Solved

Netscreen 5XP: Allowing Ping Request only from internal and known IP addresses

Posted on 2006-06-16
8
651 Views
Last Modified: 2012-05-05
I would like to configure Netscreen firewall so that it allows the ping request to be made only from internal and few other IP addresses. Please let me know if this can be done.

-Nauman.
0
Comment
Question by:nauman_ahmed
  • 5
  • 2
8 Comments
 
LVL 9

Expert Comment

by:jabiii
ID: 16922666
Just create a policy. allowing ping from ping from ping_group to any.
0
 
LVL 9

Expert Comment

by:jabiii
ID: 16922669
after re-reading you mean through the NS not to right?
0
 
LVL 25

Author Comment

by:nauman_ahmed
ID: 16922739
I want to enable ping only from the network where netscreen firewall is and from my office location but not from anywhere else.

-Nauman.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 16923047
As stated by Jabii, create a policy from trust to untrust with the ping-group, allowing all.

Cheers,
Rajesh
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 9

Accepted Solution

by:
jabiii earned 500 total points
ID: 16923362
set address "(Interface)" "Office_Location" 1.1.1.1 255.255.255.255 "Office_Location"
set address "(Interface)" "Office_Location2" 1.1.1.1 255.255.255.255 "Office_Location2"
Set address "(Interface)" "Office_Network" 2.2.2.0 255.255.255.0 "Office_Network"

set group address "(Interface) "GRP: Office_Location"
set group address "(Interface)" "GRP: Office_Location" add "Office_Location"
set group address "(Interface)" "GRP: Office_Location" add "Office_Location2"

set policy id 1 from "(Interface)" to "(Interface)"  "Office_Location" "Any" "PING" permit log
set policy id 2 from "(Interface)" to "(Interface)"  "Office_Network" "Any" "PING" permit log
set policy id 3 from "(Interface)" to "(Interface)"  "GRP: Office_Location" "Any" "PING" permit log


You can also make ping a member of a service group with other ports allowed too. But these examples should get yo going.
0
 
LVL 9

Expert Comment

by:jabiii
ID: 16923365
woops with the exception office location2 should be 1.1.1.2 sorry :P
0
 
LVL 9

Expert Comment

by:jabiii
ID: 16995685
Tx :)
0
 
LVL 25

Author Comment

by:nauman_ahmed
ID: 17027029
jabiii,

Thanks for your answer. I have a question if you can help. We have Netscreen 5XP and after upgrading Windows 2003 server, we are facing issues where Windows 2003 Network card connected to WAN stop responding time to time. Upon reset it starts working again and is pingable from outside. I have removed SP1 and did not experience any issues after that. The MS KB article where this is described is http://support.microsoft.com/kb/899148/. Should I get a new netscreen firewall or just upgrade NS5XP OS to 5.X.X from 4.X.X?

Much thanks,
Nauman.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now