Netscreen Attack Detection and Defense Overview

Below outlines Netcreens Attack Detection and Defense. This is by no means a full guide by acts as a general summary to the various terms and technologies. SCREEN Features legacy security protection, such as SYN, UDP and ICMP floods, Port scans and certain OS-specific DoS attacks. Deep Inspection Allows for inspection at the application layer … Read more

Netscreen – Basic Remote Access (Dial up) VPN

Below will show how to create a basic Remote Access VPN using Pre Shared Keys. This guide presumes that you already have the Netscren Remote VPN Client installed onto your local machine and was created using the following software versions : ScreenOS – 6.2.0r1.0 Netscren Remote VPN Client – 10.8.3 (Build 6) Below is an … Read more

Netscreen – Additional Site 2 Site VPN Options

VPN Monitoring This allows you to ping an IP address through the tunnel. In the event of the tunnel going down a SNMP trap will be generated. The settings can be found under “VPNs > AutoKey IKE > Edit > Advanced > VPN Monitor“. The “rekey” option will cause the Netscreen to continuously try and … Read more

Netscreen – Creating a route based VPN.

Below shows you how to create a route based vpn upon a Netscreen firewall using the firewalls gui interface. This tutorial was created using the ScreenOS version 6.2.0r1.0. The encryption domain for this guide will be, Local Gateway : 1.1.1.1 Local Endpoint : 10.1.1.25/24 Remote Gateway : 192.168.1.107 Remote Endpoint : 172.28.16.0/24 Create Tunnel Interface … Read more

Backup / Restore a Juniper NSM

This article will show you how to backup and restore your Juniper NSM. This article was written using NSM version 2008.2r1.Within NSM the HighAvailSvr contains processes that run in both HA and non-HA mode and handles database backups and a watchdog daemon to restart NSM processes in case of failure. Backup Even though you will … Read more

Netscreen – Track IP

IP tracking allows you to track the connectivity of critical IP`s.This allows you to change your routing based on the connectivity of configured IP`s. There are 3 main points to Track IP :  If a Tracked IP becomes unreachable, the weight of the address is added to the overall failed address total. If the total … Read more

NSM – Delayed Logs

Issue Logs received on the NSM are delayed by 6 minutes. The log viewer hangs for close to 6 minutes and then displays all the logs within a group. Also today`s log directory does not get created within /DevSvr/logs.  Solution The NSM device server does a log tuple repair for each log received from the … Read more

NSM – Delayed Logs

Issue Logs received on the NSM are delayed by 6 minutes. The log viewer hangs for close to 6 minutes and then displays all the logs within a group. Also today`s log directory does not get created within /DevSvr/logs.  Solution The NSM device server does a log tuple repair for each log received from the … Read more

Netscreen – Routing Basics / Virtual Routers / PBR

Juniper introduces a new feature to the area of routing, called Virtual Routers. The model consists of: interfaces are applied to zones and zones are applied to Virtual Routers. Virtual routers allow for you to segment routing updates in and from the firewall/router. Virtual RoutersThere are 4 different types of routing tables that you can … Read more

Netscreen Syslog Logging Formats

Below are the 2 types of syslog messages. This can be useful to quickly determine on a NSM whether the logs are coming from the NSM or directly from the Firewall via syslog. Syslog from the Firewall Mar 18 17:56:52 [FW IP] [FW NAME]: NetScreen device_id=netscreen2  [Root]system-notification-00257(traffic): start_time=”2009-03-18 16:07:06″ duration=0 policy_id=320001 service=msrpc Endpoint Mapper(tcp) proto=6 … Read more

NSM – Files and Folders

There are 3 areas with NSM. DevSvr, GuiSvr and HaSvr. The following files and paths are based on NSM 2008. Below shows the main path structure (Redhat) and what each Server (Svr) does. /usr/netscreen/DevSvr/ – DevSvr – Logging and the NSM database/usr/netscreen/GuiSvr/ – GuiSvr – NSM GUI /usr/netscreen/HaSvr/  – HaSvr  – Backups and High Availability. … Read more

Juniper Netscreen – NAT Explained

Source NAT Interface Based Source NAT – Allows the traffic to NAT its source IP to the IP address of the egress interface which it leaves. This feature is enabled on the interface via “NAT-Mode”. And can be disabled via using “Route Mode”. MIP – Provides a static NAT for the specified host, in which … Read more

Netscreen – DDNS : Last response – not init

The below is based on the netscreen ns5gt and the firefox web browser. Issue After setting up your netscreen for DDNS, in the UI of your netscreen the last response is shown as ‘not-init‘ and within the CLI it shows ‘successful updates: 0‘. To get the id of you ddns config run just the command … Read more

Netscreen – Rule Processing Order

Rule Processing Order The general processing order is as follows, Look for a policy between the ingress and egress zones If no policy is found (in step 1), search for a Global policy If no Global policy is found and if the ingress zone is same as the egress zone, apply the intra-zone block i.e … Read more

Netscreen – Changing your Duplex settings

This article was written based on the ns5gt. By default all interfaces are set to auto negotiate. Show Duplex ns5gt-> get interface trust port phy Port 1:  link is up, 100 Mbps, auto negotiated to full duplex Port 2:  link is up, 100 Mbps, auto negotiated to full duplex Port 3:  link is up, 100 … Read more

Netscreen – Console settings

In this article we will be looking at the various console commands available to us on the Juniper Netscreen. From entering the get command we can see the current console settings along with console session details, ns5gt-> get console Console timeout: 10(minute), Page size: 22/22, debug: buffer privilege 200, config has not been changed! ID … Read more

NSM – I`ve Forgotten / Lost my NSM Password

Have you lost, forgotten, misplaced the NSM password ?Below are the steps to reset your “super” account password, NSM 2006.x and below Log into the NSM via SSH as root Stop the NSM Server (you should be able to find the init scripts in /etc/init.d) Run the following command /usr/netscreen/GuiSvr/utils/.hashPasswd <new password>, you will receive … Read more

Netscreen – Snoop

A great debugging tool feature on the Juniper Netscreens is snoop. Snoop is packet capturing tool which allows you to analysis your traffic on a per packet level. Below shows you a example of enabling snoop and viewing its output, 5gt->undebug all5gt->snoop5gt->snoop filter ip 10.1.1.1005gt->snoop info5gt->clear db 5gt->get db str Ok, so what do these … Read more

Juniper Netscreen Commands

Interface get counter statistics Show interface statistics (CRC errors etc) get interface trust port phy Show physical ports for a certain zone get driver phy Show all link states of interfaces get counter statistics interface ethernet3 Show hardware stats on interface set interface [interface] no-subnet-conflict-check Allows you to configure multiple interfaces in the same IP … Read more

Netscreen – Create a Policy based VPN

This guide will show you how to create a policy based VPN on a Netscreen firewall. The encryption domain will be, Local Gateway : 2.2.2.2 Local Endpoint : 10.1.1.0 /24 Remote Gateway : 1.1.1.1 Remote Endpoint : 192.1.1.0 /24 1. Log into the Netscreens GUI 2. Click VPNs > Autokey IKE (Autokey IKE Screen is … Read more

Netscreen – Debugging / Troubleshooting

In order to debug and obtain output for the traffic flow through the Netscreen, you will need action a couple of commands, these are shown below, 5gt-> unset ff filter 0 removed 5gt-> undebug all 5gt-> clear db 5gt-> set ff dst-port 8080 filter added 5gt-> debug flow basic 5gt-> get db str Below shows … Read more

Netscreen – NSM Issues

Heres a couple of issues I ran into when adding some devices to the NSM, When trying to enable NSM via the GUI you get “No initial ID configured. NSM agent remains disabled” The communication between nsm and screenos is based on public key authentication. You don’t have to enable NSM manually. Cant import the … Read more

Netscreen – MSS

Below shows you the various MSS settings that can be set via the CLI, MSS of netscreen –   set tcp mss 1460 MSS for VPN traffic – set flow tcp-mss 1460 MSS for clear traffic – set flow all-tcp-mss 1460

Netscreen – NSRP Basic Setup

Below shows you how to configure basic NSRP cluster, prior to below you would of needed to configure your interfaces. Node A set nsrp rto-mirror syncset nsrp monitor interface eth1set nsrp monitor interface eth3set nsrp cluster id 1set nsrp vsd-group id 0 priority 100save Node B set nsrp rto-mirror syncset nsrp monitor interface eth1set nsrp … Read more

Netscreen – Basic Config

Below is how to set up the basic configuration on a Netscreen firewall.Also bear in mind that if you are setting up a NSRP cluster, be sure to set the management IP to a different IP to the management interface. set hostname myfirewallset ssh enable set admin name rootset admin password mypasswordset admin manager-ip 192.168.1.1 … Read more

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial