ScreenOS Cookbook by Stefan Brunner; Vik Davar; David Delcourt; Ken Draper; Joe Kelly; Sunil Wadhwa Publisher: O'Reilly Pub Date: February 15, 2008 Print ISBN-13: 978-0-59-651003-9 Pages: 838 Table of Contents | Index Overview Written by key members of Juniper Network's ScreenOS development team, this one-of-a-kind Cookbook helps you troubleshoot secure networks that run ScreenOS firewall appliances Scores of recipes address a wide range of security issues, provide step-by-step solutions, and include discussions of why the recipes work, so you can easily set up and keep ScreenOS systems on track ScreenOS Cookbook gives you real-world fixes, techniques, and configurations that save time - not hypothetical situations out of a textbook The book comes directly from the experience of engineers who have seen and fixed every conceivable ScreenOS network topology, from small branch office firewalls to appliances for large core enterprise and government, to the heavy duty protocol driven service provider network Its easy-to-follow format enables you to find the topic and specific recipe you need right away and match it to your network and security issue Topics include: Configuring and managing ScreenOS firewalls NTP (Network Time Protocol) Interfaces, Zones, and Virtual Routers Mitigating Denial of Service Attacks DDNS, DNS, and DHCP IP Routing Policy-Based Routing Elements of Policies Authentication Application Layer Gateway (SIP, H323, RPC, RTSP, etc.,) Content Security Managing Firewall Policies IPSEC VPN RIP, OSPF, BGP, and NSRP Multicast IGPM, PIM, Static Mroutes Wireless Along with the usage and troubleshooting recipes, you will also find plenty of tricks, special considerations, ramifications, and general discussions of interesting tangents and network extrapolation For the accurate, hard-nosed information you require to get your ScreenOS firewall network secure and operating smoothly , no book matches ScreenOS Cookbook ScreenOS Cookbook by Stefan Brunner; Vik Davar; David Delcourt; Ken Draper; Joe Kelly; Sunil Wadhwa Publisher: O'Reilly Pub Date: February 15, 2008 Print ISBN-13: 978-0-59-651003-9 Pages: 838 Table of Contents | Index ScreenOS Cookbook™ Credits Glossary Preface Chapter 1 ScreenOS CLI, Architecture, and Troubleshooting Recipe 1.0 Introduction Recipe 1.1 ScreenOS Architecture Recipe 1.2 Troubleshoot ScreenOS Chapter 2 Firewall Configuration and Management Recipe 2.0 Introduction Recipe 2.1 Use TFTP to Transfer Information to and from the Firewall Recipe 2.2 Use SCP to Securely Transfer Information to and from the Firewall Recipe 2.3 Use the Dedicated MGT Interface to Manage the Firewall Recipe 2.4 Control Access to the Firewall Recipe 2.5 Manage Multiple ScreenOS Images for Remotely Managed Firewalls Recipe 2.6 Manage the USB Port on SSG Chapter 3 Wireless Recipe 3.0 Introduction Recipe 3.1 Use MAC Filtering Recipe 3.2 Configure the WEP Shared Key Recipe 3.3 Configure the WPA Preshared Key Recipe 3.4 Configure WPA Using 802.1x with IAS and Microsoft Active Directory Recipe 3.5 Configure WPA with the Steel-Belted Radius Server and Odyssey Access Client Recipe 3.6 Separate Wireless Access for Corporate and Guest Users Recipe 3.7 Configure Bridge Groups for Wired and Wireless Networks Chapter 4 Route Mode and Static Routing Recipe 4.0 Introduction Recipe 4.1 View the Routing Table on the Firewall Recipe 4.2 View Routes for a Particular Prefix Recipe 4.3 View Routes in the Source-Based Routing Table Recipe 4.4 View Routes in the Source Interface-Based Routing Table Recipe 4.5 Create Blackhole Routes Recipe 4.6 Create ECMP Routing Recipe 4.7 Create Static Routes for Gateway Tracking Recipe 4.8 Export Filtered Routes to Other Virtual Routers Recipe 4.9 Change the Route Lookup Preference Recipe 4.10 Create Permanent Static Routes Chapter 5 Transparent Mode Recipe 5.0 Introduction Recipe 5.1 Enable Transparent Mode with Two Interfaces Recipe 5.2 Enable Transparent Mode with Multiple Interfaces Recipe 5.3 Configure a VLAN Trunk Recipe 5.4 Configure Retagging Recipe 5.5 Configure Bridge Groups Recipe 5.6 Manipulate the Layer 2 Forwarding Table Recipe 5.7 Configure the Management Interface in Transparent Mode Recipe 5.8 Configure the Spanning Tree Protocol (STP) Recipe 5.9 Enable Compatibility with HSRP and VRRP Routers Recipe 5.10 Configure VPNs in Transparent Mode Recipe 5.11 Configure VSYS with Transparent Mode Chapter 6 Leveraging IP Services in ScreenOS Recipe 6.0 Introduction Recipe 6.1 Set the Time on the Firewall Recipe 6.2 Set the Clock with NTP Recipe 6.3 Check NTP Status Recipe 6.4 Configure the Device's Name Service Recipe 6.5 View DNS Entries on a Device Recipe 6.6 Use Static DNS to Provide a Common Policy for Multiple Devices Recipe 6.7 Configure the DNS Proxy for Split DNS Recipe 6.8 Use DDNS on the Firewall for VPN Creation Recipe 6.9 Configure the Firewall As a DHCP Client for Dynamic IP Environments Recipe 6.10 Configure the Firewall to Act As a DHCP Server Recipe 6.11 Automatically Learn DHCP Option Information Recipe 6.12 Configure DHCP Relay Recipe 6.13 DHCP Server Maintenance Chapter 7 Policies Recipe 7.0 Introduction Recipe 7.1 Configure an Inter-Zone Firewall Policy Recipe 7.2 Log Hits on ScreenOS Policies Recipe 7.3 Generate Log Entries at Session Initiation Recipe 7.4 Configure a Syslog Server Recipe 7.5 Configure an Explicit Deny Policy Recipe 7.6 Configure a Reject Policy Recipe 7.7 Schedule Policies to Run at a Specified Time Recipe 7.8 Change the Order of ScreenOS Policies Recipe 7.9 Disable a ScreenOS Policy Recipe 7.10 Configure an Intra-Zone Firewall Policy Recipe 7.11 Configure a Global Firewall Policy Recipe 7.12 Configure Custom Services Recipe 7.13 Configure Address and Service Groups Recipe 7.14 Configure Service Timeouts Recipe 7.15 View and Use Microsoft RPC Services Recipe 7.16 View and Use Sun-RPC Services Recipe 7.17 View the Session Table Recipe 7.18 Troubleshoot Traffic Flows Recipe 7.19 Configure a Packet Capture in ScreenOS Recipe 7.20 Determine Platform Limits on Address/Service Book Entries and Policies Chapter 8 Network Address Translation Recipe 8.0 Introduction Recipe 8.1 Configure Hide NAT Recipe 8.2 Configure Hide NAT with VoIP Recipe 8.3 Configure Static Source NAT Recipe 8.4 Configure Source NAT Pools Recipe 8.5 Link Multiple DIPs to the Same Policy Recipe 8.6 Configure Destination NAT Recipe 8.7 Configure Destination PAT Recipe 8.8 Configure Bidirectional NAT for DMZ Servers Recipe 8.9 Configure Static Bidirectional NAT with Multiple VRs Recipe 8.10 Configure Source Shift Translation Recipe 8.11 Configure Destination Shift Translation Recipe 8.12 Configure Bidirectional Network Shift Translation Recipe 8.13 Configure Conditional NAT Recipe 8.14 Configure NAT with Multiple Interfaces Recipe 8.15 Design PAT for a Home or Branch Office Recipe 8.16 A NAT Strategy for a Medium Office with DMZ Recipe 8.17 Deploy a Large-Office Firewall with DMZ Recipe 8.18 Create an Extranet with Mutual PAT Recipe 8.19 Configure NAT with Policy-Based VPN Recipe 8.20 Configure NAT with Route-Based VPN Recipe 8.21 Troubleshoot NAT Mode Recipe 8.22 Troubleshoot DIPs (Policy NAT-SRC) Recipe 8.23 Troubleshoot Policy NAT-DST Recipe 8.24 Troubleshoot VIPs Recipe 8.25 Troubleshoot MIPs Chapter 9 Mitigating Attacks with Screens and Flow Settings Recipe 9.0 Introduction Recipe 9.1 Configure SYN Flood Protection Recipe 9.2 Control UDP Floods Recipe 9.3 Detect Scan Activity Recipe 9.4 Avoid Session Table Depletion Recipe 9.5 Baseline Traffic to Prepare for Screen Settings Recipe 9.6 Use Flow Configuration for State Enforcement Recipe 9.7 Detect and Drop Illegal Packets with Screens Recipe 9.8 Prevent IP Spoofing Recipe 9.9 Prevent DoS Attacks with Screens Recipe 9.10 Use Screens to Control HTTP Content Chapter 10 IPSec VPN Recipe 10.0 Introduction Recipe 10.1 Create a Simple User-to-Site VPN Recipe 10.2 Policy-Based IPSec Tunneling with Static Peers Recipe 10.3 Route-Based IPSec Tunneling with Static Peers and Static Routes Recipe 10.4 Route-Based VPN with Dynamic Peer and Static Routing Recipe 10.5 Redundant VPN Gateways with Static Routes Recipe 10.6 Dynamic Route-Based VPN with RIPv2 Recipe 10.7 Interoperability Chapter 11 Application Layer Gateways Recipe 11.0 Introduction Recipe 11.1 View the List of Available ALGs Recipe 11.2 Globally Enable or Disable an ALG Recipe 11.3 Disable an ALG in a Specific Policy Recipe 11.4 View the Control and Data Sessions for an FTP Transfer Recipe 11.5 Configure ALG Support When Running FTP on a Custom Port Recipe 11.6 Configure and View ALG Inspection of a SIPBased IP Telephony Call Session Recipe 11.7 View SIP Call and Session Counters Recipe 11.8 View and Modify SIP ALG Settings Recipe 11.9 View the Dynamic Port(s) Associated with a Microsoft RPC Session Recipe 11.10 View the Dynamic Port(s) Associated with a Sun-RPC Session Chapter 12 Content Security Recipe 12.0 Introduction Recipe 12.1 Configure Internal Antivirus Recipe 12.2 Configure External Antivirus with ICAP Recipe 12.3 Configure External Antivirus via Redirection Recipe 12.4 Configure Antispam Recipe 12.5 Configure Antispam with Third Parties Recipe 12.6 Configure Custom Blacklists and Whitelists for Antispam Recipe 12.7 Configure Internal URL Filtering Recipe 12.8 Configure External URL Filtering Recipe 12.9 Configure Custom Blacklists and Whitelists with URL Filtering Recipe 12.10 Configre Deep Inspection Recipe 12.11 Download Deep Inspection Signatures Manually Recipe 12.12 Develop Custom Signatures with Deep Inspection Recipe 12.13 Configure Integrated IDP Chapter 13 User Authentication Recipe 13.0 Introduction Recipe 13.1 Create Local Administrative Users Recipe 13.2 Create VSYS-Level Administrator Accounts Recipe 13.3 Create User Groups for Authentication Policies Recipe 13.4 Use Authentication Policies Recipe 13.5 Use WebAuth with the Local Database Recipe 13.6 Create VPN Users with the Local Database Recipe 13.7 Use RADIUS for Admin Authentication Recipe 13.8 Use LDAP for Policy-Based Authentication Recipe 13.9 Use SecurID for Policy-Based Authentication Chapter 14 Traffic Shaping Recipe 14.0 Introduction Recipe 14.1 Configure Policy-Level Traffic Shaping Recipe 14.2 Configure Low-Latency Queuing Recipe 14.3 Configure Interface-Level Traffic Policing Recipe 14.4 Configure Traffic Classification (Marking) Recipe 14.5 Troubleshoot QoS Chapter 15 RIP Recipe 15.0 Introduction Recipe 15.1 Configure a RIP Instance on an Interface Recipe 15.2 Advertise the Default Route via RIP Recipe 15.3 Configure RIP Authentication Recipe 15.4 Suppress RIP Route Advertisements with Passive Interfaces Recipe 15.5 Adjust RIP Timers to Influence Route Convergence Duration Recipe 15.6 Adjust RIP Interface Metrics to Influence Path Selection Recipe 15.7 Redistribute Static Routes into RIP Recipe 15.8 Redistribute Routes from OSPF into RIP Recipe 15.9 Filter Inbound RIP Routes Recipe 15.10 Configure Summary Routes in RIP Recipe 15.11 Administer RIP Version 1 Recipe 15.12 Troubleshoot RIP Chapter 16 OSPF Recipe 16.0 Introduction Recipe 16.1 Configure OSPF on a ScreenOS Device Recipe 16.2 View Routes Learned by OSPF Recipe 16.3 View the OSPF Link-State Database Recipe 16.4 Configure a Multiarea OSPF Network Recipe 16.5 Set Up Stub Areas Recipe 16.6 Create a Not-So-Stubby Area (NSSA) Recipe 16.7 Control Route Propagation in OSPF Recipe 16.8 Redistribute Routes into OSPF Recipe 16.9 Make OSPF RFC 1583-Compatible Problem Recipe 16.10 Adjust OSPF Link Costs Recipe 16.11 Configure OSPF on Point-to-Multipoint Links Recipe 16.12 Configure Demand Circuits Recipe 16.13 Configure Virtual Links Recipe 16.14 Change OSPF Timers Recipe 16.15 Secure OSPF Recipe 16.16 Troubleshoot OSPF Chapter 17 BGP Recipe 17.0 Introduction Recipe 17.1 Configure BGP with an External Peer Recipe 17.2 Configure BGP with an Internal Peer Recipe 17.3 Configure BGP Peer Groups Recipe 17.4 Configure BGP Neighbor Authentication Microsoft RPC services 2nd 3rd order of policies 2nd packet capture platform limits queuing and service objects session tables 2nd 3rd 4th Sun-RPC services traffic flows 2nd Policy Configurable setting policy creation and DNS policy NAT-DST 2nd policy NAT-SRC policy-based IPSec tunneling with static peers 2nd 3rd 4th 5th policy-based routing policy-based tunneling policy-based VPNs 2nd 3rd 4th 5th 6th 7th policy-level traffic shaping 2nd 3rd 4th 5th port scans ports PPP (Point-to-Point Protocol) precision attacks preferences private use network address space Probe Requests and Probe Responses protocol anomaly Proxy RP pruning Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] QoS (Quality of Service) troubleshooting Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] RADIUS (Remote Access Dial-In User Service) using for administrator authentication 2nd recurring keyword RED (Random Early Drop) redirect to TFTP command redundant interface redundant VPN gateways with static routes 2nd 3rd 4th 5th 6th 7th 8th 9th regular expressions (regexes) support reject policies 2nd replay attacks retagging 2nd 3rd 4th RFC 4360 RIP (Routing Information Protocol) 2nd 3rd 4th advertising default routes inbound RIP routes interface metrics redistributing routes from OSPF into 2nd 3rd 4th redistributing static routes into 2nd 3rd RIP authentication RIP database RIP message types RIP timers 2nd 3rd 4th 5th 6th RIP version 1 RIP version 2 route preference routing loops ScreenOS default parameters ScreenOS implementation summary routes 2nd route mode route reflectors and route reflector clients route tags route-based IPSec tunneling 2nd 3rd route-based tunneling tunnel interfaces route-based VPNs 2nd 3rd 4th Router LSAs routers and firewalls routing 2nd 3rd 4th 5th 6th 7th encryption of traffic 2nd 3rd 4th 5th load-balancing traffic 2nd 3rd 4th route lookup preference route selection process routing tables 2nd 3rd 4th 5th VRs static routes for gateway tracking 2nd 3rd viewing routes for particular prefixes 2nd 3rd viewing routes in source interface-based routing tables viewing routes in source-based routing tables routing by rumor routing in reverse RPF (reverse-path forwarding) RPs (Rendezvous Points) methods for determining RPT (Rendezvous Point Tree) RTOs (Run-Time Objects) RTP (Real-time Transport Protocol) headers Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] SAs (Security Associations) 2nd 3rd 4th 5th save command SCP (Secure Copy) SecurID security 802.11 standards firewalls NAT and security zones server networks 2nd Self zone service groups service objects service timeouts 2nd 3rd 4th set clock command set command set cpu-limit command set dbuf size command set dns host command set dns host dns1 command set dns host schedule command set ffilter command set flow tcp-syn-bit-check command set ike gateway command set interface dhcp relay vpn command set interface e1 nat command set interface e1 route command set interface ethernet1 dhcp server auto command set interface ethernet1 dhcp server option command set interface ethernet3 dhcp client settings update-dhcpserver command set ntp auth command set ntp interval command set ntp no-ha-sync command set policy global command set service command set ssh enable command set vr trust-vr preference command set zone untrust tcp-rst command SHA-1 algorithm shared-key authentication Simple Network Time Protocol (SNTP) SIP ALGs 2nd 3rd 4th 5th 6th 7th 8th ALG settings DoS attack protection for SIP call and session counters timeout intervals setting snoop command snoop function 2nd SNTP (Simple Network Time Protocol) source interface-based routing tables viewing source NAT pool translation source ports source shift translation source-based routing route-lookup preference source-based routing tables viewing sparse mode protocols spillover objects split DNS split-horizon RIP routing loop prevention SPT (Shortest Path Tree) src-interface keyword SSG USB port management SSG5 and SSG20 SSH (Secure Shell) 2nd 3rd SSID (Service Set Identifier) STA (station) state-checking stateful firewalls stateful inspection security stateful signatures static configuration Steel-Belted Radius servers 2nd 3rd 4th 5th 6th 7th 8th 9th installation 2nd STP (Spanning Tree Protocol) stream signatures strict priority queuing stub areas 2nd 3rd 4th 5th exclusion of ASBRs from Sun-RPC ALG sessions 2nd 3rd 4th Sun-RPC services SYN cookie protection SYN flood attacks syslog servers 2nd 3rd system modes Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Teardrop attack TFTP (Trivial File Transfer Protocol) firewall 2nd 3rd TMNGs (Traffic Management Objects) borrowing PreShapingBytes versus PostShapingBytes ToS bits 2nd 3rd totally stubby areas 2nd track-ip 2nd traffic classification traffic load balancing 2nd 3rd 4th PBR traffic log entries traffic qualification or traffic marking traffic redirection for threat mitigation 2nd 3rd 4th traffic shaping 2nd 3rd 4th 5th 6th ingress and egress low-latency queuing marking and QoS 2nd 3rd queuing schemes traffic classification (marking) 2nd 3rd 4th 5th 6th transparent bridges transparent mode 2nd 3rd 4th Bridge Groups 2nd 3rd 4th enabling with multiple interfaces 2nd 3rd 4th enabling with two interfaces 2nd 3rd 4th HSRP and VRRP routers 2nd 3rd incompatibility with dynamic routing protocols management interface 2nd 3rd retagging VPNs VSYS 2nd troubleshooting 2nd BGP debug 2nd 3rd 4th 5th 6th debug buffer 2nd 3rd DIPs 2nd 3rd flow filters 2nd MIPs 2nd NAT mode 2nd 3rd OSPF 2nd 3rd 4th platform dependencies policy NAT-DST RIP 2nd 3rd troubleshooting functions VIPs 2nd trust-vr 2nd tunnel interfaces 2nd two-factor authentication Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] UDP floods unicast RPF (reverse-path forwarding) unset alg enable command unset alg sip enable command unset command unset protocol bgp neighbor md5-authentication command untagged or uncolored VLANs untrust-vr UPDATE message URL filtering 2nd 3rd 4th 5th 6th 7th custom blacklists and whitelists external filtering internal filtering user authentication 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th 12th 13th 14th 15th authentication policies 2nd group expressions local administrative users user groups user profiles VPN users 2nd 3rd VSYS-level administrative accounts WebAuth 2nd 3rd 4th user types administrative users auth users IKE user-to-site VPNs 2nd NetScreen-Remote 2nd 3rd ScreenOS 2nd 3rd Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] VIPs (virtual IPs) troubleshooting virtual links 2nd 3rd 4th VLAN interface VLAN trunks 2nd 3rd 4th vlan1 interface VoIP (Voice over IP) hide NAT configuration for QoS configuring to prioritize 2nd 3rd 4th VPNs (virtual private networks user-to-site VPNs ScreenOS VPNs (virtual private networks) 2nd 3rd 4th 5th 6th 7th configuring in transparent mode 2nd 3rd 4th 5th 6th DDNS 2nd DH exchange dynamic route-based VPNs IKE gateways interoperability 2nd 3rd Main and Aggressive modes Main mode gateway configuration PFS Phase-2 VPN configuration replay protection ScreenOS implementations tunnel configuration user-to-site VPNs NetScreen-Remote 2nd 3rd VPN monitor 2nd 3rd 4th VPN tunnels 2nd 3rd 4th 5th 6th 7th 8th VRRP (Virtual Redundancy Router Protocol) 2nd VRRP routers 2nd 3rd VRs (Virtual Routers) 2nd 3rd routing table lookup preferences routing tables VSDs (virtual security devices) VSI (Virtual Security Interface) VSYS (Virtual System) 2nd 3rd 4th 5th components configuring in transparent mode in HA clusters 2nd 3rd IPSec tunnels multiple configurations root system VSYS configuration profiles 2nd 3rd command overrides CPU limiting example profile example resource charges limits route mode VSYSes routing and policies shared VRs transparent and NAT modes of operation transparent mode 2nd 3rd 4th Layer 2 VSYS policies VSYS administrators administrator accounts Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] WebAuth 2nd 3rd 4th WEP (Wired Equivalent Privacy) shared key configuration 2nd 3rd 4th WFQ (Weighted Fair Queuing) Wireless Station State transition WLANs (Wireless Local Area Networks) 2nd 802.11 wireless standards 2nd 3rd 4th 5th Bridge Groups for wired/wireless networks 2nd 3rd MAC filtering 2nd PPP separate access for corporate and guest users 2nd 3rd 4th 5th 6th WEP shared key configuration 2nd 3rd WPA (Wi-Fi Protected Access) 802.1x with IAS and MS Active Directory 2nd 3rd 4th 5th 6th 7th preshared key configuration 2nd 3rd Steel-Belted Radius server and Odyssey Access Client 2nd 3rd 4th 5th 6th 7th 8th Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] Xauth users Index [SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] zones custom zones functional zones ... Publisher: O'Reilly Pub Date: February 15, 2008 Print ISBN- 13: 978-0-59-651003-9 Pages: 838 Table of Contents | Index ScreenOS Cookbook Credits Glossary Preface Chapter 1 ScreenOS CLI, Architecture, and Troubleshooting... For the accurate, hard-nosed information you require to get your ScreenOS firewall network secure and operating smoothly , no book matches ScreenOS Cookbook ScreenOS Cookbook by Stefan Brunner; Vik Davar; David Delcourt; Ken... February 2008: First Edition Nutshell Handbook, the Nutshell Handbook logo, and the O'Reilly logo are registered trademarks of O'Reilly Media, Inc The Cookbook series designations, ScreenOS Cookbook, the