ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

SYN flood and Firewall Services

10.23.08   |  
‎10-23-2008 12:52 AM

Dears, i need to setup my firewall to protect from syn floods, i configured the following and i wanna make sure if its enough or need more, i configured my router as L2 with zones V1-Trust and V1-Untrust

 

 set zone "V1-Trust" screen syn-flood
set zone "V1-Trust" screen syn-frag
set zone "V1-Trust" screen syn-fin
set zone "V1-Trust" screen syn-ack-ack-proxy
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen syn-frag
set zone "V1-Untrust" screen syn-fin
set zone "V1-Untrust" screen syn-ack-ack-proxy

 

and another question

 

how can i enable AV and AS on the firewall

 

AV:                 Disable(0)
Anti-Spam:          Disable(0)

 

i have the trial keys and still not expired.

 

 

 

 

 

Tariq Morad
7 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: SYN flood and Firewall Services

10.23.08   |  
‎10-23-2008 10:28 PM

Hi

 

u can prevent from syn flood attack using screeing features of firewall as u configured. To enable AV and AS u have to configure policy from V1-untrust to V1-trust and in that policy u can enable AV and AS.

 

Thanks

Kashif Rana
JNCIE-SEC, JNCIE-ENT, JNCIE-SP, JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
ScreenOS Firewalls (NOT SRX)

Re: SYN flood and Firewall Services

10.24.08   |  
‎10-24-2008 09:05 AM
thank you so much for your kind response, i know how to enable them in the policy, i have netscreen 204 but i cant see the AV and antispam tabs also in the configuration list on the left, i dont know why, maybe OS problem!! please advice
Tariq Morad
ScreenOS Firewalls (NOT SRX)

Re: SYN flood and Firewall Services

10.25.08   |  
‎10-25-2008 12:27 PM

What ScreenOS version and hardware platform do you have?

 

-Richard

ScreenOS Firewalls (NOT SRX)

Re: SYN flood and Firewall Services

10.25.08   |  
‎10-25-2008 11:01 PM

thank you rkim, version 5.4 and netscreen 204.

 

well.. i have another problem i hope you can help me with it, the 204 stopped working from the sync flood attacks, so i installed isg1000, it prevented the flood to reach the server, but anyone else stopped also from reaching it, is there any soloution to this.

 

 

Tariq Morad
ScreenOS Firewalls (NOT SRX)

Re: SYN flood and Firewall Services

10.27.08   |  
‎10-27-2008 10:32 PM

NetScreen 204 doesn't support AV or antispam. Hence there is no license key option for that.

 

Regarding your new problem, it is not clear to me from your description what your issue is. Can you please elaborate?

 

-Richard

ScreenOS Firewalls (NOT SRX)

Re: SYN flood and Firewall Services

10.27.08   |  
‎10-27-2008 11:56 PM
thank you richard, well there is some sending huge syn flood on the public ip for a customer of us, and the server which is mapped to that public IP is not reachable via anywhere, for now we stopped the 194.x.x.x subnet (which that attack is spoofing within that reange) with access-list on the gateway router to reach the firewall so other public subnets can reach except this one. the 204 didnt work out on the site, the cpu went totally high and it stopped all the traffic, so i installed ISG1000 which was ok but also the cpu is around 80%, i enabled all the screen options on the firewall and changed the threshold values trying to solve it but didnt work out, i found one last thing on the firewall which SYN COOKIE, we are trying it now but didnt got any feedback yet from the site. what do you advice please.
Tariq Morad
ScreenOS Firewalls (NOT SRX)

Re: SYN flood and Firewall Services

10.28.08   |  
‎10-28-2008 11:18 PM

I think you will find this Knowledgebase article of use.

 

http://kb.juniper.net/KB9453

 

This article refers to high CPU troubleshooting and what you can do to troubleshoot.

 

-Richard