I finally got an IPv6 tunnel going on my Netscreen SSG 5. So I thought I'd post the relevant configuration details here.IPv6 tunnel through IPv4 with a Netscreen
Michael Dale
Our web server died a few weeks ago, I was lucky enough to borrow a spare DL380 G1 from work. Although we still have it, I'm not sure if we'll be able to keep it.New Server
Michael Dale
I finally setup LDAP on Kerio. I now have my contacts synced with webmail, mac address book and my phone. Awesome.Contacts - LDAP
Michael Dale
I think I've found the cause for Akismet not working as well as it should have.Akismet timeout, fixed?
Michael Dale
I'm testing out a new spam system I quickly wrote.Spam System Upgraded
Michael Dale
Argh. Too much spam is getting through again; even with Akismet. So I'm in the process of writing a new spam class. The aim is to build a comment score (similar to email spam filtering programs) based on the following:Spam
Michael Dale
And that should be the last time for a while.Servers Moved
Michael Dale
Juniper SSG 5
Michael Dale
We'll I finally got my new Juniper SSG 5 firewall (the replacement model for my old Netscreen 5gt).
I ordered it back in November, originally I was going to get the wireless version but they were still out of stock early this year so I ended up getting the base model (with 256mb of ram).
The main reason for the upgrade was that we'd run out of VPN tunnels (the 5gt did 10). The new version supports 25, plus it upgradeable to 40.
The SSG also has the following advantages over the 5gt (I'm comparing the base model 5gt and SSG 5):
So the device is pretty much double everything that the 5gt is.
It also cost me double. I got the 5gt off ebay for $320, where as the SSG 5 new cost me $640. I got a really good price on it has Bryn was able to sign up as a Juniper reseller, the SSG 5 is about $1200 retail.
The main limitation of the old Netscreen 5gt was the port modes.
The port mode defines what zone (untrust, trust, dmz etc) each ethernet interface is in. Any time you needed to change this you were required to reset the device and config (see below).
Where as the SSG 5 has something called bridge groups allowing you to easily change what zone each interface is in without resetting the device and/or config.
Much more useful if you're playing round with different network topologies (see below).
I've updated some of the IPSEC benchmarks to include both the SSG 5 and an old Netscreen 100 I picked up.
I found the following address in my logs. Looks like a spamming program. Feel free to try and take it offline.Spam Server
Michael Dale