Netscreen 25 help

Please help or point me in the right direction if you can. I work at a small company and they are using a netscreen 25 firewall. I can't find a manual or any kind of support for it anywhere.

I need to open port 80 on a machine inside. I've assigned a static internal IP to the machine, but I don't know how I can map that static IP to an outside IP, can anyone help?

thank you

Reply to
Brian
Loading thread data ...

Call their support - you purchased support, right?

Logon to their website and download the manual?

Reply to
Leythos

The documentation for all versions of screenos can be found here:

formatting link
address translation is chapter 8 ...

Wolfgang

Reply to
Wolfgang Kueter

That's the problem. Long ago, before I worked here, support ran out and it was never renewed. Now they don't want to spend the money on it, and recently the person who was managing the firewall was let go.

Reply to
Brian

Thank you!

Reply to
Brian

Downloading the the manuals of all versions of screenos requires no login. Support contracts with Netscreen/Juniper are only required when you want to install updates of the firmware on a box or need technical support by email and/or telephone.

Wolfgang

Reply to
Wolfgang Kueter

So the box can't be updated. Too bad in case of bugs. A firewall that can't be updated is useless.

Great, again one of those idiots who buy pretty expensive security devices but don't buy support and/or spend money on skilled staff. All in all typical behaivior of braindead management.

Wolfgang

Reply to
Wolfgang Kueter

That's not true, meaning support updates/firmware.

A firewall that can't be updated, even rules, still protects what it was intended to protect.

Reply to
Leythos

You snipped the following 2 sentences of mine:

Wrong in case of buggy firewall software. A firewall that runs vulnerable code is no longer what is intended to be 'the trusted device on the network perimeter'.

Wolfgang

Reply to
Wolfgang Kueter

I snipped them because I didn't see where they mattered to what I responded with.

First, even a buggy firmware still provides protection unless the bug applies to the way the firewall is used - if the "bug" was in a HTTP Proxy rule, but there was no HTTP Proxy rule being used, it would most likely NOT impact the user.

Even if it was a stability patch, without exploit, it would still provide protection and still be a very important to keep using.

I'm not advocating that one should skip maintenance/support, but to say that the firewall is useless without updates is not true.

Reply to
Leythos

Good example but if we discuss firmware bugs the bug would *not* be in a proxy rule but in the http proxy implementation as one part of a more complex firmware. OK, if a buggy http proxy implementation is present but the http proxy is not used in the ruleset/configuration (we assume that only packet filtering is used for http) the buggy proxy will do no harm. But: How many people often using quite expensive devices do read release annoucements and are really able to unterstand them?

Again: How many people do read release annoucements (carefully) and understand them?

Wolfgang

Reply to
Wolfgang Kueter

Which does not change my reply to your blanket statement. Just because people don't read them doesn't mean that the device has lost the ability to protect the network. If the flaw is in an unused method, even if the user is unaware of the flaw, it would not impact their existing setup/solution.

Not every flaw results in a compromise. I've seen this hold true in firewall appliances that have not been supported for more than 7 years - they still protect the networks, have flaws that are unable to be used inside the customers network, and still provide the protection the customer needs.

Yes, it's always best to maintain the firmware, but, to suggest that a firewall without updates is useless is not true.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.