security {
nat {
source {
rule-set interface-nat {
from zone trust;
to zone untrust;
rule net_113_90_26_0 {
match {
source-address 113.90.26.0/24;
}
then {
source-nat {
interface;
}
}
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
tcp-rst;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
ping;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/1.0;
fe-0/0/2.0;
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
}
utm {
feature-profile {
web-filtering {
type surf-control-integrated;
surf-control-integrated {
profile junos-wf-cpa-default {
category {
social_Networking {
action block;
}
}
default block;
fallback-settings {
default block;
server-connectivity block;
timeout block;
too-many-requests block;
}
}
}
}
}
utm-policy custom-utm-policy {
web-filtering {
http-profile junos-wf-cpa-default;
}
}
}
}
Friday, September 3, 2010
Thursday, September 2, 2010
Sample JunOS Policy Based Routing
interfaces {
/* outgoing Interface */
ge-0/0/0 {
unit 0 {
family inet {
filter {
input ipvpn-net;
}
address 192.168.1.31/24;
}
}
}
sp-0/0/0 {
unit 0 {
family inet;
}
}
/* Incoming Interface */
ge-0/0/1 {
unit 0 {
family inet {
filter {
input ipvpn-net;
}
address 212.103.93.42/30;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.1.1.1/30;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 10.1.2.1/30;
}
}
}
}
routing-options {
interface-routes {
rib-group inet ipvpn;
}
static {
route 0.0.0.0/0 next-hop 192.168.1.1;
route 192.196.1.0/24 next-hop 212.103.93.41;
route 192.197.1.0/24 next-hop 212.103.93.41;
}
rib-groups {
ipvpn {
import-rib [ inet.0 ipvpn.inet.0 ];
}
}
}
firewall {
family inet {
filter ipvpn-net {
term 1 {
from {
source-address {
172.197.1.0/24;
}
}
then {
routing-instance ipvpn;
}
}
term 2 {
then accept;
}
}
}
}
routing-instances {
ipvpn {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 10.1.2.2;
}
}
}
}
Tuesday, March 30, 2010
Juniper JunOS Configuring Filter-Based Forwarding
Examples: Configuring Filter-Based Forwarding
Configure a filter to direct traffic to ISP1 or ISP2 based on source address matching:
family inet {
filter classify-customers {
term isp1-customers {
from {
source-address 10.1.1.0/24;
source-address 10.1.2.0/24;
}
then {
routing-instance isp1-route-table;
}
}
term isp2-customers {
from {
source-address 10.2.1.0/24;
source-address 10.2.2.0/24;
}
then {
routing-instance isp2-route-table;
}
}
term default {
then {
accept;
}
}
}
}
Juniper JunOS Configuring Policy-Based Routing
Examples: Configuring Policy-Based Routing
For some reasons you need to configure PBR on your Juniper.
Here the step by step how to configure this policy like route-map in Cisco Router.
The Scenario :
a)- Redirecting 192.168.100.0/24 to Provider B with IP Address : 192.168.224.2
b)- The rest of outgoing traffic stick on Provider A
c)- 192.168.100.0/24 located behind interface fe-0/2/2 (routed statically via 192.168.5.2 for e.g
Your directly connected via alias / secondary IP.
The Config Looks Like :
interfaces {
fe-0/2/2 {
description LAN;
unit 0 {
family inet {
filter {
input ROUTE-MAP-NET-100-0;
}
address 192.168.5.1/29;
}
}
}
routing-options {
interface-routes {
rib-group inet all-ribs;
}
rib-groups {
all-ribs {
import-rib [ inet.0 REDIRECT-100-0.inet.0 ];
}
}
firewall {
family inet {
filter ROUTE-MAP-NET-100-0 {
term 1 {
from {
source-address {
192.168.100.0/24;
}
}
then routing-instance REDIRECT-100-0;
}
term 2 {
then accept;
}
}
}
routing-instances {
REDIRECT-100-0 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.224.2;
}
}
}
}
The steps :
you@JunOS#(edit prompt)
you@JunOS#set routing-instances REDIRECT-100-0 instance-type forwarding
you@JunOS#set routing-instances REDIRECT-100-0 routing-options static route 0.0.0.0/0 next-hop 192.168.224.2
you@JunOS#commit
you@JunOS#set routing-options interface-routes rib-group inet all-ribs (just the name)
you@JunOS#set routing-options rib-groups all-ribs import rib [ inet.0 REDIRECT-100-0.inet.0 ]
(make sure REDIRECT-100-0 similar to your routing-instances name, unless it won’t work).
you@JunOS#commit
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 1 from source-address 192.168.100.0/24
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 1 then then routing-instance REDIRECT-100-0
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 2 then accept
you@JunOS#commit
you@JunOS#set interfaces fe-0/2/2 unit 0 family inet filter input ROUTE-MAP-NET-100-0
you@JunOS#commit
Monday, March 8, 2010
Perseverance
How did you react when you were not successful at the last things that you do? I bet you were down with disappointment for a day or two and then got ready for the next task. You did not quit. You eventually got the task accomplished.
Perseverance - a term for human endurance is key to achieving your goals/dreams. The road to accomplishing your goal will always be full of challenges and obstacles. To be able to navigate through them and come up on top you need to possess the ability to weather the storms as you go through life. Not giving up in the face of setbacks makes you tougher to face the next challenge.
Sometimes we get goal obsessed and in the process loose sight of the bigger picture. Persisting on a particular goal that is not worth pursuing only slows down your progress. Having a strategy to take stock and track progress will help you focus on the goals, plans or opportunities that are attainable.
If you persevere long enough and have a positive attitude you will be successful. No matter how slow things are moving, hang in there. If you can 'take it' you will succeed. You must have a burning desire to achieve your goals. Goal setting is just the beginning. It takes more than goal setting to achieve greatness. You need the concentration and focus to enable you go through the tough times. Commitment to what has been started is important.
To develop a burning desire you must plan and continually act to keep your dreams on course. That desire can be acquired and maintained through self-development. To persevere through to attain set objectives you have to train your mind. Achievement is a state of mind. Don’t allow your mind to play tricks on you–you own it! Sometimes the going gets tough to the point where you may want to give up. When you get to that point always remember that ‘Winners do not quit and quitters do not win.’ If you master perseverance you will accomplish your goals and own your life.
Persevering through the rough times gives us wisdom. Patience and perseverance have a magical affect before which difficulties disappear and obstacles vanish. In Islam, patience is the best and most valuable virtues in life. Allah is with those who are patient, more specifically during suffering. We as a Muslim faith believes that without a good spirit while enduring, the struggle will not bear its full reward, thus, Patiently persevering, striving and going forward, despite the difficulty, is the pinnacle of behavior during challenging times.
Perseverance - a term for human endurance is key to achieving your goals/dreams. The road to accomplishing your goal will always be full of challenges and obstacles. To be able to navigate through them and come up on top you need to possess the ability to weather the storms as you go through life. Not giving up in the face of setbacks makes you tougher to face the next challenge.
Sometimes we get goal obsessed and in the process loose sight of the bigger picture. Persisting on a particular goal that is not worth pursuing only slows down your progress. Having a strategy to take stock and track progress will help you focus on the goals, plans or opportunities that are attainable.
If you persevere long enough and have a positive attitude you will be successful. No matter how slow things are moving, hang in there. If you can 'take it' you will succeed. You must have a burning desire to achieve your goals. Goal setting is just the beginning. It takes more than goal setting to achieve greatness. You need the concentration and focus to enable you go through the tough times. Commitment to what has been started is important.
To develop a burning desire you must plan and continually act to keep your dreams on course. That desire can be acquired and maintained through self-development. To persevere through to attain set objectives you have to train your mind. Achievement is a state of mind. Don’t allow your mind to play tricks on you–you own it! Sometimes the going gets tough to the point where you may want to give up. When you get to that point always remember that ‘Winners do not quit and quitters do not win.’ If you master perseverance you will accomplish your goals and own your life.
Persevering through the rough times gives us wisdom. Patience and perseverance have a magical affect before which difficulties disappear and obstacles vanish. In Islam, patience is the best and most valuable virtues in life. Allah is with those who are patient, more specifically during suffering. We as a Muslim faith believes that without a good spirit while enduring, the struggle will not bear its full reward, thus, Patiently persevering, striving and going forward, despite the difficulty, is the pinnacle of behavior during challenging times.
Monday, March 1, 2010
SSG5 VPN SIte2Site LAN
Do you know how to configure VPN Tunneling LAN Site-to-site? use this configuration:-
Ssg5 VPN Lan-To-lan Tunnelling
Ssg5 VPN Lan-To-lan Tunnelling
Sunday, February 21, 2010
Networking: Bandwidth, Latency, Errors
There are 3 ways to measure "network quality": bandwidth, latency, and network errors.
Bandwidth: Raw transfer speed in bytes per second.
Latency: Elapsed time for a single byte to reach its destination.
Errors: Number of dropped or corrupted data packets.
Bandwidth: Raw transfer speed in bytes per second.
Latency: Elapsed time for a single byte to reach its destination.
Errors: Number of dropped or corrupted data packets.
Bandwidth, or throughput, describes how much data can be sent over the network, measured in bytes per second, such as downloading a large file. Network links are often described by bandwidth, from 28.8 baud modems to 100Mbit Ethernet.
Latency is time it takes, usually measured in milliseconds, for a single byte or packet to travel from one host to the other. The best way to measure this is sending a "ping" packet to a host, who immediately responds with a "pong". Divide the round trip time by two to calculate the average one-way latency. Where bandwidth describes how much data a link supports, latency measures how fast a given packet moves from point A to point B.
Finally, network communications are unreliable. Electrical interference can corrupt packet data, a busy router may drop packets, or a working link may suddenly fail and cut off parts of the network. Packets may also arrive safely, but out of order, by travelling different paths.
| It's convenient to examine these attributes using archery as a metaphor. A skilled archer may release many arrows quickly, even before previous arrows have hit the target, because a given arrow can only travel so fast. In this example, bandwidth is the time it takes the archer to empty his quiver. Latency is the measurable (but short) time an arrow is airborne. Obviously, network errors are just arrows that miss the target. |
Most network applications are concerned with transferring large amounts of data, such as web pages or email. Unused bandwidth is wasted, but flooding a slow link with too much data can impact network performance for everyone on the wire. For this reason, most network software and hardware is optimized for throughput -- even at the cost of latency.
For example, analog modems have relatively little bandwidth and rely on compression to squeeze more data over the link. To work well, compression requires enough data to find and reduce patterns, so the modem may "hold" onto outgoing data (for up to 50ms) until there is enough to compress effectively. While this improves overall bandwidth, the latency for a given packet is much higher.
In arcade and real-time strategy games, latency is the enemy, because faster communication more important than sending alot of data. When a player looks at his radar or shoots at his enemy, he wants instantaneous response. On a single machine, these updates are performed quickly (on the order of a few microseconds). Between two or more machines, however, the communication depends on the network connecting them (on the order of tenths of second).
Network games use common tricks to hide delays caused by latency, such as reducing how much data is sent or reducing the number of hosts that rely on that data. Dead reckoning uses basic physics to predict the path of of an object in motion over a short period of time; the host only transmits a new position and velocity to its peers when the momentum changes, due to collision or course correction. Similarly, a player doesn't need to know every detail about players on the other side of the world -- so he only receives status updates about nearby players.
Network errors, unfortunately, are the biggest cause of poor performance. A reliable protocol must hold onto outgoing data until it knows the other side has received it, because packets may be dropped or corrupted. Incoming packets must be examined so that data is received correctly and in order. If a packet doesn't arrive in a reasonable timeframe, it must be retransmitted. On the other hand, resending a lost packet uses more bandwidth and doubles its latency.
The following chart illustrates some typical network connections and how they contribute to the network "quality":
| | Bandwidth | Latency (one way) | Errors |
| 28.8 Analog Modem | 3.0 KB/Sec | 120 ms | moderate |
| 28.8 No Compression | 2.0 KB/Sec | 70 ms | high |
| 56K Analog Modem | 5.0 KB/Sec | 100 ms | moderate |
| ISDN Digital Modem | 4-8 KB/Sec | 20 ms | low |
| Direct Serial | 10-115 KB/Sec | 20 ms | moderate |
| Ethernet (0-1 hops) | 2-12 MB/sec | <5> | low |
| Ethernet (2-3 hops) | 1-4 MB/sec | 10-30 ms | low |
| Ethernet (4-6 hops) | 0.5-1 MB/sec | 50-100 ms | moderate |
| Ethernet (distant) | <200> | >100 ms | mod-high |
Remember that bandwidth is limited by the poorest link, but latency and network errors are cumulative. The values above are simply guidelines for "good" links -- a poor router or link may adversely affect one or more measures. The further data has to travel between hosts, the more traffic it must compete with and the more resources it uses.
Subscribe to:
Posts (Atom)
