online. Because it's mission critical, I also will need a DR (disaster recovery) configuration at a secondary site. My challenge is how to configure DNS or whatever to fail over the primary site to the secondary site if the primary experiences a failure of some sort. Then fail it back post-recovery.
I am planning to use the secondary site to burn-in development prior to go-live and when ready, migrate the changes to the primary so both sites are identical.
I am doing some investigation regarding NetScaler appliances to understand how they work. At first glance it seems they are able to direct incoming traffic to specific locations based on various criteria (geo, speed, load capacity, etc). I noticed they are also a recommended solution by Citrix for traffic management... but a DR solution is evading me. And something is telling me it's not all about some piece of hardware.
i got DNS and IIS installed and configued DNS completely by the book. I made 2 forward lookup zones ns1 and ns2.mydomain.net
what is this step im missing between that process and being able to tell godaddy to hit my nameserver. it just keeps telling me they are not registered nameservers so i must be missing something here.
I have got a WHM Reseller Account, with a Dedicated IP address and RapidSSL Certificate.
My host has setup the SSL for me, and it works fine when I access [url](where main-domain.com is the Domain associated with my WHM account).
However when I try and access https on any Account which I've made under my Reseller Account, I'm just redirected back to [url]
I was under the impression that if I accessed a Domain on an account I made that shares the same IP as my SSL Certificate, that the SSL Certificate would appear for that Domain name too, but this isn't the case.
Is there any change the my DNS records, or something I can ask my host to do to get it to work?
I want to configure Nagios to monitor Windows and Linux servers and their services. I have to install NSClient in Windows servers and NRPE in Linux servers to collect the data. I don't want to install any plugin in any server. Is there any guide available which describes how to enable Monitoring of servers using SNMP through Nagios?
I saw an ad on WHT by LimeStone Networks and decided to get a server from them. My server was made within few hours. On the server, I was only able to connect to the SSH on port 22, I could not login to the DirectAdmin or anything.
So, I tried shutting down the "iptables" firewall like this:
Code: service iptables stop and then tried to access the directadmin like this:
[url]
and it worked. So, the problem is that, my host only configured ssh on my server and didnt configure the rest.
on the welcome email, this is what they said about the firewall, but I don't quite understand
Quote:
Please be advised that your server's firewall is active for your protection and will only accept connections on port 22/tcp by default.
If you modify firewall or IPTable rules on your server, please be sure to have them configured to allow inbound and outbound traffic on all ports (TCP & UDP 1-65535) from 209.130.152.0/28.
I'm trying to install and configure pureFTPD on my VPS which I just got.
Right, here goes one of my stupid questions:
When I try to start pure-ftpd (with the command /usr/sbin/pure-ftpd & ), this is what I get:
[1] 20271
What does [1] 20271 mean (or it may be other random number)?
And I can't see pure-ftpd as a running process (ps -ef command). So what's happening, how do I start pure-ftpd properly? It is installed as far as I understand.
Quote:
...lots of other packages... ii pure-ftpd 1.0.21-8 Pure-FTPd FTP server ii pure-ftpd-comm 1.0.21-8 Pure-FTPd FTP server (Common Files)
We check a domain under dnsreport and all seems ok
But, when we assign IP (not the main shared) to the account and check dnsreport we see this error:
Reverse DNS entries for MX records ERROR: The IP of one or more of your mail server(s) have no reverse DNS (PTR) entries/* (if you see "Timeout" below, it may mean that your DNS servers did not respond fast enough)*/. RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry. You can double-check using the 'Reverse DNS Lookup' tool at the DNSstuff site if you recently changed your reverse DNS entry (it contacts your servers in real time; the reverse DNS lookups in the DNS report use our local caching DNS server). The problem MX records are: **** [No reverse DNS entry (rcode: 3 ancount: 0)
AND
Mail server host name in greeting WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
www.***.com claims to be host host.***.com [but that host is at **** (may be cached), not ****].
Actually my DSL provide me 1024 kbps of Internet Access. I am wanna connect computers to that network and rent the pc in my own country.
Here the features of that I have:
- 2 Desktop PC ready for connect. - 1 router with 4 lan Port. - 1 Dynamic ip - 1024 kbps of Internet connection.
the desktop pc will be configuring with Centos 4.x and I wanna install on it a control panel like directadmin.
Here the issues:
- How I can configure 2 statics ip for each desktop pc? - The desktop pc will be connected every one in the same router? - How I can know how will be the rendiment with 1024 kbps?
