ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Afif
Contributor
Afif
Posts: 11
Registered: ‎09-20-2011
0

How to create VLAN on SSG20

Options

‎06-13-2012 02:29 AM

 

 

Hi,

 

I have difficulty in configuring VLAN on my ssg20. I've try to search in KB but failed to get a better reference guide. I hope with this post, all the juniper expert can give advice and share some knowledge and give a futher reference to others

 

 

My situation is like this,

 

I have one dynamic IP that connected to my ssg20 at eth0 (untrust-zone). For eth2 and eth 3, i plan to set the VLAN to this interfaces. I have a server with two different network card. Both have different IP

 

For eth2 i plan to connect this interface to my server with IP,

 

IP:10.0.7.20

gateway: 10.0.7.1

netmask:255.255.255.0

 

For eth3

 

IP: 10.0.8.20

gateway:10.0.8.1

netmask: 255.255.255.0

 

I want both network card can route to internet cloud using same gateway. How can i configure this VLAN?

 

 

Thanks is advance

 

 

Attached is the example network diagram

Message 1 of 7 (353 Views)
 
Reply
Trusted Contributor
nikolay.semov
Posts: 160
Registered: ‎03-15-2012
0

Re: How to create VLAN on SSG20

Options

‎06-13-2012 05:10 AM

No attachment.

Also, unless you're connecting the server NICs to the firewall directly, this is really a switch configuration question. If the firewall interfaces are connected to access-mode switch ports (as they should be in your case) the firewall couldn't care less what VLANs those ports belong to.
Message 2 of 7 (349 Views)
 
Posted from Palm Pre2
Reply
Trusted Contributor
michael.saw
Posts: 834
Registered: ‎09-26-2011
0

Re: How to create VLAN on SSG20

Options

‎06-13-2012 06:34 AM

using eth0/0.0, eth0/0.1...
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT, JNCIS-SEC
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Message 3 of 7 (347 Views)
 
Reply
Distinguished Expert
Distinguished Expert
echidov
Posts: 846
Registered: ‎11-02-2009
0

Re: How to create VLAN on SSG20

Options

‎06-14-2012 12:00 AM

Hi,

 

There are no need to configure VLANs here.

Could you please explain why do you want to have VLANs on the firewall?

Kind regards,
Edouard
Message 4 of 7 (337 Views)
 
Reply
Afif
Contributor
Afif
Posts: 11
Registered: ‎09-20-2011
0

Re: How to create VLAN on SSG20

Options

‎06-14-2012 02:35 AM

 

 

Hi,

 

 

Thanks for your reply. Much appreciate

 

 

The reason why i want to use VLAN is due to my server have two different network card with different gateway 10.0.7.1/24 and 10.0.8.1/24. Both of the network card must be route to internet. But i realized that i also can use two bgroup with different gateway and route using same network

 

 

Am i right?

 

bgroup1 - consist of eth0/2 with IP 10.0.7.1

 

bgroup2 - consist of eth0/3 with IP 10.0.8.1

 

 

 

 

 

Message 5 of 7 (334 Views)
 
Reply
Trusted Contributor
nikolay.semov
Posts: 160
Registered: ‎03-15-2012
0

Re: How to create VLAN on SSG20

Options

‎06-14-2012 04:29 AM

No, bgroup members cannot have their IP. So, having a single interface in a bgroup is meaningless.
Message 6 of 7 (330 Views)
 
Posted from Palm Pre2
Reply
Distinguished Expert
Distinguished Expert
echidov
Posts: 846
Registered: ‎11-02-2009
0

Re: How to create VLAN on SSG20

Options

‎06-14-2012 08:12 AM

Hi,

 

Connect eth2 and eth3 of the firewall to a switch and both server cards to the same switch. That's it.

You can also configure two VLANs on the switch with two ports in each VLAN. VLAN10: eth2 and NIC1, VLAN20:eth3 and NIC2. No VLANs are required on the firewall also in this case.

Kind regards,
Edouard
Message 7 of 7 (325 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.