Monday, 15 April 2013

JUNOS : JTAC Recommended Junos Software Versions

SRX Series Services Gateways

Platform JTAC Recommended Junos Software by Platform Release
Type		 Last
updated
SRX100 Junos 11.4R7.5 Standard 8 April 2013
SRX110 Junos 11.4R7.5 Standard 8 April 2013
SRX210 (*1) Junos 11.4R7.5 Standard 8 April 2013
SRX220 Junos 11.4R7.5 Standard 8 April 2013
SRX240 Junos 11.4R7.5 Standard 8 April 2013
SRX550 (*2) Junos 12.1X44-D11.5 (*4) Standard 8 April 2013
SRX650 Junos 11.4R7.5 Standard 8 April 2013
SRX1400 (*3) Junos 11.4R7.5 Standard 8 April 2013
SRX3400 Junos 11.4R7.5 Standard 8 April 2013
SRX3600 Junos 11.4R7.5 Standard 8 April 2013
SRX5600 Junos 11.4R7.5 Standard 8 April 2013
SRX5800 Junos 11.4R7.5 Standard 8 April 2013
(*1) SRX210 recommendation includes old SRX210-B/H/H-POE platforms and new SRX210-BE/HE-HE-POE platforms.
(*2) PSN-2013-01-822 - Recommended Junos Releases for SRX-series and J-series for IPSec Feature Set
(*3) SRX 1400 deployment as a Chassis Cluster requires version Junos 11.1 and above.
(*4) PSN-2013-03-902 - Junos 12.1X44 upgrade recommendation for SRX-Series
at No comments:

Thursday, 11 April 2013

Junos Routing, Switching, and Security: Security Advisories Released

Products Affected Various
Platforms Affected
  • JUNOS 12.x
  • Security
  • JUNOS 11.x
  • JUNOS 10.x
  • SIRT Security Advisory
    • Revision Number 1
    Issue Date 2013-04-10

    PSN Issue :
    A new Junos product security advisory bundle has been released. This message contains the link(s) to the new PSN advisories that have been released. In the interest of speeding the delivery process for SIRT Security Announcements, the Juniper SIRT has implemented a small process change. When the Juniper SIRT publishes Security Advisories and/or Security Notices, a single master PSN (this PSN) will be pushed to subscribed customers which briefly lists the IDs, descriptions, and links for all of the individual Security Announcements being released together on that day.

    Solution:
    Please see the following links for more information about the new security advisories:

    1. PSN-2013-04-911: Junos: Specially crafted SIP packet can cause the flowd process to crash
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-911&viewMode=view

    2. PSN-2013-04-912: Junos: SIP ALG on SRX Series may allow sessions not permitted by policy which can lead to a DoS
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-912&viewMode=view

    3. PSN-2013-04-913: Junos: Kernel crash while processing certain types of ARP packets
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-913&viewMode=view

    4. PSN-2013-04-914: Junos: J-Web Sajax remote code execution
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-914&viewMode=view

    5. PSN-2013-04-915: Junos: MBUF exhaustion with IPv6 egress filter on the loopback interface
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-915&viewMode=view

    6. PSN-2013-04-916: Junos: Ethernet traffic with invalid Ether-Type can trigger protocol packet drops on Ichip-based FPCs/DPCs
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-916&viewMode=view

    7. PSN-2013-04-917: Junos: Kernel crash when receiving crafted GRE packet on multicast tunnel interface
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-917&viewMode=view

    8. PSN-2013-04-918: Junos: DNSSEC validation Denial of Service (CVE-2012-3817)
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-04-918&viewMode=view

    at No comments:

    Tuesday, 9 April 2013

    The Junos Pulse 4.0R2 (Build 34169) Software Release Notification

    Products Affected SRX, SA, UAC, App Accel
    Platforms Affected
  • Junos Pulse
  • UAC OS 4.x
  • SRX-series
  • IC-series
  • WX Platforms
  • MAG Series
  • JWOS 6.x
  • NetScreen SSL VPN
  • Virtual Appliance (VA)
  • IVE OS 7.x
    • Revision Number 1
    Issue Date 2013-04-08

    SRN Description : This bulletin announces the official release of Junos Pulse 4.0R2 (Build 34169). Junos Pulse software release 4.0R2 is a maintenance release.
    at No comments:

    Saturday, 6 April 2013

    Junos : Configuring Destination NAT for Single Address Translation


     Destination NAT Single Address Translation
    Image g030665.gif






    To configure a destination NAT mapping from a public address to a private address:
    1. Create the destination NAT pool.
      [edit security nat destination]user@host# set pool dst-nat-pool-1 address 192.168.1.200/32
    2. Create a destination NAT rule set.
      [edit security nat destination]user@host# set rule-set rs1 from interface ge-0/0/0.0
    3. Configure a rule that matches packets and translates the destination address to the address in the pool.
      [edit security nat destination]user@host# set rule-set rs1 rule r1 match destination-address 1.1.1.200/32user@host# set rule-set rs1 rule r1 then destination-nat pool dst-nat-pool-1
    4. Configure proxy ARP.
      [edit security nat]user@host# set proxy-arp interface ge-0/0/0.0 address 1.1.1.200/32
    5. Configure an address book entry in the trust zone for the server.
      [edit security]user@host# set zones security-zone trust address-book address server-1 192.168.1.200/32
    6. Configure a security policy that allows traffic from the untrust zone to the server in the trust zone.
      [edit security policies from-zone untrust to-zone trust]user@host# set policy server-access match source-address any destination-address server-1 application anyuser@host# set policy server-access then permit
    at No comments:
    Subscribe to: Posts (Atom)
    loading...