ScreenOS Firewalls (NOT SRX)
Reply
Visitor
WAMS
Posts: 7
Registered: ‎08-27-2009
0
Accepted Solution

SSG5 DNS

Hi All,

 

This is my 3rd site to site installation of SSG5s' working over VPN.  This time however, I've come across a bit of a problem with one of the units.  

 

Basically, the installation at the satellite office was not successful due to some sort of DNS problem with one of the routers in particular.  All of the interfaces are default ; ie 0/0 untrusted, 0/2-6 trusted.  I double checked that I had correct settings for gateway, DNS, etc but was unable to resolve any hostnames by FQDN.  What was odd though is I was able to ping by IP address, even resolve hostname with IP:80 in browser.  My feeling was that the router is defective so I flashed it with the latest stable firmware hoping that would resolve the problem.  The flashing was successful but after that I could not access the device through webui, so I attempted a reset with the pin - got the red light etc and it supposedly reset.  Now I cannot access the device at all.  

 

As a note, the unit that I setup at our home office took less than a minute to configure and is working great.  The only difference was that we have a dedicated DNS server here, as opposed to at our satellite office where I was hoping to use the SSG5 to handle DNS.

 

Any ideas? 

 

 

Distinguished Expert
Screenie
Posts: 1,080
Registered: ‎01-10-2008
0

Re: SSG5 DNS

If you want the ssg to handle the dns you'll have to configure dns proxy setting. use * for domain and resolve to an externaal dns server. Then enable dns proxy on bgroup0. Why the device is unreachable I can't tell from your info. Does things look well when you use the console ? (get sys get int etc)
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
WAMS
Posts: 7
Registered: ‎08-27-2009
0

Re: SSG5 DNS

Worked like a charm - thanks for your help.
Distinguished Expert
Screenie
Posts: 1,080
Registered: ‎01-10-2008
0

Re: SSG5 DNS

You're wellcome!
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.