Netscreen High Availability & IP Tracking problem.

Netscreen High Availability & IP Tracking problem.

am 18.05.2007 18:22:55 von jfizer

I have two Netscreen 100s with ScreenOS 2.6 setup in a HA failover
configuration. The problem I'm having is that when I sync the two
units, the slave box gets an exact copy of the masters configuration
and then shuts down all duplicate IP addresses, including the external
untrusted port. This means that the slave cant ping anything, and thus
will allways generate failures when I set it up to track an IP.

Do I need to give the salve box a unique public IP via a serial
reconfiguration of the masters setup? If so, why isn't this talked
about in any of the documentation?

Re: Netscreen High Availability & IP Tracking problem.

am 18.05.2007 22:13:57 von Jens Hoffmann

Hi,

jfizer@klassy.com wrote:
> I have two Netscreen 100s with ScreenOS 2.6

ScreenOS 2.6 is more than outdated.

Cheers,
Jens

Re: Netscreen High Availability & IP Tracking problem.

am 19.05.2007 02:15:48 von Wolfgang Kueter

Jens Hoffmann wrote:

> Hi,
>
> jfizer@klassy.com wrote:
>> I have two Netscreen 100s with ScreenOS 2.6
>
> ScreenOS 2.6 is more than outdated.

Typical, people like to spend money for a shiny device (in this case even
for two of them) but do not like to buy a service contract to get software
updates for their shiny box(es).

Wolfgang

Re: Netscreen High Availability & IP Tracking problem.

am 24.05.2007 22:48:40 von jfizer

On May 18, 1:13 pm, Jens Hoffmann wrote:
> Hi,
>
> jfi...@klassy.com wrote:
> > I have twoNetscreen100s with ScreenOS 2.6
>
> ScreenOS 2.6 is more than outdated.
>
> Cheers,
> Jens


ScreenOS 2.6 has no known security problems and has all the features I
need. I dont see why I should spend thousands of dollars upgrading.

But thanks for not answering my question or even making an attempt to
help.

Re: Netscreen High Availability & IP Tracking problem.

am 25.05.2007 19:53:15 von Jens Hoffmann

Hi,

jfizer@klassy.com schrieb:
> ScreenOS 2.6 has no known security problems

http://securityvulns.com/docs2436.html
http://www.juniper.net/support/security/alerts/ip_spoof_prot ection_failure.html
http://www.juniper.net/support/security/alerts/10_01_03_5798 3_v003.html
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2002-0891

_no_ known is defined a bit differently.
It may be so, that you are not affected.


> and has all the features I
> need. I dont see why I should spend thousands of dollars upgrading.

So that there is anyone besides historians who can help you.
2.6 was current when I started using netscreens, hmm, 5 years ago?
Last time I check, it was something like 5.x. There is not
much similarity left.

> But thanks for not answering my question or even making an attempt to
> help.

I did, you just didn't get the answer you wanted to hear.

Cheers,
Jens