Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Netscreen 5XP - connection drop? - how to check

    Posted 07-17-2008 07:55

    Hi all I do have small propblem.

    I do have netscreen 5XP as firewall. Behind there is an Exhcange server as emial server. 1 guy (from other country) can not connect to exchange). I have checked pings, traceroute, nslookups and other tools. As a test i have created FTP on my machine and allowed traffic from outside. He can connect to other (public) IP addresses but not that one? How can i check/debug some more info. Is there any command for check https traffic? I always manage firewall via web gui so command lineis a bit of mistery (Cisco is known but Screeen OS no)



  • 2.  RE: Netscreen 5XP - connection drop? - how to check

    Posted 07-17-2008 15:02

    Can you put a sniffer on your line between the 5XP and the ISP router? You can do this by installing a hub (not a switch) inbetween the two and also plugging in another PC with Wireshark software. You can also run snoop on the 5XP itself, though external sniffer is better.

     

    The idea is to determine if in fact the one user is even reaching your firewall. Can also have that user use traceroute to confirm his path. If he is not even reaching the firewall then the problem is outside of your network. 

     

    Hope this helps.

    -Richard



  • 3.  RE: Netscreen 5XP - connection drop? - how to check
    Best Answer

    Posted 07-18-2008 15:56

    There's debug & snoop on the box.

    debug
    http://kb.juniper.net/KB5536
    snoop
    http://kb.juniper.net/KB5411