Netscreen 5XP: Allowing Ping Request only from internal and known IP addresses

I would like to configure Netscreen firewall so that it allows the ping request to be made only from internal and few other IP addresses. Please let me know if this can be done.

-Nauman.
LVL 25
nauman_ahmedAsked:
Who is Participating?
 
jabiiiConnect With a Mentor Commented:
set address "(Interface)" "Office_Location" 1.1.1.1 255.255.255.255 "Office_Location"
set address "(Interface)" "Office_Location2" 1.1.1.1 255.255.255.255 "Office_Location2"
Set address "(Interface)" "Office_Network" 2.2.2.0 255.255.255.0 "Office_Network"

set group address "(Interface) "GRP: Office_Location"
set group address "(Interface)" "GRP: Office_Location" add "Office_Location"
set group address "(Interface)" "GRP: Office_Location" add "Office_Location2"

set policy id 1 from "(Interface)" to "(Interface)"  "Office_Location" "Any" "PING" permit log
set policy id 2 from "(Interface)" to "(Interface)"  "Office_Network" "Any" "PING" permit log
set policy id 3 from "(Interface)" to "(Interface)"  "GRP: Office_Location" "Any" "PING" permit log


You can also make ping a member of a service group with other ports allowed too. But these examples should get yo going.
0
 
jabiiiCommented:
Just create a policy. allowing ping from ping from ping_group to any.
0
 
jabiiiCommented:
after re-reading you mean through the NS not to right?
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
nauman_ahmedAuthor Commented:
I want to enable ping only from the network where netscreen firewall is and from my office location but not from anywhere else.

-Nauman.
0
 
rsivanandanCommented:
As stated by Jabii, create a policy from trust to untrust with the ping-group, allowing all.

Cheers,
Rajesh
0
 
jabiiiCommented:
woops with the exception office location2 should be 1.1.1.2 sorry :P
0
 
jabiiiCommented:
Tx :)
0
 
nauman_ahmedAuthor Commented:
jabiii,

Thanks for your answer. I have a question if you can help. We have Netscreen 5XP and after upgrading Windows 2003 server, we are facing issues where Windows 2003 Network card connected to WAN stop responding time to time. Upon reset it starts working again and is pingable from outside. I have removed SP1 and did not experience any issues after that. The MS KB article where this is described is http://support.microsoft.com/kb/899148/. Should I get a new netscreen firewall or just upgrade NS5XP OS to 5.X.X from 4.X.X?

Much thanks,
Nauman.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.