Clik here to view.
Tufin SecureTrack: Adding Devices
Since a few weeks I am using Tufin SecureTrack in my lab. A product which analyzes firewall policies about their usage and their changes by administrators (and much more). Therefore, the first step is...
View ArticleClik here to view.
Where to terminate Site-to-Site VPN Tunnels?
When using a multilayer firewall design it is not directly clear on which of these firewalls remote site-to-site VPNs should terminate. What must be considered in such scenarios? Differentiate between...
View ArticleClik here to view.
CLI Commands for Troubleshooting Juniper ScreenOS Firewalls
Yes I know, ScreenOS is “End of Everything” (EoE). However, for historical reasons I am still managing many Netscreen/ScreenOS firewalls for some customers. Similar to my troubleshooting CLI commands...
View ArticleClik here to view.
MRTG/Routers2: Template Juniper SSG
Finally, this is how I am monitoring my Juniper ScreenOS SSG firewalls with MRTG/Routers2. Beside the interfaces (that can be built with cfgmaker) I am using my template in order to monitor the CPU...
View ArticleClik here to view.
Juniper ScreenOS NAT Overview: MIP DIP VIP
MIP DIP VIP. I am sometimes confused with the NAT names of the Juniper ScreenOS devices. Therefore, I drew a small figure with a few basic examples for these NAT types. Note that this figure does not...
View ArticleClik here to view.
Juniper ScreenOS Initial Cleanup Config
I still like the Juniper ScreenOS firewalls such as the SSG 5 or the SSG 140. However, they are End of Everything (EoE) and not used at the customers anymore. But they still do their job in basic...
View ArticleClik here to view.
Juniper ScreenOS VPN Speedtests
Just for fun some more VPN throughput tests, this time for the late Juniper ScreenOS firewalls. I did the same Iperf TCP tests as in my labs for Fortinet and Palo Alto, while I was using six different...
View ArticleClik here to view.
Juniper ScreenOS IPv4 vs. IPv6 Throughput Tests
And finally the throughput comparison of IPv6 and legacy IP on a Juniper ScreenOS firewall. Nobody needs this anymore since they are all gone. ;) But since I did the same speedtests for Palo Alto and...
View ArticleClik here to view.
Generating SSHFP Records Remotely
Until now I generated all SSHFP resource records on the SSH destination server itself via [crayon-5ade4fa718c46198788404-i/]. This is quite easy when you already have an SSH connection to a standard...
View ArticleClik here to view.
Juniper ScreenOS NAT Overview: MIP DIP VIP
MIP DIP VIP. I am sometimes confused with the NAT names of the Juniper ScreenOS devices. Therefore, I drew a small figure with a few basic examples for these NAT types. Note that this figure does not...
View ArticleClik here to view.
IPsec Site-to-Site VPN FortiGate Juniper SSG
Here comes the step-by-step guide for building a site-to-site VPN between a FortiGate and a ScreenOS firewall. Not much to say. I am publishing several screenshots and CLI listings of both firewalls,...
View ArticleClik here to view.
Site-to-Site VPNs with Diffie-Hellman Groups 19 & 20 (Elliptic Curve)
Similar to my test with Diffie-Hellman group 14 shown here I tested a VPN connection with the elliptic curve Diffie-Hellman groups 19 and 20. The considerations why to use these DH groups are listed in...
View ArticleClik here to view.
Route- vs. Policy-Based VPN Tunnels
There are two methods of site-to-site VPN tunnels: route-based and policy-based. While some of you may already be familiar with this, some may have never heard of it. Some firewalls only implement one...
View ArticleClik here to view.
NTP Authentication at Juniper ScreenOS
Yes, ScreenOS is end-of-everything (EoE), but for historical reasons I still have some of them in my lab. ;D They simply work, while having lots of features when it comes to IPv6 such as DHCPv6-PD....
View ArticleClik here to view.
My IPv6/Routing/Cisco Lab Rack (2019)
My lab rack of 2019 consists of multiple Cisco routers and switches, as well as Juniper ScreenOS firewalls for routing purposes, a Palo Alto Networks firewall, a Juniper SRX firewall, a server for...
View ArticleClik here to view.
Juniper ScreenOS with a 6in4 Tunnel
Yes, I know I know, the Juniper ScreenOS devices are Out-of-Everything (OoE), but I am still using them for a couple of labs. They simply work as a router and VPN gateway as well as a port-based...
View Article