NS5GT - only two zone available for an interface.

rutledgeIT · 07-23-2009

Hi

I have got NS5GT and created a new zone. I wanted to change ethernet2's zone to new zone but I have only two options there i.e. NULL or DMZ

How can I change it?

Regards

Rutledge

arizvi · 10-21-2008

Hi,

You change the firewall to combined mode like th following , but you need unlimited( advance) limited:

ns5gt-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address                        Zone        MAC            VLAN State VSD
eth1           192.168.1.1/24                    Work        0010.db74.ed92    -   D   -
eth2           0.0.0.0/0                         Home        0010.db74.ed97    -   D   -
eth3           0.0.0.0/0                         Untrust     0010.db74.ed98    -   D   -
eth4           0.0.0.0/0                         Untrust     0010.db74.ed91    -   D   -
vlan1          0.0.0.0/0                         VLAN        0010.db74.ed9f    1   D   -
null           0.0.0.0/0                         Null        N/A               -   U   0

arizvi · 10-21-2008

Hi,

You change the firewall to combined mode like th following , but you need unlimited( advance) LICENSE:

ns5gt-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

Interfaces in vsys Root:
Name           IP Address                        Zone        MAC            VLAN State VSD
eth1           192.168.1.1/24                    Work        0010.db74.ed92    -   D   -
eth2           0.0.0.0/0                         Home        0010.db74.ed97    -   D   -
eth3           0.0.0.0/0                         Untrust     0010.db74.ed98    -   D   -
eth4           0.0.0.0/0                         Untrust     0010.db74.ed91    -   D   -
vlan1          0.0.0.0/0                         VLAN        0010.db74.ed9f    1   D   -
null           0.0.0.0/0                         Null        N/A               -   U   0

rutledgeIT · 07-23-2009

Sorry Arizvi,

I didn't get you. What is combined mode?

In my case, ethernet2 has got only two zone options in dropdown box. If I try to set zone to something else via ssh then it says invaild command as I can choose either null or dmz.

Can you please exlpain combined mode a bit and how it is helpful in my case?

Cheers

Rutledge

arizvi · 10-21-2008

Please follow the KB:

http://kb.juniper.net/KB6111

http://kb.juniper.net/KB4783

http://kb.juniper.net/KB6117

I hope the above KB would help you.

Thnaks

ATif

rutledgeIT · 07-23-2009

None of the articles helped me.

Is there any other way I can check why do I have only two zones for eth2 in NS5GT?

Regards

Rutledge

arizvi · 10-21-2008

Hi,

Can you please past the following data:

1) get sys

2) get int

3) get lic

Thanks

Atif

rutledgeIT · 07-23-2009

Please check your inbox for password to open attached file.

I had to remove public IPs and MAC addresses for security reasons.

Cheers

Rutledge

arizvi · 10-21-2008

Hi,

you can only used 3 zones and the zones are pre-defined for the interface.

The zones available are trust , Dmz and 2 untrust zones. Unofrtunately you have to manage your topology between these zones.

Ns-5GT do not support custom zones.

Thanks

Atif

Kudos appreciated

rutledgeIT · 07-23-2009

Thanks Atif,

I understand that I can have only 3 zones. In my case, Eth2 ( which is physically Eth3) is bounded to DMZ. How can I change it to Untrust?

Regards

Angad

NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.

Re: NS5GT - only two zone available for an interface.