Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

specify a range of addresses in SSG140 (Screen OS 6.0.0r5.0 (Firewall+VPN))

Posted on 2008-06-23
7
Medium Priority
?
729 Views
Last Modified: 2012-05-05
I want to have a policy defined for a range of IP address (192.168.0.1-192.168.0.99 and 192.168.2.41-192.168.2.99) in SSG140, from trust -untrust. Bu the problem is that I am not able to define these range of IPs in Policy > Policy Elements > Addresses > List. I am able to define a single IP or a domain name. Can any one tell me how to do it (from web not CLI)

0
Comment
Question by:Zacharia Kurian
  • 4
  • 3
7 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 1000 total points
ID: 21864996
I do not think what you wish to do is possible; you can define either a single IP [add all of them one-by-one really a bad solution] or IP/subnet [you would need to make sure that the subnet is big enough to cover all the IP addresses and there is no overlap] and then use the address object or address object group in the policy.

Other option is to create a policy based routing and in an access list add wildcard which would take care of the IP address you wish to put.
Currently you cannot put the wildcard in a policy, it has to be through a policy based routing [configured in virtual router, along with extended access list, action and match groups, policy and policy binding].

Please let know if you need more details.

Thank you.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22210609
After contacting the juniper, I am convinced that I can not assign a range of IPS. So I would like to close this question
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22211189
Sorry that the device currently does not support what you wish to implement in an easy way.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22708781
I have already posted my answer which I got from the Juniper and I requested to close it
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22709085
I think the solution is what I had suggested as well, comment ID: 21864996.
0
 
LVL 9

Author Comment

by:Zacharia Kurian
ID: 22709607
When I requested to close this question in event  -ID: 22210609, no objection was raised. so how come now? Recently Junipe mentioned that they are working on the problem I mentioned (they consider it as a needed feature in the coming screen OS versions). So where am I?
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22709740
In my comment I had mentioned "I do not think what you wish to do is possible" and then also possible workarounds for the problem.

So, I think a solution which was technically correct was offered for the problem; don't think that this question should be deleted.

Thank you.
0

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question