Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Juniper Netscreen 1000 Firewall Configuration

Posted on 2011-09-14
14
607 Views
Last Modified: 2012-05-12
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen syn-fin
set zone "Untrust" screen fin-no-ack
set zone untrust screen alarm-without-drop
set zone untrust screen ip-spoofing

I have the above security commands in my Juniper Netscreen 1000 Firewall.
I would lik to setup mail alerts in case if any of the above security violation occurs,
Let me know if this is possible. If possible how should i setup the mail alerts if any of the above security violation occurs.
0
Comment
Question by:SrikantRajeev
  • 9
  • 5
14 Comments
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36537731
can i have some answers
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36540880
Have a look at link below:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB4755

See if this helps you achieve what you wish.

Thank you.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36586286
i have gone through the link.
It has the field to specify the e-mail ID to which the alert mail will be sent.
But what will be the sender e-mail ID for this.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36586428
Also I would like to check should i need to include any ACL or by the configurations mentioned in the link the mail alerts will be sent to the mail servers
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36594339
By default, all email alerts are sent with source identity of netscreen@[a.b.c.d], where a.b.c.d represents the IP address of the NetScreen.
To force the email alerts to be sent with an email address fqdn, domain name needs to be configured on the NetScreen, please see KB article below:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB6182

There is no need of a policy for sending out email alerts.

Please let know if you need more details.

Thank you.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36595819
Thanks
How can i define the subject of the e-mail or what is the default subject line
Is there any way we can define the subject line
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36600249
I do not think the subject of the email can be configured; please use default subject as sent by firewall.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36600870
ok let me try
but is it sure that i dont need to define any separate ACL to allow the alert mail to generate & hit the exchange server
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36914724
but is it sure that i dont need to define any separate ACL to allow the alert mail to generate & hit the exchange server
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36918105
You do not need any policy; have you configured; is it not working.
If you have another device between your network and juniper firewall then I cannot comment.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36928995
thanks
i will be trying it by next week.
Will check it out if it is working fine or not.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 37042969
I have configured the alerting mechanism.
Is there any way i can test the mail from these firewalls
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 37048882
Send traffic that triggers the alert and you can test.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 37139501
Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 173
Building small business network 4 90
Ms azure 2 35
Tagging ports on a managed switch 6 61
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question