Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

specify a range of addresses in SSG140 (Screen OS 6.0.0r5.0 (Firewall+VPN))

Posted on 2008-06-23
7
Medium Priority
?
728 Views
Last Modified: 2012-05-05
I want to have a policy defined for a range of IP address (192.168.0.1-192.168.0.99 and 192.168.2.41-192.168.2.99) in SSG140, from trust -untrust. Bu the problem is that I am not able to define these range of IPs in Policy > Policy Elements > Addresses > List. I am able to define a single IP or a domain name. Can any one tell me how to do it (from web not CLI)

0
Comment
Question by:Zacharia Kurian
  • 4
  • 3
7 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 1000 total points
ID: 21864996
I do not think what you wish to do is possible; you can define either a single IP [add all of them one-by-one really a bad solution] or IP/subnet [you would need to make sure that the subnet is big enough to cover all the IP addresses and there is no overlap] and then use the address object or address object group in the policy.

Other option is to create a policy based routing and in an access list add wildcard which would take care of the IP address you wish to put.
Currently you cannot put the wildcard in a policy, it has to be through a policy based routing [configured in virtual router, along with extended access list, action and match groups, policy and policy binding].

Please let know if you need more details.

Thank you.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22210609
After contacting the juniper, I am convinced that I can not assign a range of IPS. So I would like to close this question
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22211189
Sorry that the device currently does not support what you wish to implement in an easy way.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22708781
I have already posted my answer which I got from the Juniper and I requested to close it
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22709085
I think the solution is what I had suggested as well, comment ID: 21864996.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22709607
When I requested to close this question in event  -ID: 22210609, no objection was raised. so how come now? Recently Junipe mentioned that they are working on the problem I mentioned (they consider it as a needed feature in the coming screen OS versions). So where am I?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22709740
In my comment I had mentioned "I do not think what you wish to do is possible" and then also possible workarounds for the problem.

So, I think a solution which was technically correct was offered for the problem; don't think that this question should be deleted.

Thank you.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question