Question about Juniper Networks (SSG-5-SH-BT) Firewall

2 Answers

Policy-based VPN over vrrp

Twoo SSG-5 firewalls are used with VRRP for failover, is it possible to get a policy-based VPN over these VRRP solution?

Posted by on

2 Answers

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer
Re: policy-based VPN over vrrp

Hi krisva2,

If any of the articles show just the Juniper logo and menu bar you will need to shutoff your ad blocker.

Is Virtual Router Redundancy Protocol (VRRP) supported on Juniper firewalls? (KB ID: KB10892)

This is probably what is going on with your setup but without more information I could not be 100% sure.
Established sessions need to re-establish when the VPN Redundant Gateway fail-over occurs (KB ID: KB6372)


Posted on May 25, 2008

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer
Re: policy-based VPN over vrrp

I have problem with μtorrent.problem with some firewall or router in the port 24553 and ip what am i do to fix this problem. give me a solution please.....

Posted on Oct 14, 2008

Add Your Answer

0 characters

Uploading: 0%


Complete. Click "Add" to insert your video. Add


3 Points

Related Questions:

1 Answer

Sonicwall client won't connect to the internet

The default VPN policy rules prevent LAN access, also known as split-tunneling, since this creates a security risk (the ability of the VPN session to be hijacked or compromised through a covert channel).

If you are not the system admin, you need to talk to your system admin. If you are the system admin, then you need to review the documentation with respect to

Oct 07, 2009 | Sonicwall PRO 3060 NFR (01-ssc-5378)...

1 Answer

I have to much sessions allocs fail. The sessions bar is always on red color

You sem to be maxing out the session table on your

If you have a SSG5, then your max session limit is 8K

To find out what your max session is type: get session info

In the below output, the max session limit is 8064


gateway-ssg-> get session info
alloc 49/max 8064, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 8015

Oct 06, 2009 | Juniper Networks (SSG-5-SH-BT) Firewall

1 Answer

VPN tunnel establish using FQDN for remote end point address

Yes you can do as you expect.
ScreenOS Concepts & Examples ScreenOS Reference Guide, Volume 5: Virtual Private Networks Chapter 4 -- Site-to-Site Virtual Private Networks

"Route-Based Site-to-Site VPN, AutoKey IKE" Example
"Route-Based Site-to-Site VPN, Dynamic Peer" Example
"Route-Based Site-to-Site VPN, Manual Key" Example
"Setting AutoKey IKE Peer with FQDN" Example
"VPN Sites with Overlapping Addresses" Example ScreenOS 5.4:

ScreenOS 6.0:

May 03, 2009 | Juniper Networks (SSG-20-SH-WW)...

1 Answer

How to routing router static ip address and local

Use the Sonicwall configuration wizard..

Please find below is to configure what ever you want.

Setup Wizard - This wizard will help you quickly configure the SonicWALL to secure your Internet connection. Once completed, you can use the SonicWALL Web Management Interface for additional configuration.

Registration & License Wizard - This wizard will help you register you and your firewall with and obtain licenses for additional Security Services features.

PortShield Interface Wizard - Segment and configure the integrated managed LAN switch of the SonicWALL.

Public Server Wizard - Quickly configure your SonicWALL to provide public access to an internal server.

VPN Wizard - Create a new site-to-site VPN Policy or configure the WAN GroupVPN to accept connections from the SonicWALL Global VPN Client

Apr 22, 2009 | SonicWALL TZ170 (01-ssc-5740) Firewall

1 Answer

ASA LAN failover Problem


The crossover cable should work fine for sure.

Best Regards,

Mar 17, 2009 | Nokia IP 350 Firewall

1 Answer

How to connect to my PIX 501 and use Windows Remote Desktop?

Here's a real simple problem to your remote access problems.
Go to:
Sign up for a free acct, download/install their free software on your Server.
Now go over to your laptop, login to your new logmein acct.
In the next page, you'll see your Server listed. Click on it - follow instructions to connect.
This will tunnel through whatever stuff you have on your network!
Trust me - esp. in your scenario, this is *by far* the *simplest remote connect you'll ever perform! And it just .... works! Everytime.


Mar 16, 2009 | Cisco PIX 501 Firewall

1 Answer

ASA5510 Active/Standby Not Working

This is a old post, have you received and answer yet?

If not, make sure the internal interfaces are connected to one another and both have links. The ASA needs to have a "heartbeat" signal that passes between the 2 devices and this seems to be what's failing.

Dec 15, 2008 | Cisco ASA 5510 Firewall

1 Answer

Cannot Access Internet from the DMZ

If there is proper policy in place then there wont be any issue.

if at all you need to access your DMZ from internet you need to configure VIP or MIP on the firewall and also a policy needs to be written to permit the traffic.

If you need more help you shall contact me.

Oct 10, 2008 | Juniper Networks SECURE SERVICES GATEWAY...

1 Answer

ASA 5510 sec - bun k9

Basic Commands pixfirewall(config)#hostname PIX !--- Naming the PIX is optional. PIX(config)#nameif ethernet2 fo security20 !--- Naming the interface is optional. It is recommended that you !--- hardcode the speed/duplex. PIX(config)#interface ethernet2 100full !--- Bring up the interface. PIX(config)#ip address fo !--- Assign an IP address. Failover Commands PIX(config)#failover ip address fo !--- IP address for the failover link. PIX(config)#failover lan unit primary !--- This unit is primary . PIX(config)#failover lan interface fo !--- The 'fo' interface is used for LAN failover. PIX(config)#failover lan key cisco !--- The Pre-shared key. PIX(config)#failover lan enable !--- Enables failover. PIX(config)#failover !--- Start the failover process. This message appears on the console:
LAN-based Failover: trying to contact peer failover_01.gifLAN-based Failover: Send hello msg and start failover monitoring

Nov 27, 2007 | Cisco ASA 5510 Firewall

Not finding what you are looking for?
Juniper Networks (SSG-5-SH-BT) Firewall Logo

Related Topics:

432 people viewed this question

Ask a Question

Usually answered in minutes!

Top Juniper Networks Network Security & Firewall Devices Experts


Level 2 Expert

567 Answers

john smith

Level 2 Expert

366 Answers

Sudeep Chatterjee
Sudeep Chatterjee

Level 3 Expert

3267 Answers

Are you a Juniper Networks Network Security and Firewall Device Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides