SRX Services Gateway
Reply
Contributor
versello
Posts: 60
Registered: ‎12-21-2009
0

SRX as replacement edge router + firewall

[ Edited ]

Hello - I'm new to the Juniper world, so please bear with me.

 

I have an edge router and a firewall - I'd like to replace both with my shiny new SRX650. Basically what I want is 3 interfaces:

 

ge-0/0/9: management interface

ge-0/0/1: /30 address (uplink to ISP)

ge-0/0/2: /24 address (DMZ private IP space)

ge-0/0/3: /16 address (my internal network)

 

Now, I also have a /27 public address block... being that I dont have any additional interfaces to assign this to, can I assign it to loopback interfaces, and NAT the loopback with servers on ge-0/0/2? A primer config would be extremely helpful.

 

Thank you in advance.

Distinguished Expert
Screenie
Posts: 1,083
Registered: ‎01-10-2008
0

Re: SRX as replacement edge router + firewall

You can use the /27 on the ge-0/0/1 in static or destination nat rules to the servers, no need for the loopback!

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
versello
Posts: 60
Registered: ‎12-21-2009
0

Re: SRX as replacement edge router + firewall

Thanks Screenie, but ge-0/0/1 already has my /30 address to route with my ISP... how would you suggest I assign /27 to that as well?

Contributor
Sloefke
Posts: 29
Registered: ‎07-16-2008

Re: SRX as replacement edge router + firewall

Your next-hop router on the ge-0/0/1 interface needs to route your /27 IP range to the /30 IP address of your firewall.  Then you can just use these addresses in your NAT configuration.

Distinguished Expert
Screenie
Posts: 1,083
Registered: ‎01-10-2008
0

Re: SRX as replacement edge router + firewall

Exactly that's how it's done!  thanks Sloefke.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.