IPsec Site-to-Site VPN FortiGate Juniper SSG
Here comes the step-by-step guide for building a site-to-site VPN between a FortiGate and a ScreenOS firewall. Not much to say. I am publishing several screenshots and CLI listings of both firewalls,...
View ArticleFirewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration...
View ArticleIPv6 through IPv4 VPN Tunnel with Juniper SSGs
The most common transition method for IPv6 (that is: how to enable IPv6 on a network that does not have a native IPv6 connection to the Internet) is a “6in4” tunnel. Even other tunneling methods such...
View ArticlePolicy-Based Routing on ScreenOS with different Virtual Routers
I already puslished a blog post concerning policy-based routing on a Juniper firewall within the same virtual router (VR). For some reasons, I was not able to configure PBR correctly when using...
View ArticleOSPFv3 for IPv6 Lab: Cisco, Fortinet, Juniper, Palo Alto, Quagga
Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, Palo Alto, and Quagga Router. I am showing my lab...
View ArticleJuniper ScreenOS: DHCPv6 Prefix Delegation
The Juniper ScreenOS firewall is one of the seldom firewalls that implements DHCPv6 Prefix Delegation (DHCPv6-PD). It therefore fits for testing my dual stack ISP connection from Deutsche Telekom,...
View ArticleTufin SecureTrack: Adding Devices
Since a few weeks I am using Tufin SecureTrack in my lab. A product which analyzes firewall policies about their usage and their changes by administrators (and much more). Therefore, the first step is...
View ArticleCLI Commands for Troubleshooting Juniper ScreenOS Firewalls
Yes I know, ScreenOS is “End of Everything” (EoE). However, for historical reasons I am still managing many Netscreen/ScreenOS firewalls for some customers. Similar to my troubleshooting CLI commands...
View ArticleJuniper ScreenOS Initial Cleanup Config
I still like the Juniper ScreenOS firewalls such as the SSG5 or the SSG 140. However, they are End of Everything (EoE) and not used at the customers anymore. But they still do their job in basic...
View ArticleJuniper ScreenOS VPN Speedtests
Just for fun some more VPN throughput tests, this time for the late Juniper ScreenOS firewalls. I did the same Iperf TCP tests as in my labs for Fortinet and Palo Alto, while I was using six different...
View ArticleJuniper ScreenOS IPv4 vs. IPv6 Throughput Tests
And finally the throughput comparison of IPv6 and legacy IP on a Juniper ScreenOS firewall. Nobody needs this anymore since they are all gone. ;) But since I did the same speedtests for Palo Alto and...
View ArticleGenerating SSHFP Records Remotely
Until now I generated all SSHFP resource records on the SSH destination server itself via [crayon-5ae6e89905775373692648-i/]. This is quite easy when you already have an SSH connection to a standard...
View ArticleJuniper ScreenOS NAT Overview: MIP DIP VIP
MIP DIP VIP. I am sometimes confused with the NAT names of the Juniper ScreenOS devices. Therefore, I drew a small figure with a few basic examples for these NAT types. Note that this figure does not...
View ArticleMy IPv6/Routing/Cisco Lab Rack (2019)
My lab rack of 2019 consists of multiple Cisco routers and switches, as well as Juniper ScreenOS firewalls for routing purposes, a Palo Alto Networks firewall, a Juniper SRX firewall, a server for...
View ArticleJuniper ScreenOS with a 6in4 Tunnel
Yes, I know I know, the Juniper ScreenOS devices are Out-of-Everything (OoE), but I am still using them for a couple of labs. They simply work as a router and VPN gateway as well as a port-based...
View Article