ScreenOS Firewalls (NOT SRX)
Reply
Visitor
kianwee77
Posts: 2
Registered: ‎09-21-2008
0

Open holes/ports for SSG firewall

[ Edited ]

Dear expert, how to check any open holes/ports for SSG firewall for vulnerabilities check? Thanks.

Any tool that accomplished this task?

Message Edited by kianwee77 on 10-17-2008 10:48 AM
flo
Contributor
flo
Posts: 10
Registered: ‎06-10-2008
0

Re: Open holes/ports for SSG firewall

Hi kianwee,

 

Nipper can parse your config file and check for security issues. It generates a report for further analysis. I'm not too sure if this is what you are looking for though.

 

Cheers,

flo

Visitor
bradpowell
Posts: 4
Registered: ‎03-31-2008
0

Re: Open holes/ports for SSG firewall

How about Nessus?
Trusted Contributor
Munpe_Q
Posts: 192
Registered: ‎10-02-2008
0

Re: Open holes/ports for SSG firewall

If you are trying to audit your firewall, Nipper is a really nice start.  If you are trying to test your firewall while in production + scan for vulnerabilities on your machines that are accessible, then start with eEye (http://www.eeye.com).  There are others as well, but it depends on what you are scanning for.  If you just want to do a port scan to see what is open, you can start with nmap or scanline [sl.exe], but make sure to do a slow scan because the firewall is pretty good about picking up on fast port scans and dropping those packets, which will result in a bad report.
-=Q
Visitor
kianwee77
Posts: 2
Registered: ‎09-21-2008
0

Re: Open holes/ports for SSG firewall

Thanks a lot guys. You guys solved my question. :smileywink:
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.