Clik here to view.
OSPF for IPv4 Test Lab: Cisco Router & ASA, Juniper SSG & Palo Alto
I tested OSPF for IPv4 in my lab: I configured OSPF inside a single broadcast domain with five devices: 2x Cisco Router, Cisco ASA, Juniper SSG, and Palo Alto PA. It works perfectly though these are a...
View ArticleClik here to view.
VoIP von FRITZ!Box über Juniper SSG Firewall
Ich habe bei mir zu Hause die AVM FRITZ!Box als alleinigen Router abgelöst und durch eine Juniper SSG 5 Firewall ersetzt. Die FRITZ!Box ist trotzdem noch vorhanden und steht als IP-Client hinter der...
View ArticleClik here to view.
MRTG/Routers2: Template Juniper SSG
Finally, this is how I am monitoring my Juniper ScreenOS SSG firewalls with MRTG/Routers2. Beside the interfaces (that can be built with cfgmaker) I am using my template in order to monitor the CPU...
View ArticleClik here to view.
Juniper ScreenOS NAT Overview: MIP DIP VIP
MIP DIP VIP. I am sometimes confused with the NAT names of the Juniper ScreenOS devices. Therefore, I drew a small figure with a few basic examples for these NAT types. Note that this figure does not...
View ArticleClik here to view.
IPsec Site-to-Site VPN FortiGate Juniper SSG
Here comes the step-by-step guide for building a site-to-site VPN between a FortiGate and a ScreenOS firewall. Not much to say. I am publishing several screenshots and CLI listings of both firewalls,...
View ArticleClik here to view.
Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration...
View ArticleClik here to view.
IPv6 through IPv4 VPN Tunnel with Juniper SSGs
The most common transition method for IPv6 (that is: how to enable IPv6 on a network that does not have a native IPv6 connection to the Internet) is a “6in4” tunnel. Even other tunneling methods such...
View ArticleClik here to view.
Policy-Based Routing on ScreenOS with different Virtual Routers
I already puslished a blog post concerning policy-based routing on a Juniper firewall within the same virtual router (VR). For some reasons, I was not able to configure PBR correctly when using...
View ArticleClik here to view.
OSPFv3 for IPv6 Lab: Cisco, Fortinet, Juniper, Palo Alto, Quagga
Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, Palo Alto, and Quagga Router. I am showing my lab...
View ArticleClik here to view.
Juniper ScreenOS: DHCPv6 Prefix Delegation
The Juniper ScreenOS firewall is one of the seldom firewalls that implements DHCPv6 Prefix Delegation (DHCPv6-PD). It therefore fits for testing my dual stack ISP connection from Deutsche Telekom,...
View ArticleClik here to view.
Tufin SecureTrack: Adding Devices
Since a few weeks I am using Tufin SecureTrack in my lab. A product which analyzes firewall policies about their usage and their changes by administrators (and much more). Therefore, the first step is...
View ArticleClik here to view.
OSPF for IPv4 Test Lab: Cisco Router & ASA, Juniper SSG & Palo Alto
I tested OSPF for IPv4 in my lab: I configured OSPF inside a single broadcast domain with five devices: 2x Cisco Router, Cisco ASA, Juniper SSG, and Palo Alto PA. It works perfectly though these are a...
View ArticleClik here to view.
CLI Commands for Troubleshooting Juniper ScreenOS Firewalls
Yes I know, ScreenOS is “End of Everything” (EoE). However, for historical reasons I am still managing many Netscreen/ScreenOS firewalls for some customers. Similar to my troubleshooting CLI commands...
View ArticleClik here to view.
Juniper ScreenOS Initial Cleanup Config
I still like the Juniper ScreenOS firewalls such as the SSG5 or the SSG 140. However, they are End of Everything (EoE) and not used at the customers anymore. But they still do their job in basic...
View ArticleClik here to view.
Juniper ScreenOS VPN Speedtests
Just for fun some more VPN throughput tests, this time for the late Juniper ScreenOS firewalls. I did the same Iperf TCP tests as in my labs for Fortinet and Palo Alto, while I was using six different...
View ArticleClik here to view.
Juniper ScreenOS IPv4 vs. IPv6 Throughput Tests
And finally the throughput comparison of IPv6 and legacy IP on a Juniper ScreenOS firewall. Nobody needs this anymore since they are all gone. ;) But since I did the same speedtests for Palo Alto and...
View ArticleClik here to view.
Generating SSHFP Records Remotely
Until now I generated all SSHFP resource records on the SSH destination server itself via [crayon-5ae6e89905775373692648-i/]. This is quite easy when you already have an SSH connection to a standard...
View ArticleClik here to view.
VoIP von FRITZ!Box über Juniper SSG Firewall
Ich habe bei mir zu Hause die AVM FRITZ!Box als alleinigen Router abgelöst und durch eine Juniper SSG 5 Firewall ersetzt. Die FRITZ!Box ist trotzdem noch vorhanden und steht als IP-Client hinter der...
View ArticleClik here to view.
MRTG/Routers2: Template Juniper SSG
Finally, this is how I am monitoring my Juniper ScreenOS SSG firewalls with MRTG/Routers2. Beside the interfaces (that can be built with cfgmaker) I am using my template in order to monitor the CPU...
View ArticleClik here to view.
Juniper ScreenOS NAT Overview: MIP DIP VIP
MIP DIP VIP. I am sometimes confused with the NAT names of the Juniper ScreenOS devices. Therefore, I drew a small figure with a few basic examples for these NAT types. Note that this figure does not...
View Article
