Question about Juniper Networks (SSG-5-SH-BT) Firewall

2 Answers

Policy-based VPN over vrrp

Twoo SSG-5 firewalls are used with VRRP for failover, is it possible to get a policy-based VPN over these VRRP solution?

Posted by on

Ad

2 Answers

  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

Hi krisva2,

If any of the articles show just the Juniper logo and menu bar you will need to shutoff your ad blocker.


Is Virtual Router Redundancy Protocol (VRRP) supported on Juniper firewalls? (KB ID: KB10892)
http://kb.juniper.net/kb/documents/public/resolution_path/J_FW_VPN_Config_or_Trblsh.htm


This is probably what is going on with your setup but without more information I could not be 100% sure.
Established sessions need to re-establish when the VPN Redundant Gateway fail-over occurs (KB ID: KB6372)


Enjoy!

Posted on May 25, 2008

  • Maung Tan Dec 15, 2011

    it is possible . just you think that about policy base vpn . you no need think vrrp . In vrrp there is will be 3 ip . you just pickup only 1 ip and do policy base vpn.
    Thanks
    Maung Tan

×

Ad
  • Level 1:

    An expert who has achieved level 1.

  • Contributor
  • 1 Answer

I have problem with μtorrent.problem with some firewall or router in the port 24553 and ip 87.202.157.547. what am i do to fix this problem. give me a solution please.....

Posted on Oct 14, 2008

Ad

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi there,
Save hours of searching online or wasting money on unnecessary repairs by talking to a 6YA Expert who can help you resolve this issue over the phone in a minute or two.

Best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.

Here's a link to this great service

Good luck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

What Web-based Management Features Do Switches Excluding the S1700 Support?


Table 1 lists the web-based management features supported by S series switches.
Table 1 Web-based management features supported by switches Category
Function System management Upgrade, patch loading, PoE, DNS, stacking, viewing log files, and setting the system time, SNMP parameters, and EasyDeploy parameters
NOTE: Switches in V200R002 and later versions support SNMP and EasyDeploy parameter configuration. Interface management Viewing/configuring basic interface attributes and viewing statistics on an interface Service management VLAN, MAC address, STP, voice VLAN, DHCP, ARP, VRRP, and IGMP snooping ACL management Creating/modifying/deleting ACL rules and effective periods QoS Priority mapping, traffic policy, rate limit on an interface, traffic shaping, and congestion management Route management Viewing IPv4 routes, configuring static routes, and setting the preference of static routes Security management Port isolation, static user binding, AAA, 802.1x authentication, and MAC address authentication Tools Ping, Tracert, and VCT S2300 Switch Thunder link com

Feb 09, 2017 | The Computers & Internet

1 Answer

What features does IP Lite bring to the WS-C2960XR-24TS-I?


IP Lite introduced enterprise access Layer 3 features to the Cisco WS-C2960XR-24TS-I. IP Lite is subset of IP Base features. Some of the IP Lite features are:
Routing Information Protocol (RIP) v1
Routing Information Protocol (RIP) v2
Open Shortest Path First (OSPF) v2 Routed Access
Open Shortest Path First (OSPF) v3 Routed Access
Enhanced Interior Gateway Routing Protocol (EIGRP) stub
Equal-cost routing
Hot Standby Router Protocol (HSRP)
Protocol Independent Multicast PIM (Sparse Mode, Dense Mode, Sparse Dense Mode, Source Specific Multicast) stub
Virtual Router Redundancy Protocol (VRRP) for IPv4
Private VLAN
IPv6 First Hop Security source guard
Per-VLAN and per-port policers

http://www.3anetwork.com/cisco-ws-c2960xr-24ts-i-price_p1874.html

Apr 17, 2015 | Cisco Computers & Internet

1 Answer

Https://www.facebook.com blocking in the juniper firewall (ssg350m)


MOSTLY its cause the bocking is not proper or its weak to handle the network properties...

Jun 25, 2012 | Gateway JUNIPER FIREWALL VPN SSG350M...

1 Answer

Sonicwall client won't connect to the internet


The default VPN policy rules prevent LAN access, also known as split-tunneling, since this creates a security risk (the ability of the VPN session to be hijacked or compromised through a covert channel).

If you are not the system admin, you need to talk to your system admin. If you are the system admin, then you need to review the documentation with respect to

http://www.sonicwall.com/us/support/kb.asp?kbsk=policy+allow+lan

Oct 07, 2009 | Sonicwall PRO 3060 NFR (01-ssc-5378)...

1 Answer

VPN tunnel establish using FQDN for remote end point address


Yes you can do as you expect.
ScreenOS Concepts & Examples ScreenOS Reference Guide, Volume 5: Virtual Private Networks Chapter 4 -- Site-to-Site Virtual Private Networks

"Route-Based Site-to-Site VPN, AutoKey IKE" Example
"Route-Based Site-to-Site VPN, Dynamic Peer" Example
"Route-Based Site-to-Site VPN, Manual Key" Example
"Setting AutoKey IKE Peer with FQDN" Example
"VPN Sites with Overlapping Addresses" Example ScreenOS 5.4: http://www.juniper.net/techpubs/software/screenos/screenos5.4.0/CE_v5.pdf

ScreenOS 6.0: http://www.juniper.net/techpubs/software/screenos/screenos6.0.0/CE_v5.pdf

May 03, 2009 | Juniper Networks (SSG-20-SH-WW)...

1 Answer

ASA LAN failover Problem


Hi,

The crossover cable should work fine for sure.

Best Regards,
TL

Mar 17, 2009 | Nokia IP 350 Firewall

1 Answer

Cannot Access Internet from the DMZ


If there is proper policy in place then there wont be any issue.

if at all you need to access your DMZ from internet you need to configure VIP or MIP on the firewall and also a policy needs to be written to permit the traffic.

If you need more help you shall contact me.

Oct 10, 2008 | Juniper Networks SECURE SERVICES GATEWAY...

1 Answer

ASA 5510 sec - bun k9


Basic Commands pixfirewall(config)#hostname PIX !--- Naming the PIX is optional. PIX(config)#nameif ethernet2 fo security20 !--- Naming the interface is optional. It is recommended that you !--- hardcode the speed/duplex. PIX(config)#interface ethernet2 100full !--- Bring up the interface. PIX(config)#ip address fo 192.168.1.1 255.255.255.0 !--- Assign an IP address. Failover Commands PIX(config)#failover ip address fo 192.168.1.2 !--- IP address for the failover link. PIX(config)#failover lan unit primary !--- This unit is primary . PIX(config)#failover lan interface fo !--- The 'fo' interface is used for LAN failover. PIX(config)#failover lan key cisco !--- The Pre-shared key. PIX(config)#failover lan enable !--- Enables failover. PIX(config)#failover !--- Start the failover process. This message appears on the console:
LAN-based Failover: trying to contact peer failover_01.gifLAN-based Failover: Send hello msg and start failover monitoring

Nov 27, 2007 | Cisco ASA 5510 Firewall

Not finding what you are looking for?
Juniper Networks (SSG-5-SH-BT) Firewall Logo

Related Topics:

446 people viewed this question

Ask a Question

Usually answered in minutes!

Top Juniper Networks Computers & Internet Experts

Les Dickinson
Les Dickinson

Level 3 Expert

18425 Answers

Alun Cox

Level 3 Expert

2678 Answers

David Payne
David Payne

Level 3 Expert

14162 Answers

Are you a Juniper Networks Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...