ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Arzo
Contributor
Arzo
Posts: 160
Registered: ‎11-12-2007
0

SYN flood and Firewall Services

Options

‎10-23-2008 12:52 AM

Dears, i need to setup my firewall to protect from syn floods, i configured the following and i wanna make sure if its enough or need more, i configured my router as L2 with zones V1-Trust and V1-Untrust

 

 set zone "V1-Trust" screen syn-flood
set zone "V1-Trust" screen syn-frag
set zone "V1-Trust" screen syn-fin
set zone "V1-Trust" screen syn-ack-ack-proxy
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen syn-frag
set zone "V1-Untrust" screen syn-fin
set zone "V1-Untrust" screen syn-ack-ack-proxy

 

and another question

 

how can i enable AV and AS on the firewall

 

AV:                 Disable(0)
Anti-Spam:          Disable(0)

 

i have the trial keys and still not expired.

 

 

 

 

 

Tariq Morad
Message 1 of 8 (12,607 Views)
 
Reply
Trusted Expert
Trusted Expert
Kashif-rana
Posts: 416
Registered: ‎01-29-2008
0

Re: SYN flood and Firewall Services

Options

‎10-23-2008 10:28 PM

Hi

 

u can prevent from syn flood attack using screeing features of firewall as u configured. To enable AV and AS u have to configure policy from V1-untrust to V1-trust and in that policy u can enable AV and AS.

 

Thanks

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Message 2 of 8 (12,580 Views)
 
Reply
Arzo
Contributor
Arzo
Posts: 160
Registered: ‎11-12-2007
0

Re: SYN flood and Firewall Services

Options

‎10-24-2008 09:05 AM

thank you so much for your kind response, i know how to enable them in the policy, i have netscreen 204 but i cant see the AV and antispam tabs also in the configuration list on the left, i dont know why, maybe OS problem!! please advice
Tariq Morad
Message 3 of 8 (12,558 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SYN flood and Firewall Services

Options

‎10-25-2008 12:27 PM

What ScreenOS version and hardware platform do you have?

 

-Richard

Message 4 of 8 (12,528 Views)
 
Reply
Arzo
Contributor
Arzo
Posts: 160
Registered: ‎11-12-2007
0

Re: SYN flood and Firewall Services

Options

‎10-25-2008 11:01 PM

thank you rkim, version 5.4 and netscreen 204.

 

well.. i have another problem i hope you can help me with it, the 204 stopped working from the sync flood attacks, so i installed isg1000, it prevented the flood to reach the server, but anyone else stopped also from reaching it, is there any soloution to this.

 

 

Tariq Morad
Message 5 of 8 (12,515 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SYN flood and Firewall Services

Options

‎10-27-2008 10:32 PM

NetScreen 204 doesn't support AV or antispam. Hence there is no license key option for that.

 

Regarding your new problem, it is not clear to me from your description what your issue is. Can you please elaborate?

 

-Richard

Message 6 of 8 (12,479 Views)
 
Reply
Arzo
Contributor
Arzo
Posts: 160
Registered: ‎11-12-2007
0

Re: SYN flood and Firewall Services

Options

‎10-27-2008 11:56 PM

thank you richard, well there is some sending huge syn flood on the public ip for a customer of us, and the server which is mapped to that public IP is not reachable via anywhere, for now we stopped the 194.x.x.x subnet (which that attack is spoofing within that reange) with access-list on the gateway router to reach the firewall so other public subnets can reach except this one. the 204 didnt work out on the site, the cpu went totally high and it stopped all the traffic, so i installed ISG1000 which was ok but also the cpu is around 80%, i enabled all the screen options on the firewall and changed the threshold values trying to solve it but didnt work out, i found one last thing on the firewall which SYN COOKIE, we are trying it now but didnt got any feedback yet from the site. what do you advice please.
Tariq Morad
Message 7 of 8 (12,469 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SYN flood and Firewall Services

Options

‎10-28-2008 11:18 PM

I think you will find this Knowledgebase article of use.

 

http://kb.juniper.net/KB9453

 

This article refers to high CPU troubleshooting and what you can do to troubleshoot.

 

-Richard

Message 8 of 8 (12,446 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.