Within this article we will look at the various steps required in debugging a Site to Site VPN on an SRX series gateway. 1. Confirm Configuration First of all check the VPN configuration. This is also useful if and when you need to confirm the Phase 1 and Phase 2 parameter’s with the remote end. … Read more
Issue When configuring IPv6 on an ASA 5505 running 8.2(5) you may experience issues where you are unable to ping (via IPv6) the ASA`s interfaces. Solution Upgrade to version 8.2(5)3.
Within this article the necessary steps required to configure PPPoE on the SRX platform are described. Note : This configuration is based upon a) the chap authentication method b) the outside/untrust interface being fe-0/0/7.0. Configuration Below shows the required configuration for PPPoE. set interfaces fe-0/0/7 unit 0 encapsulation ppp-over-ether set interfaces pp0 unit 0 ppp-options … Read more
As it stands Juniper SRX (version 11.1R1.10) only provides support for DynDNS (DDNS) via the use of an automation script. Configuration This script can be downloaded here. Once you have downloaded the script transfer it to the SRX directory /var/db/scripts/event/. Finally configure your SRX via the following commands : set system services apply-macro dyndns-client1 hostname XXX.dyndns.orgset … Read more
Issue When connecting trying to connect via Dynamic VPN your client displays the following error: IKE Negotiations Failed Within the output of the IKE debug logs you see the following error: Jul 26 11:35:46 ike_st_i_n: Start, doi = 1, protocol = 1, code = No proposal chosen (14), spi[0..0] = 00000000 00000000 …, data[0..0] … Read more
To configure a global deny statement for all your policy entries the following commands are used. set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match source-address any set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match destination-address any set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop … Read more
Below details the nessecary commands required to enable global logging on all security policies. set groups global-logging security policies from-zone <*> to-zone <*> policy <*> then log session-initset security policies apply-groups global-logging
By default IPv4 Path MTU is enabled. However all PMTU options can be located under [set system internet-options ….]. root@srx100# set system internet-options ?Possible completions:+ apply-groups Groups from which to inherit configuration data+ apply-groups-except Don’t inherit configuration data from these groups gre-path-mtu-discovery Enable path MTU discovery for GRE tunnels> icmpv4-rate-limit Rate-limiting parameters for ICMPv4 messages> … Read more
Within this article we will show the required commands to restrict and secure management access to your Juniper SRX series gateway. Note : The following syntax/configuration has been tested with a PPPoE setup. Configure Addresses First of all the addresses that are allowed management access to the device are configured. This also includes any DNS … Read more
This example will provide the required configuration to allow a single IP address access to TCP port 80 when the HTTP Host Header matches either EXAMPLE1.DOMAIN.net or EXAMPLE2.DOMAIN.net. Note : In addition to the commands below you will also need to grant the relevant access via your interface based ACL`s. This is because your HTTP traffic … Read more
Below provides the basic commands for configuring the date, time and NTP on your Juniper SRX gateway. Configure the Time Zone system time-zone Europe/London Configure NTP set system ntp server 0.uk.pool.ntp.org preferset system ntp server 1.uk.pool.ntp.orgset system ntp server 2.uk.pool.ntp.org Set the Time/Date set date ntp 0.uk.pool.ntp.org Confirm user@switch> show ntp statusstatus=0644 leap_none, sync_ntp, 4 … Read more
Within this article destination NAT is configured to port forward traffic through to multiple servers based upon the destination port. This type of NAT configuration is equivalent to a ScreenOS VIP. This example syntax is based upon the following setup : 172.16.1.2:2222 –> 192.168.1.5:22172.16.1.2:3389 –> 192.168.1.6:3389 Configure Address Book First the real addresses … Read more
Issue VPN fails to route traffic through to the tunnel interface when using Route Based VPN upon a SRX platform. The following is observed : Both Phase 1 and Phase 2 is successfully establishing. Traffic is being received inbound from the Remote Peer and decypted successfully. Multiple VPN policies are assigned to a single tunnel … Read more
As we all know Cisco`s new ASA version 8.3 brings massive changes in NAT. This article describes and explains how NAT exemption (no NAT) is now configured. Below provides examples of both pre and post 8.3 no NAT configurations. Example Details Local LAN – 192.168.0.0/24 Remote LAN – 172.168.0.0/24 Traffic is arriving on the inside … Read more
Traffic reporting on the Juniper Netscreen can be achieved via a number of methods. Various tools and features are available such as the Netscreen Security Manager (NSM), 3rd Party applications along with numerous reporting features on the device itself. This article will look at how to create traffic reports by using just 1. a Netscreen … Read more
NGX R65 HFA40 is a standard HFA and can be installed both on Security Gateways and on SmartCenter servers. R65.4 is a Management-based package that in addition to NGX R65 HFA40, also contains various new features and plug-ins. Upgrading from R65.4 can present some significant issues, due the release being a dead end. You will … Read more
When upgrading or installing Check Point on a Solaris platform rather then having to use the physical Check Point software CD, the following method allows you install/upgrade your Check Point software directly from the *.iso. Steps 1. Copy the iso file to your firewall / manager2. Run the following commands lofiadm -a <path>/<filename>.iso /dev/lofi/1mount -F … Read more
Within this tutorial will will look at 2 configuration examples in which we will use HTTP inspection within the Cisco ASA to allow access for certain hosts based on specific URL headers. EXAMPLE 1 This example will show the required syntax to allow access to yahoo.com for any host within the network 10.1.1.0 255.255.0.0. HTTP … Read more
The Cisco IPS Sensor generates risk ratings that are assigned to alerts which provides the administrator with an indication to the severity of the alert. There are six values which are used in the calculation of the Risk Rating : ASR (Attack severity rating) TVR (Target Value Rating) SFR (Signature fidelity Rating) ARR (Attack relevancy rating) … Read more
IDSM-2 The IDSM-2 Module is a Cisco IDS blade for the Cisco 6500 switch.Once you install the module into the switch the module uses following logical ports : Port 1 Used for TCP Resets (In Promiscuous Mode) Port 2 Command and Control Port 7 Sensing Port Port 8 Sensing Port Below details the steps required … Read more
Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial