Solved

specify a range of addresses in SSG140 (Screen OS 6.0.0r5.0 (Firewall+VPN))

Posted on 2008-06-23
7
701 Views
Last Modified: 2012-05-05
I want to have a policy defined for a range of IP address (192.168.0.1-192.168.0.99 and 192.168.2.41-192.168.2.99) in SSG140, from trust -untrust. Bu the problem is that I am not able to define these range of IPs in Policy > Policy Elements > Addresses > List. I am able to define a single IP or a domain name. Can any one tell me how to do it (from web not CLI)

0
Comment
Question by:Zacharia Kurian
  • 4
  • 3
7 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 250 total points
ID: 21864996
I do not think what you wish to do is possible; you can define either a single IP [add all of them one-by-one really a bad solution] or IP/subnet [you would need to make sure that the subnet is big enough to cover all the IP addresses and there is no overlap] and then use the address object or address object group in the policy.

Other option is to create a policy based routing and in an access list add wildcard which would take care of the IP address you wish to put.
Currently you cannot put the wildcard in a policy, it has to be through a policy based routing [configured in virtual router, along with extended access list, action and match groups, policy and policy binding].

Please let know if you need more details.

Thank you.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22210609
After contacting the juniper, I am convinced that I can not assign a range of IPS. So I would like to close this question
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22211189
Sorry that the device currently does not support what you wish to implement in an easy way.
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22708781
I have already posted my answer which I got from the Juniper and I requested to close it
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22709085
I think the solution is what I had suggested as well, comment ID: 21864996.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22709607
When I requested to close this question in event  -ID: 22210609, no objection was raised. so how come now? Recently Junipe mentioned that they are working on the problem I mentioned (they consider it as a needed feature in the coming screen OS versions). So where am I?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22709740
In my comment I had mentioned "I do not think what you wish to do is possible" and then also possible workarounds for the problem.

So, I think a solution which was technically correct was offered for the problem; don't think that this question should be deleted.

Thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are some basic methods for preventing attacks on, hacking of and unauthorized access to a network -- maybe not completely, but up to a certain level. Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway…
Read about achieving the basic levels of HRIS security in the workplace.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now