Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

netscreen 5GT simple question

Status
Not open for further replies.
peterve

peterve

IS-IT--Management
Mar 19, 2000
1,348
NL
Hi,

How can I see *all* firewall rules on my netscreen 5GT ?
When I look under "policies", I only see the rules that I've created, but I don't see a "deny all" rule, I don't see the rules that allow for remote (http, ssh, ...) management and so on...

thanks

--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Sort by date Sort by votes
Hello,

You can see all your policies from the CLI. Type "get pol". If you want to see policies between specific zones, add them after "pol". For example, "get pol from trust to untrust" will show you all your outbound policies. The implicit deny is a global policy and configured for inbound traffic by default. Regarding HTTP, Telnet and SSH management, it is assigned to the interface. You can type "get int trust" to see what is enabled. If needed you can also had additional services. For example, to enable telnet use "set int trust manage telnet". Hope this helps.

Rgds,

John
 
Upvote 0 Downvote
so there is no way to see all policies in one view, including the implicit rule and ports that are used on an interface basis ?

thanks

--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Upvote 0 Downvote
If I would create those rules myself, at the bottom of the ruleset
- allow ports for administration
- block everything else

Would those custom rules overrule the implicit rules ?
In other words, if I would add a "catch all" rule as last rule, would that cut off administration into the box ?


--------------------------------------------------------------------
How can I believe in God when just last week I got my tongue caught in the roller of an electric typewriter?
---------------------------------------------------------------------
 
Upvote 0 Downvote
Hi,

Administration to the box is not controlled via policies. You simply enable or disable protocols (HTTP/HTTPs, Telenet, SSH, etc) on the Interface. Also, you can lock it down to specific IP or Netblocks by clicking Configuration, Admin, Permitted IPs. Just make sure you permit the IP of the machine you are connected to first. If not, you will be disconnected! Hope this helps.

Rgds,

John
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
849
intel233
intel233
NoCoolHandle
  • Locked
  • Question
TLS 1.0 vrs TLS 1.1 vrs 1.2 connection strategy question
Replies
1
Views
233
ChrisHirst
ChrisHirst
ITSurvivor
  • Locked
  • Question
Newbie On Netscreen 25
Replies
0
Views
149
ITSurvivor
ITSurvivor
J001
  • Locked
  • Question
Checkpoint Upgrade Question
Replies
0
Views
161
J001
J001
IBMX350
  • Locked
  • Question
Netscreen 50 Mapped IPs
Replies
0
Views
149
IBMX350
IBMX350

Part and Inventory Search

Sponsor

Back
Top