Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Concepts & Examples ScreenOS Reference Guide Release 6.3.0, Rev. 01

    Posted 11-06-2010 12:18

    I have a Juniper SSG5. The Hardware version is 710(0) and Firmware Version is 6.2.0r5.0 (Firewall+VPN).

     

    Now I am reading the document "Concepts & Examples ScreenOS Reference Guide -- Virtual Private Networks --Release 6.3.0, Rev. 01"

     

    I find the options on the configuration example are not match to the SSG5. In other words, some of options mentioned in the example can not be found in the device.

     

    Which release of "Concepts & Examples ScreenOS Reference Guide -- Virtual Private Networks' matchs to my SSG5?

     

    Thanks!



  • 2.  RE: Concepts & Examples ScreenOS Reference Guide Release 6.3.0, Rev. 01
    Best Answer



  • 3.  RE: Concepts & Examples ScreenOS Reference Guide Release 6.3.0, Rev. 01

    Posted 11-06-2010 15:24

    You should consider updating your firewall to 6.2R7 which is the latest maintenance release for that version.

     

    You can find the current JTAC version recommendations and firmware downloads on the software downloads area.  Just select your model and then the version level.



  • 4.  RE: Concepts & Examples ScreenOS Reference Guide Release 6.3.0, Rev. 01

    Posted 11-07-2010 00:34

    Thanks for your answers.

     

    I am reading the section pasted below in this document. I know there are 2 devices to set up the VPN. One is the VPN server (Juniper SSG5 in my case) and another one is a VPN client (a phone in my case).

     

    In the example, is IP  10.10.5.44 the IP address of the VPN server/gateway (Juniper SSG5 in my case) or the IP of VPN client (a phone in my case)?

     

    Thanks!

     

    Requesting a Certificate Manually
    When you request a certificate, the security device generates a key pair. The public
    key becomes incorporated in the request itself and, eventually, in the digitally
    signed local certificate you receive from the CA.
    In the following example, the security administrator is making a certificate request
    for Michael Zhang in the Development department at Juniper Networks in
    Sunnyvale, California. The certificate is going to be used for a security device at IP
    address 10.10.5.44. The administrator instructs the security device to send the
    request through email to the security administrator at admin@juniper.net. The
    security administrator then copies and pastes the request in the certificate request
    text field at the CA’s certificate enrollment site. After the enrollment process is
    complete, the CA usually sends the certificates through email back to the security
    administrator.



  • 5.  RE: Concepts & Examples ScreenOS Reference Guide Release 6.3.0, Rev. 01

    Posted 11-07-2010 20:17

    Hi isup,

     

    It can be both if you configure the firewall to use certificate for authentication.

    The ip address in the example is referring to the device that will use the generated certificate.

     

    Hope this help.

     

    Cheers,

     

    Tim.