Whaddya know how to Mapped IP network using Juniper/Netscreen Firewall?

When you manage a firewall in one office, you set it up, test and deploy. You will only change the firewall policy when you need to add ports allowing to enter know "network or traffic" to your private network, or update firewall policy for your new server application, etc. This is once in a blue moon configuration.

This is a different situation if you are managing a big network, changing firewall policies is a daily or week task.

For this article, I will provide a step by step procedure to complete this task. To setup a Mapped IP or some tech guys prefer to use NAT for network address translation.

Save your Firewall configuration:

Before you begin making changes to your existing Firewall policy, download a fresh backup of your configuration firewall policies. In a small network, you manage your Netscreen/Juniper Firewall using Internet Explorer, go to the Firewall box IP Address, for this example let us connect to 192.168.1.2.

Login to your Firewall using your admin account or use the default account "netscreen", and your password. Click on Login to continue.

Click on Configuration, Update, then Config File

In Current System Configuration: (Total size: 11000 bytes, you will your actual byte size here), click on Save to File.

File Download, click Save

Save it to your workstation drive or network drive for restore if needed.

Let's create the Object that you need for this setup:

Click on Objects

Address

In List, click on New to create a new network address.

For example:

Address Name: KING_NET

IP/Netmask: 200.10.2.1/24

Select zone: untrust

Click on OK to continue.

If you create a multiple networks e.g. KING_NET2 200.20.2.1/24, KING_NET3 200.30.2.1/24, and so on...

You can use the Groups object to include the network in one group to simplify the Firewall policy.

Let's now create a MAPPED IP or MIP or NAT:

Click on Network

Click on Interfaces, here you will see the name of ethernet1, ethernet2, ethernet3, ethernet4 or more depending on your firewall device. In this page, you will see the IP/Network assignment, Zone, Type Layer3, Link status (up or down) and configure.

You need to identify your internal network and public network. In your public network, click the Edit (configure), click MIP, click New to add.

Mapped IP: 200.10.2.100

Netmask: 255.255.255.255

Host IP Address: 192.168.1.100 ; this is the IP address of your server.

Host Virtual Router Name: trust-vr

Add this object to the Firewall Policy:

Click on Policies

From: Untrust, To: Trust, click New to add new policy

Source Address: ANY or specific network only

Destination Address: Your Mapped IP server

Service: Any or specific service only to protect your server (recommended)

Tunnel: optional for this example.

Logging: optional

Click on OK to save

The new firewall policy is successfully added to your device.

Now test your server if accessible from outside using the define networks and services.

For any question, please post here.

Have a safe computing environment.

Alternative Social Networks

If you are planning to create your social network e.g. similar to Facebook. Here's a short list of alternative software's: Open Source and Free http://buddypress.org/ - Wordpress (Open Source and Free) http://elgg.org/ - (Open Source and Free) Commercial Social Networks software http://www.socialengine.com/ ($299 Stand Alone, $29/mo Cloud) http://www.jomsocial.com/ (run with Joomla, need to know CMS) http://www.boonex.com/ (very expensive, $399 for Standard) http://www.anahitapolis.com/ http://www.oxwall.org/ http://sharetronix.com/ http://www.moosocial.com/ http://www.jcow.net/ http://phpdolphin.com http://www.grou.ps (from free to Commercial, I left my networks and they are selling it http://www.phpfox.com/ (I used this before, it's hard to maintain. I moved to NING but left too after it was sold to another company) http://www.ning.com (I don't recommend using this service, it's hard to export your data when it's time to move) S

Whaddya know more?

Learning Vulnerability Scanning by KING.NET

Learning Vulnerability Scanning is fun and easy. So I hope you enjoy reading this short how to guide on how to use vulnerability scanning to secure your servers and networks. NMAP is the swiss tool that you need to learn if you're serious in Cyber Security profession. The NMAP tool can be use with NSE scripting (Nmap Scripting Engine) to automate your tasks. For example using NSE Script using a single vulnerability (cold fusion) to scan our test lab machine. root@kali:~# nmap -v -p 80 --script http-vuln-cve2010-2861 10.11.1.220 Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-22 17:34 EDT NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. Initiating ARP Ping Scan at 17:34 Scanning 10.11.1.220 [1 port] Completed ARP Ping Scan at 17:34, 0.04s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 17:34 Completed Parallel DNS resolution of 1 host. at 17:35, 13.01s elapsed Initiating SYN Stealth Scan at 17:35 Scanning 10.11.1.220 [1 port] Comp

Whaddya know more?

Micah 3:4

Then shall they cry to the Lord, and he will not hear them: and he will hide his face from them at that time, as they have behaved wickedly in their devices. Micah 3:4 from Douay-Rheims Bible. https://Acknowledgement.com

Whaddya know more?

Whaddya.com

Search This Blog