ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Arzo
Posts: 171
Registered: ‎11-12-2007
0

SYN flood and Firewall Services

Dears, i need to setup my firewall to protect from syn floods, i configured the following and i wanna make sure if its enough or need more, i configured my router as L2 with zones V1-Trust and V1-Untrust

 

 set zone "V1-Trust" screen syn-flood
set zone "V1-Trust" screen syn-frag
set zone "V1-Trust" screen syn-fin
set zone "V1-Trust" screen syn-ack-ack-proxy
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen syn-frag
set zone "V1-Untrust" screen syn-fin
set zone "V1-Untrust" screen syn-ack-ack-proxy

 

and another question

 

how can i enable AV and AS on the firewall

 

AV:                 Disable(0)
Anti-Spam:          Disable(0)

 

i have the trial keys and still not expired.

 

 

 

 

 

Tariq Morad
Trusted Expert
Kashif-rana
Posts: 417
Registered: ‎01-29-2008
0

Re: SYN flood and Firewall Services

Hi

 

u can prevent from syn flood attack using screeing features of firewall as u configured. To enable AV and AS u have to configure policy from V1-untrust to V1-trust and in that policy u can enable AV and AS.

 

Thanks

Kashif Rana
JNCIE-SEC, JNCIE-ENT, JNCIE-SP, JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Contributor
Arzo
Posts: 171
Registered: ‎11-12-2007
0

Re: SYN flood and Firewall Services

thank you so much for your kind response, i know how to enable them in the policy, i have netscreen 204 but i cant see the AV and antispam tabs also in the configuration list on the left, i dont know why, maybe OS problem!! please advice
Tariq Morad
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SYN flood and Firewall Services

What ScreenOS version and hardware platform do you have?

 

-Richard

Contributor
Arzo
Posts: 171
Registered: ‎11-12-2007
0

Re: SYN flood and Firewall Services

thank you rkim, version 5.4 and netscreen 204.

 

well.. i have another problem i hope you can help me with it, the 204 stopped working from the sync flood attacks, so i installed isg1000, it prevented the flood to reach the server, but anyone else stopped also from reaching it, is there any soloution to this.

 

 

Tariq Morad
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SYN flood and Firewall Services

NetScreen 204 doesn't support AV or antispam. Hence there is no license key option for that.

 

Regarding your new problem, it is not clear to me from your description what your issue is. Can you please elaborate?

 

-Richard

Contributor
Arzo
Posts: 171
Registered: ‎11-12-2007
0

Re: SYN flood and Firewall Services

thank you richard, well there is some sending huge syn flood on the public ip for a customer of us, and the server which is mapped to that public IP is not reachable via anywhere, for now we stopped the 194.x.x.x subnet (which that attack is spoofing within that reange) with access-list on the gateway router to reach the firewall so other public subnets can reach except this one. the 204 didnt work out on the site, the cpu went totally high and it stopped all the traffic, so i installed ISG1000 which was ok but also the cpu is around 80%, i enabled all the screen options on the firewall and changed the threshold values trying to solve it but didnt work out, i found one last thing on the firewall which SYN COOKIE, we are trying it now but didnt got any feedback yet from the site. what do you advice please.
Tariq Morad
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SYN flood and Firewall Services

I think you will find this Knowledgebase article of use.

 

http://kb.juniper.net/KB9453

 

This article refers to high CPU troubleshooting and what you can do to troubleshoot.

 

-Richard

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.