Posts:

Offensive Security Hacking Tournament – How strong was my fu ?

Hi,

Over the last 2 days my friends from Corelan Team and I participated in a Hacking Tournament, organized by Offensive Security.  The primary goals of the tournament are :

  • be the first one to grab “secret” Read more
Read More

Juniper ScreenOS : Active/Passive clustering

Introduction

In this blog post, I’ll show the easy steps to set up a screenOS based active/passive cluster. I’m not going to discuss the configuration of active/active clusters because, in my opinion, this configuration is only needed in rare Read more

Read More

Juniper ScreenOS : default route manipulations and redistributions

The default route or “route of last resort” is an important route in most present inter-network connectivity configurations. It contains all public and private routes possible and is responsible for directing traffic to a next hop when no better Read more

Read More

Juniper ScreenOS : defeating iBGP full mesh requirement using route reflectors and confederations

As explained in one of my earlier posts, one of the requirements to successfully setup and operate an iBGP configuration is that all iBGP clients need to have a BGP connection to all other iBGP clients. (= full Read more

Read More

Juniper : Netscreen/ScreenOS to HTML (ns2html) + audit your firewall config (nipper)

A short while ago, I came across 2 really nice tools that will help

– visualizing screenos configs into html pages

– auditing firewall configs

 

Converting screenos to html

The first tool, called ns2html, was developed by Rodrigo Read more

Read More

Juniper Screenos : Redundant multi-exitpoint ISP routing failover using multiple vrouters, multiple OSPF areas and eBGP

Introduction

As you most likely already know, Juniper screenOS supports a couple of dynamic routing protocols (OSPF, BGP, RIP).  These protocols can be used to build very powerful and redundant networks,  however there are some screenos specific issues with Read more

Read More

Juniper : Netscreen Remote Dial-UP VPN with AD Radius Authentication and route based VPN / tunnel interface

The following procedure explains how to set up a Juniper ScreenOS based firewall to accept Netscreen Remote Client VPN connections and authenticate users using Active Directory (Radius via Windows 2003 IAS or Windows 2008 NPS). 

We’ll assume that all Read more

Read More

Windows XP L2TP over IPSec dialup client VPN to a Juniper ScreenOS firewall, using Certificates

Before looking at the various configuration steps, we’ll have to take the following assumptions into account :

– We don’t want to use the Netscreen Remote client, but we want to use the Windows XP built-in dialup VPN technology Read more

Read More

IPSec VPN between Windows Server 2008 and Juniper ScreenOS

In this blog post, I will show you how to set up a IPSec VPN tunnel between a Windows Server and a Juniper ScreenOS based firewall and route traffic between hosts that are located behind these 2 VPN gateways.

Read more

Read More

Juniper ScreenOS Admin authentication using Windows based IAS (Radius)

On popular request, this is a quick write-up on how to set up a Juniper screenOS firewall to use an external Radius server (I’ll use Windows IAS) to authenticate administrators and to let the Radius server to assign admin Read more

Read More