I'm new to Juniper firewalls and I'm having an issue, but I'm not sure if I'm missing any settings on the config or if the unit is defective.
This is what I'm trying to accomplish on the physical interfaces on the units:
Port 0: Service from comcast
Port 1: A wireless access point, none Juniper. its actually a Netgear R6300 configured to run as an AP
Port 2: Connected to a switch with 8+ devices computers, game console(s), etc.
Port 3: connected to a file server
I want the whole network to on the 10.10.10.0 subnet. I think its a simple setup. At least it used to be while I had it setup on a Netgear SRX5308, but that unit died and I replaced it with a SRX220H.
The issue I'm having is that DHCP is not working properly. If I connect a computer directly to any of the ports on the SRX220 it does get ip settings correctly, but if I connect the switch with additional devices or the access point non of the devices connected to the switch or access point receive IPs.
I would really appreciate any help.
This is my current configuration:
version 11.4R7.5;
system {
host-name srx220;
time-zone America/Los_Angeles;
authentication-order password;
root-authentication {
encrypted-password "password"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
login {
user chesco {
full-name Chesco;
uid 100;
class super-user;
authentication {
encrypted-password "password"; ## SECRET-DATA
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
https {
system-generated-certificate;
}
}
dhcp {
router {
10.10.10.1;
}
pool 10.10.10.0/24 {
address-range low 10.10.10.2 high 10.10.10.250;
default-lease-time 3600;
name-server {
8.8.8.8;
}
router {
10.10.10.1;
}
}
propagate-settings ge-0/0/0.0;
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
file ids {
any any;
match RT_IDS;
archive world-readable;
structured-data;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
dhcp;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}
}
}
vlan {
unit 0 {
family inet {
address 10.10.10.1/24;
}
}
}
}
protocols {
stp;
}
security {
log {
mode event;
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
}
}
}
from-zone untrust to-zone trust {
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
https;
ssh;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
https;
ssh;
}
}
}
}
}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
As I mentioned before I'm new at this, any pointers are appreciated