Solved

Juniper Netscreen 1000 Firewall Configuration

Posted on 2011-09-14
14
606 Views
Last Modified: 2012-05-12
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen syn-fin
set zone "Untrust" screen fin-no-ack
set zone untrust screen alarm-without-drop
set zone untrust screen ip-spoofing

I have the above security commands in my Juniper Netscreen 1000 Firewall.
I would lik to setup mail alerts in case if any of the above security violation occurs,
Let me know if this is possible. If possible how should i setup the mail alerts if any of the above security violation occurs.
0
Comment
Question by:SrikantRajeev
  • 9
  • 5
14 Comments
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36537731
can i have some answers
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36540880
Have a look at link below:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB4755

See if this helps you achieve what you wish.

Thank you.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36586286
i have gone through the link.
It has the field to specify the e-mail ID to which the alert mail will be sent.
But what will be the sender e-mail ID for this.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36586428
Also I would like to check should i need to include any ACL or by the configurations mentioned in the link the mail alerts will be sent to the mail servers
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36594339
By default, all email alerts are sent with source identity of netscreen@[a.b.c.d], where a.b.c.d represents the IP address of the NetScreen.
To force the email alerts to be sent with an email address fqdn, domain name needs to be configured on the NetScreen, please see KB article below:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB6182

There is no need of a policy for sending out email alerts.

Please let know if you need more details.

Thank you.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36595819
Thanks
How can i define the subject of the e-mail or what is the default subject line
Is there any way we can define the subject line
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36600249
I do not think the subject of the email can be configured; please use default subject as sent by firewall.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36600870
ok let me try
but is it sure that i dont need to define any separate ACL to allow the alert mail to generate & hit the exchange server
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36914724
but is it sure that i dont need to define any separate ACL to allow the alert mail to generate & hit the exchange server
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 36918105
You do not need any policy; have you configured; is it not working.
If you have another device between your network and juniper firewall then I cannot comment.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 36928995
thanks
i will be trying it by next week.
Will check it out if it is working fine or not.
0
 
LVL 1

Author Comment

by:SrikantRajeev
ID: 37042969
I have configured the alerting mechanism.
Is there any way i can test the mail from these firewalls
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 37048882
Send traffic that triggers the alert and you can test.
0
 
LVL 1

Author Closing Comment

by:SrikantRajeev
ID: 37139501
Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question