Search results for query: *

We need to add a host route to our ISA server that routes certain traffic to a different gateway. My understanding is that the route must be added through ISA (not the prompt), and that it can be tricky to do. Is this possible? "I would rather have a free bottle in front of me, than a...

Actually, I looked on a 5GT. I think the features on the firewall depend on what your key unlocks, we've got about 50 or 60 5GT's out in the field, and they come with that ability. Maybe you could buy a cheap router or something to NAT one untrusted subnet into the other? "I would rather have...

If I'm understanding you correctly, that's no prob at all. Basically you would go into: Network -> Interfaces Click "new" at the top, select Sub-if from the dropdown. Put in what you require, it's fairly intuitive. As far as having them hit the same trusted subnet you would just have two sets...

Yeah, that's weird... I'd try a firmware upgrade. "I would rather have a free bottle in front of me, than a pre-frontal lobotomy..." -Shrubble

Try logging as the Box admin. I've had a lot of occurances where my account caused that, but when I log in as the root-admin, it allows you access to the java classes that you need. "I would rather have a free bottle in front of me, than a pre-frontal lobotomy..." -Shrubble

I think that would work no problem. This is precisely why we don't route foreign(or public) addresses through our network as a matter of policy-- it gets messy. Everything that hits our network get NAT'ed to a private IP within the same subnet, with policies on our Netscreen 500's dictating...

I would look at the home page on the web ui to see if any of the devices resources are getting filled up (like memory). We have a zillion 5 GT's deployed, and if we had to restart one every week we would send it back to Juniper! "I would rather have a free bottle in front of me, than a...

Use 'snoop' for packets outside the firewall, and 'debug' for inside. For instance, 'debug flow drop' will catch all dropped packets (view by 'get db st', clear by 'clear db', turn off by 'undebug all'). You can also set a filter and do 'debug flow basic', actually there's a TON of debugs you...

Is the IP of the host that you are trying to connect to a private address that exists within the subnet of your trust side? That might not matter, not sure. If unsetting the trust ip allows the tunnel to be built, it kind of points to an addressing conflict. "I would rather have a free bottle...

You sure that the tunnel is using g2-esp-3des-sha on both ends? Also, your IKE needs to be configured so that your peers are both looking for the same IP/Subnet combination. For example, if your remote peer is exposing its host as part of a subnet (192.168.32.0/24 for instance), then your peer...

I deploy a lot of 5GT's. There may be a way to get it to pick up an IP from your ISP, but we always assign the IP to the untrust side: set interface untrust ip <ip w/netmask> example: set interface untrust ip 10.2.2.3/24 That's through the command line, you can also do the same through the...

The easiest way to block these apps is the following: (not on the firewall though) Put entries on your DNS servers that resolve the DNS name of the login servers (like login.aol.oscar.com) to a bogus location (like 127.0.0.1 - localhost). I know this sounds dopey, but it's remarkably...

It's far easier to use the script host because, with just a few lines of code, the script interpreter pops the service in there without you having to worry about if you added it correctly everywhere. The setup we use in my shop is a VBScript that installs (or removes or configures) another...

I have no idea how this works on a PDA, but just from a VPN standpoint I can tell you this: You'll need two addresses: 1) The address of the VPN peer at your work (the concentrator, firewall, router or device that establishes the tunnel). 2) The address of the host or subnet that you will...

Write a script that creates a servce in VBScript. Here's something that shows the basic idea: http://visualbasic.ittoolbox.com/code/archives.asp?d=2491&a=s&i=8 You may want to write the script in such a way that it has an uninstall flag also. Hope this helps! -Tom "I would rather have a...

Actually it's trivial. If you know the name and location of the printer at go-time, you can pass it to a VBScript to pop it in the privileged user's profile real quick, and then remove it (if needed) when it's finished. If you have 400-500 printers, the LPD/LPR solution may be the way to go...

Network -> Interfaces -> Untrust(link) is where you set up remote management via the untrust interface. "I would rather have a free bottle in front of me, than a pre-frontal lobotomy..." -Shrubble

We had a situation somewhat like this; our application used either the Kodak Imageviewer(2000) or the generic imageviewer(XP) to print a .tiff file that comes in via a secure file transfer program. What makes this dicey is this: printers aren't associated with machines, they are associated with...

There is a checkbox in the WebUI for remote management off of the untrust interface, you can set the management IP there (I think it defaults to the IP of the untrust side, not sure, not at work right now!). This is true for 5GT's at least. Please post how it works out, I've never deployed one...

Go into services and define the new service, it's pretty intuitive. After that, add address list entries for the internal system on the trust and untrust sides (or whatever zone/interface you're using). Create a policy (or two if it's bidirectional) from trust to untrust (and vice versa-...