[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Juniper SSG520 network

Posted on 2011-10-22
4
Medium Priority
?
785 Views
Last Modified: 2012-08-13
I have a new juniper ssg520 and my network topology as given below.

Is it possible to program juniper as transparent mode and watch / keep just the selected ip addresses not all of them ?

for ex. i have 10 c class ip address and i just want to activate syn protection for 5 - 10 single ip address
juniper.png
0
Comment
Question by:3XLcom
  • 2
  • 2
4 Comments
 
LVL 71

Expert Comment

by:Qlemo
ID: 37011040
SSG 520 as L2 "Router"? What a waste of resources ...
SYN Protection is part of the Screening options, and those are appliable only to zones, not IP addresses. And since an Interface can only belong to a single zone, you need to use different interfaces then. You do not need physical interfaces, subinterfaces (loopback) work fine with it.
0
 

Author Comment

by:3XLcom
ID: 37011048
What do you mean with zones ;
I am sorry i am newbee on juniper. so should i create zone with creating a vlan on cisco or juniper ?

or what should i do more  ? i do not want to make the device busy for unnecessary ip addresses that does not get any attack ?
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 37011150
Screening (usually) doesn't require that much resources, at least if the "unprotected" traffic isn't overly much. I would not care about that, and put SYN protection on onto your DMZ or Trust zone, whereever those machines are connected to.
Zones are groups build from at least one interface. Firewalling only is applied to packets crossing zones. Usually you have the Untrust zone ("outside", insecure) and Trust zone ("inside", LAN, secure).
0
 

Author Closing Comment

by:3XLcom
ID: 37037744
Thank you please check oiut my other juniper questions also
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question