Solved

Juniper Netscreen 1000 Firewall Configuration

Posted on 2011-09-14
14
604 Views
Last Modified: 2012-05-12
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen syn-fin
set zone "Untrust" screen fin-no-ack
set zone untrust screen alarm-without-drop
set zone untrust screen ip-spoofing

I have the above security commands in my Juniper Netscreen 1000 Firewall.
I would lik to setup mail alerts in case if any of the above security violation occurs,
Let me know if this is possible. If possible how should i setup the mail alerts if any of the above security violation occurs.
0
Comment
Question by:SrikantRajeev
  • 9
  • 5
14 Comments
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36537731
can i have some answers
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36540880
Have a look at link below:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB4755

See if this helps you achieve what you wish.

Thank you.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36586286
i have gone through the link.
It has the field to specify the e-mail ID to which the alert mail will be sent.
But what will be the sender e-mail ID for this.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36586428
Also I would like to check should i need to include any ACL or by the configurations mentioned in the link the mail alerts will be sent to the mail servers
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36594339
By default, all email alerts are sent with source identity of netscreen@[a.b.c.d], where a.b.c.d represents the IP address of the NetScreen.
To force the email alerts to be sent with an email address fqdn, domain name needs to be configured on the NetScreen, please see KB article below:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB6182

There is no need of a policy for sending out email alerts.

Please let know if you need more details.

Thank you.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36595819
Thanks
How can i define the subject of the e-mail or what is the default subject line
Is there any way we can define the subject line
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36600249
I do not think the subject of the email can be configured; please use default subject as sent by firewall.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36600870
ok let me try
but is it sure that i dont need to define any separate ACL to allow the alert mail to generate & hit the exchange server
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36914724
but is it sure that i dont need to define any separate ACL to allow the alert mail to generate & hit the exchange server
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36918105
You do not need any policy; have you configured; is it not working.
If you have another device between your network and juniper firewall then I cannot comment.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36928995
thanks
i will be trying it by next week.
Will check it out if it is working fine or not.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 37042969
I have configured the alerting mechanism.
Is there any way i can test the mail from these firewalls
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 37048882
Send traffic that triggers the alert and you can test.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 37139501
Thanks
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Find VLAN ID's 6 39
ADFS internal and external users 6 168
Prevent DDOS attack 16 49
How often can a passive RFID be polled? 10 47
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now