Cogenesis Logo

National IT Support for your business (Sydney, Brisbane, Melbourne, Perth)

National Local Call: 1300 88 35 99
Level 13, 155 Castlereagh St, Sydney, NSW 2000

articles

Juniper Support

SRX300 series and all new SRX1500

 

image

 

Juniper has released new “Next Generation” firewalls that come shipped with Junos OS 15.1X49 (October 2015) which leverages 64-Bit BSD 10, that purports to improve SMP multicore performance..  One of the initial standout features is the introduction of MACsec on all these new devices.  MACsec allows for secure (encrypted) layer 2 connections, as long as both ends support the MACsec IEEE standard 802.1ae (ie two srx’s or an SRX into an EX switch).  Up till now this feature was only available on the switching line sometimes with only certain optics and the MX series.

The new line of Intelligent firewalls also bring with them significant advances in Security Analytics, Anti-Malware & Zero Day threat protection through Junipers Sky Advanced

Click Here To Read More

Juniper SRX – zoning out?

 

Juniper SRX firewalls have several types of security zones

  • system defined (null zone and junos-host)
  • user defined (security zones & functional zones)

user configurable zones

Click Here To Read More

How to implement basic Class of Service on a Juniper SRX

Lets say you have a network with VoIP handsets internally and a SIP proxy externally. You will want to make sure the SIP traffic gets better treatment at the firewall, particularly if the internet and VoIP traffic is running over the same WAN link. So how do you implement this in JUNOS?

The steps in a nut shell are:
– setup the class-of-service schedulers and
– then map the schedulers to the forwarding class
– then apply the firewall rules to move the packets into the forwarding class
– Then apply the firewall filter to the interface

Click Here To Read More

Is your internet link performing badly?

Is your internet link performing badly?      Have you checked duplex settings on the WAN interface?

Recently when looking at a customers network i noticed that their internet WAN interface was in half duplex mode.  This is a common misconfiguration and results in poor performing internet links.

On a Juniper SRX you can see the interface statistics, including the duplex information by issuing the below command

Click Here To Read More

Configuring the Juniper SRX to handle Brute Force attacks

 

The Juniper SRX firewall is very feature rich. License the product with Intrusion Detection or IDP and you have a super smart device capable of detecting the latest shell code exploits and configurable in a granular way to tailor your security response to just about any way you want. A quick word about performance however, while providing IT Support in the field I have noticed that the device performance is consideration once you start playing with these CPU intensive features. For sites with more than 10-15 users make sure the business has an SRX210 and above if you plan on rolling out the UTM, IDP feature sets. Its not mandatory, and it will certainly function but its best practice, at least in my opinion.

Ok so back to how to handle brute force detection. Juniper SRX has the ability to detect consecutive login attempts and then perform an action, like blocking the offending IP for a period of time. This is a great technique to thwart brute force attempts on networks where two factor authentication is not present.

Click Here To Read More

Setting up IDP on the Juniper SRX

———

 

Juniper

 

Intrusion Detection Prevention (IDP); or sometimes known as IPS, is a feature of the Juniper SRX range. IDP is available on the branch SRX’s all the way through to the datacentre versions and is a fantastic item under the IT Services feature set. IDP is particularly useful as another layer of security to inspect data transmissions between client and server and perform an actions upon it, a good example is IDP’s ability to detect known Shell code buffer overflow exploits that are out there in the wild and stop them in their tracks AND also block that IP for set period of time, like 1 hour, 1 day or a week! These buffer overflow style attacks are typically launched at a server once traditional enumeration steps have been performed by the remote attacker. To thwart the enumeration attacks juniper makes use of SCREENS, but that is a discussion for another time.

so how do we configure an SRX for IDP?

Click Here To Read More

Juniper Partnership Requirements

 

Clarity around Junipers partnership levels is murky at best, there are many benefits associated with each individual level so it perplexes me as to why the partnership requirements aren’t more succinctly explained on their website particularly for those engaged in IT Support as their profession. I have gathered what i have learned and presented it below

Juniper offer 3 levels of partnership

  • Reseller Status
  • Select Status
  • Elite Status

The difference in the partner levels equates to a larger percentage discount from equipment RRP buy price(s) plus marketing and engagement incentives.

The requirements for Reseller level is quite straight forward, but the Select and Elite level require partnership levels require multiple engineers and sales staff with JNCIS, JNSS and JNSA qualifications and a significant level of engagement from the company seeking to obtain the high levels. The JNCIS, JNSS and JNSA cover both the technical, product awareness and sales material which is important for pre/post-sales and implementation & advisory work

Click Here To Read More

Get a free IT consultation today

Contact Us Today - IT Consulting Sydney

simply complete your details below and a consultant will get right back to you

Or feel free to call us on
1300 88 35 99