Screen OS

Our 5gt died. We have a spare but are unable to retrieve config from the old one. I am asking for help in setting it up. I have never setup one of these devices before. I was able to console connect to it today but figured I wouldn't make any changes until I knew what to change.

The old one was set up for the following - 3 connections - one from a server (static ip 192.168.1.50), one from local lan (static ip 192.168.1.145) and one from connecting network (10.0.0.1)

The server utilizes both networks. Requests are made for the 10.0.0.1 from the local lan side through the server. The request is sent to the 10 side and returned to the server before being passed to the client on the local lan side.

Can anyone help me set this up please. I would really appreciate it. Thanks in advance.

I went ahead and began setting up the device. I set the 10 side to untrust and the local lan to trusted/ nat/ set time and date. I was able to get the internet but my server can't communicate with the 10 side. The 5gt can ping both interfaces but not the server.

Any help would be appreciated.

Where is your server? In the trust side?

If your server is in a different zone than the trust then you would need a policy from that zone to the untrust (10 network)

it should work if you have a policy for the server to access out into the untrust zone.

do you think you can run some debugs to check?

set ff src-ip X.X.X.X

set ff dst-ip  X.X.X.X (X is the IP of your server)

cl db

debug flow basic

-> try to access 10 net from the server)

undebug all

get db str (post this output)

Thanks for your help. I was able to get it. Through the console I set the gateway for the untrusted interface. After that was complete I assigned the proper policies and everything began working correctly.

It's weird that the gui interface doesn't give an option to set or change the gateway on the untrusted interface. It had be going for several hours.

Anyways thanks again for offering assitance.