SRX as replacement edge router + firewall

versello · ‎12-21-2009

Hello - I'm new to the Juniper world, so please bear with me.

I have an edge router and a firewall - I'd like to replace both with my shiny new SRX650. Basically what I want is 3 interfaces:

ge-0/0/9: management interface

ge-0/0/1: /30 address (uplink to ISP)

ge-0/0/2: /24 address (DMZ private IP space)

ge-0/0/3: /16 address (my internal network)

Now, I also have a /27 public address block... being that I dont have any additional interfaces to assign this to, can I assign it to loopback interfaces, and NAT the loopback with servers on ge-0/0/2? A primer config would be extremely helpful.

Thank you in advance.

Screenie · ‎01-10-2008

You can use the /27 on the ge-0/0/1 in static or destination nat rules to the servers, no need for the loopback!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

versello · ‎12-21-2009

Thanks Screenie, but ge-0/0/1 already has my /30 address to route with my ISP... how would you suggest I assign /27 to that as well?

Sloefke · ‎07-16-2008

Your next-hop router on the ge-0/0/1 interface needs to route your /27 IP range to the /30 IP address of your firewall. Then you can just use these addresses in your NAT configuration.

Screenie · ‎01-10-2008

Exactly that's how it's done! thanks Sloefke.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

SRX as replacement edge router + firewall

Re: SRX as replacement edge router + firewall

Re: SRX as replacement edge router + firewall

Re: SRX as replacement edge router + firewall

Re: SRX as replacement edge router + firewall