NetScreen – Damn Technology

Organisations can use proxy servers for various reasons; to restrict access to certain content, to cache web pages and reduce internet traffic – whatever the reason various approaches can be used:

Explicitly specify a proxy server in applications such as Internet Explorer
Use Proxy auto-config
Transparently force HTTP traffic through a proxy server

This blog post will focus on the last option, transparently routing traffic through a proxy server. There are some disadvantages to this approach:

Authentication can’t be performed on a per-user basis as the web browser is unaware that traffic is bring sent through a proxy server
Without having client computers trust a custom CA and performing a man-in-the-middle attack on all HTTPS traffic, SSL/TLS traffic can’t be sent through the proxy

Once implemented, this will look something like the following:

Squid Policy Based Routing
Continue reading Using Squid and Juniper PBR as a transparent proxy

I spent some time a while ago automating the backups of network device configuration to a restricted network share and thought I’d share a simple batch script to backup the configuration from multiple Juniper Netscreen (ScreenOS) firewalls.

@echo off
REM ================================================================
REM CONFIGURATION INFO
REM ================================================================
set USERNAME=backupAccount
set PASSWORD=superSecretPassword
set CFGFILE=BackupList.txt
set DESTDIR=C:\Backups\

REM ================================================================
REM STOP CHANGING HERE OR YOU'LL BREAK SOMETHING
REM ================================================================
SET TIMESTAMP=%date:~-4,4%.%date:~-7,2%.%date:~-10,2%
for /F "tokens=1,2 delims=," %%A in (%CFGFILE%) do (
	IF NOT EXIST "%DESTDIR%%TIMESTAMP%" mkdir "%DESTDIR%%TIMESTAMP%"
	pscp -q -scp -pw %PASSWORD% %USERNAME%@%%B:ns_sys_config "%DESTDIR%%TIMESTAMP%\%%A.cfg"
)

Continue reading Automatically backup Netscreen firewall