Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  HELP THE NOOB

    Posted 02-11-2016 08:47

    I am new to firewalls; I have mostly been a layer 2 switch/router technician until now. I am now on a firewall team and one of the firewalls I am struggling with is a Juniper SSG 520M. The first fail was looking at CBT Nuggets and online references for JunOS. I started reading reference materials for ScreenOS. I can't find simple tutorials/reference materials for ScreenOS or the web GUI...and they are not user friendly. Does anyone have some guidance to get me started? I will be posting frequently as this process goes along.

     

    The firewall I am dealing with is owned by a remote site. I have been given access and it says root in the web GUI, but I don't think I have full access through this new account. The site tech deleted the root account 'networkservice' and I had full access. I changed the user password and it took. 2 hours later it reverted back to before I made changes. The only thing I have been able to change under the new account under normal circumstances is the hostname.

     

    Thanks for your guidance.



  • 2.  RE: HELP THE NOOB
    Best Answer

    Posted 02-11-2016 09:22

    I would recommend starting with the Concepts and Examples guide.

     

    https://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_all.pdf

     

    As for the password issue, ScreenOS only allows one root user.  You can have multiple read/write users, but they do not have the same ability as the root user.  You cannot "remove" the root user, only change the username.  It sounds as though someone changed the root user to your user, then changed it back.



  • 3.  RE: HELP THE NOOB

    Posted 02-11-2016 11:29

    Is there a way to 'save' in the web gui?



  • 4.  RE: HELP THE NOOB

    Posted 02-11-2016 11:32

    WebUI automatically issues a save when you click "Apply" or "Ok" on a section.



  • 5.  RE: HELP THE NOOB

    Posted 02-11-2016 13:43

    Ok, I have root account. I have made a couple changes and they stuck. Now, we have an issue setting TACACS as the primary authentication account. I see in the guide that TACACS is allowed, but the device will not let me set TACACS as the primary or Web authentication device.



  • 6.  RE: HELP THE NOOB

    Posted 02-14-2016 15:56

    I have a YouTube playlist that is an introductory course for ScreenOS.

     

    Configuring ScreenOS Firewalls

     

    https://www.youtube.com/playlist?list=PL9B6F69E0FE662EB0



  • 7.  RE: HELP THE NOOB

    Posted 02-23-2016 10:49

    Steve, I just found your videos on YouTube. I am on the third one. We have two of the ScreenOS ones we are trying to deal with....ugh...

     

    Thank you for your guidance!

    Kirk