Juniper SSG520 network

Posted on 2011-10-22
Last Modified: 2012-08-13
I have a new juniper ssg520 and my network topology as given below.

Is it possible to program juniper as transparent mode and watch / keep just the selected ip addresses not all of them ?

for ex. i have 10 c class ip address and i just want to activate syn protection for 5 - 10 single ip address
Question by:3XLcom
    LVL 67

    Expert Comment

    SSG 520 as L2 "Router"? What a waste of resources ...
    SYN Protection is part of the Screening options, and those are appliable only to zones, not IP addresses. And since an Interface can only belong to a single zone, you need to use different interfaces then. You do not need physical interfaces, subinterfaces (loopback) work fine with it.

    Author Comment

    What do you mean with zones ;
    I am sorry i am newbee on juniper. so should i create zone with creating a vlan on cisco or juniper ?

    or what should i do more  ? i do not want to make the device busy for unnecessary ip addresses that does not get any attack ?
    LVL 67

    Accepted Solution

    Screening (usually) doesn't require that much resources, at least if the "unprotected" traffic isn't overly much. I would not care about that, and put SYN protection on onto your DMZ or Trust zone, whereever those machines are connected to.
    Zones are groups build from at least one interface. Firewalling only is applied to packets crossing zones. Usually you have the Untrust zone ("outside", insecure) and Trust zone ("inside", LAN, secure).

    Author Closing Comment

    Thank you please check oiut my other juniper questions also

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now