Screen OS

 View Only
last person joined: 10 months ago 

This is a legacy community with limited Juniper monitoring.
  • 1.  NetBIOS broadcast forwarding

    Posted 06-09-2008 13:48



    I have been asked by a collegue if the following is possible: Two sites connected via two SSG5 firewalls by a site to site VPN tunnel. Both sites use NetBIOS name resolution by means of broadcast messages (all nodes are in B mode). No WINS server is in use and cannot be installed in the near future.


    Is it possible that the SSG5 firewalls forward the NetBIOS name resolution broadcast messages, i.e. acting as some kind of NetBIOS proxy, to allow computers from one side resolve NetBIOS names from computers in the other site?





  • 2.  RE: NetBIOS broadcast forwarding

    Posted 06-09-2008 21:56



    u can use the option NETBIOS over TCP/IP option in NIC properties.



  • 3.  RE: NetBIOS broadcast forwarding

    Posted 06-09-2008 23:12



    I think you misunderstand me. The Option "NetBIOS over TCP" in the NIC properties just enables or disables NetBIOS on some workstation. It is enabled by default and if you disable it, all programs that use the NetBIOS API won't work. In particulary, the SMB protocol is used in its SMB over TCPI variant instead of encapsulating it in NetBIOS packets that are themselves tunneled in TCP packets.


    This option has to be enabled that the Browser service can work. If so, it uses NetBIOS broadcasts that are implemented as ordinary UDP broadcasts in the subnet. The firewall as a Layer 3 device will be the border of the broadcast domain and therefore not forward these broadcast packets through the VPN tunnel.


    What I'm actually looking for is a ScreenOS option that the FW detects these broadcast packets and forward them anyway through the tunnel after doing some kind of rewriting of the packet to reflect that they are now in a different subnet. Very similiar to the way a DHCP relay works that listens too for some specific broadcast messages and forwards them to a server configured in the options.




  • 4.  RE: NetBIOS broadcast forwarding
    Best Answer

    Posted 06-10-2008 01:22
    sorry i got ur point. u need IP helper address type soluton. i dont think so u can configure netscreen to relay netbios traffic.