ScreenOS Cookbook

---

About this Book

Written by key members of Juniper Network's principal ScreenOS support and field engineering teams, ScreenOS Cookbook is the most authoritative guide available for managing secure networks that run ScreenOS firewall appliances. Scores of recipes address a wide range of security issues, provide step-by-step solutions, and include discussions of why the recipes work so you can easily set up, troubleshoot, and keep ScreenOS systems on track.

ScreenOS Cookbook gives you real-world fixes, techniques, and configurations that save time—not hypothetical situations out of a textbook. The book comes directly from the experience of engineers who have seen and fixed every conceivable ScreenOS network topology, from small branch office firewalls and appliances for large enterprise and government networks to heavy-duty protocol-driven service provider networks. The easy-to-follow format enables you to find the topic and specific recipe you need right away so that you can match it to your network or security issues. The book covers hundreds of implementations of ScreenOS techniques, including:

• Network Address Translation (NAT)
• Interfaces zones, and virtual routers
• Mitigating Denial of Service attacks
• DDNS, DNS, and DHCP
• IP routing; policy-based routing
• Traffic shaping
• User authentication
• Application Layer Gateway (SIP, H323, RPC, RTSP, etc.)
• Content security; managing firewall policies
• IPSEC VPN
• RIP, OSPF, BGP, and NSRP
• Multicast: IGPM, PIM, Static mroutes
• Wireless; Virtual Systems (VSYSes)

Along with usage and troubleshooting recipes, you will also find plenty of tips, special considerations, ramifications, and discussions of interesting tangents and network extrapolation. For the accurate, hard-nosed information you require to get your ScreenOS firewall network secure and operating smoothly, no book matches ScreenOS Cookbook.

About the Authors

Stefan Brunner is the lead architect in Juniper Networks' Service Layer Technology Professional Services group. Prior to Juniper, Stefan worked with NetScreen Technologies as a network security consultant. Stefan holds an MBA in innovations research and technology management from Ludwig-Maximilians-University of Munich, and a certificate degree in telecommunications engineering from the University of California at Berkeley.

Vik Davar has been working in the IT field for more than 15 years, holding positions in financial services firms and technology companies including Juniper Networks and Goldman Sachs. Vik is the president of 9 Networks, an IT services company. He has a master’s degree in electrical engineering from Columbia University and a bachelor's degree in electrical engineering from The Cooper Union in New York City. He is also a CISSP and CCIE# 8377.

David Delcourt has worked in the data communications industry for the past 13 years for enterprise equipment vendors including Cabletron Systems and NetScreen Technologies. He has held a variety of positions, including advanced TAC engineer, technical trainer, and product manager at Cabletron Systems, and senior security consultant at NetScreen Technologies. He is currently the security practice manager in Professional Services for Juniper Networks, supporting the Americas.

Ken Draper has spent the past 20 years in the networking industry, and has focused on security solutions for the past 11 years. He is CISSP certification #22627 and holds numerous other certifications. Ken has worked at such networking equipment manufacturers as Infotron, Gandalf, Synoptics, Bay Networks, Nortel, NetScreen, and now Juniper Networks. He has more than six years of experience with ScreenOS and large-scale security solutions, he has held a variety of technical engineering positions including systems engineer and solutions architect, and he is currently a Juniper Networks consulting engineer specializing in the large-scale virtual private network (VPN), firewall, intrusion prevention, and centralized management markets.

Joe Kelly has been involved in data networking for more than 12 years, focusing on the realms of network security and routing. He started his career in the service provider space at IDT Corporation, where he held roles in network operations and engineering. After IDT, he spent time with various network service providers in engineering and architectural capacities. In 2001, Joe joined NetScreen Technologies as a senior systems engineer in the Financial and Service Provider verticals, where he specialized in high-availability, high-performance networks. Joe joined Juniper Networks in 2004 with the acquisition of NetScreen, and he is currently the technical lead on the Global Banking and Finance team.

Sunil Wadhwa has been in the data networking industry for more than 13 years, focusing on systems, network routing, and security in enterprise and service provider organizations. He started his career in India at GTL Limited and SAP India, and then held a variety of roles in technical support, network operations, and engineering. He moved to the United States and worked with E4E as a network consultant for routing and security, and then joined Juniper Networks as an advanced technical support engineer for firewall/VPN products. He currently leads the Advance Technical Support team for Juniper Networks, supporting enhanced services products.