Recent content by shrubble

We need to add a host route to our ISA server that routes certain traffic to a different gateway. My understanding is that the route must be added through ISA (not the prompt), and that it can be tricky to do. Is this possible? "I would rather have a free bottle in front of me, than a...

Actually, I looked on a 5GT. I think the features on the firewall depend on what your key unlocks, we've got about 50 or 60 5GT's out in the field, and they come with that ability. Maybe you could buy a cheap router or something to NAT one untrusted subnet into the other? "I would rather have...

If I'm understanding you correctly, that's no prob at all. Basically you would go into: Network -> Interfaces Click "new" at the top, select Sub-if from the dropdown. Put in what you require, it's fairly intuitive. As far as having them hit the same trusted subnet you would just have two sets...

Yeah, that's weird... I'd try a firmware upgrade. "I would rather have a free bottle in front of me, than a pre-frontal lobotomy..." -Shrubble

Try logging as the Box admin. I've had a lot of occurances where my account caused that, but when I log in as the root-admin, it allows you access to the java classes that you need. "I would rather have a free bottle in front of me, than a pre-frontal lobotomy..." -Shrubble

I think that would work no problem. This is precisely why we don't route foreign(or public) addresses through our network as a matter of policy-- it gets messy. Everything that hits our network get NAT'ed to a private IP within the same subnet, with policies on our Netscreen 500's dictating...

I would look at the home page on the web ui to see if any of the devices resources are getting filled up (like memory). We have a zillion 5 GT's deployed, and if we had to restart one every week we would send it back to Juniper! "I would rather have a free bottle in front of me, than a...

Use 'snoop' for packets outside the firewall, and 'debug' for inside. For instance, 'debug flow drop' will catch all dropped packets (view by 'get db st', clear by 'clear db', turn off by 'undebug all'). You can also set a filter and do 'debug flow basic', actually there's a TON of debugs you...

Is the IP of the host that you are trying to connect to a private address that exists within the subnet of your trust side? That might not matter, not sure. If unsetting the trust ip allows the tunnel to be built, it kind of points to an addressing conflict. "I would rather have a free bottle...

You sure that the tunnel is using g2-esp-3des-sha on both ends? Also, your IKE needs to be configured so that your peers are both looking for the same IP/Subnet combination. For example, if your remote peer is exposing its host as part of a subnet (192.168.32.0/24 for instance), then your peer...

I deploy a lot of 5GT's. There may be a way to get it to pick up an IP from your ISP, but we always assign the IP to the untrust side: set interface untrust ip <ip w/netmask> example: set interface untrust ip 10.2.2.3/24 That's through the command line, you can also do the same through the...

The easiest way to block these apps is the following: (not on the firewall though) Put entries on your DNS servers that resolve the DNS name of the login servers (like login.aol.oscar.com) to a bogus location (like 127.0.0.1 - localhost). I know this sounds dopey, but it's remarkably...

It's far easier to use the script host because, with just a few lines of code, the script interpreter pops the service in there without you having to worry about if you added it correctly everywhere. The setup we use in my shop is a VBScript that installs (or removes or configures) another...

I have no idea how this works on a PDA, but just from a VPN standpoint I can tell you this: You'll need two addresses: 1) The address of the VPN peer at your work (the concentrator, firewall, router or device that establishes the tunnel). 2) The address of the host or subnet that you will...

Write a script that creates a servce in VBScript. Here's something that shows the basic idea: http://visualbasic.ittoolbox.com/code/archives.asp?d=2491&a=s&i=8 You may want to write the script in such a way that it has an uninstall flag also. Hope this helps! -Tom "I would rather have a...