Hey guys, I have a client that currently has a BSD-based firewall (whitebox) protecting their network. It has started to act up they wanted to replace it with a major brand appliance, so I went with the Juniper SSG-5-SH.
All of the workstations/servers use real world public IPs. for arguments sake we'll say 1.1.1.10-1.1.1.90. They are on a T1 line. The current firewall just runs transparently and blocks most everything from getting in except for the standard ports (SSL, HTTP, SMTP, blah blah). We can't change it back to NAT for now, so it has to stay this way.
I've done plenty of NAT networks and that's no problem. But setting this Juniper up transparently and correctly mapping the eth0/0 and 0/2 interfaces to the correct vlans and trust-vr / untrust-vr is just taking me a bit longer than normal to wrap my head around.
So far the only thing I've done with the Juniper is get it set into Pure L2 mode (Transparent) and I have an IP assigned to VLAN1 so that I can manage it via the WebUI. (also am using console in case i screw up the WebUI).
My end goal is to have the Juniper do exactly what the BSD firewall did and just allow certain traffic in, while allowing everything out. Internet comes in at eth0/0 and internal on eth0/2. Can you guys point me in the right direction for how to continue setting this up?
I'm also looking to have this function as a VPN endpoint, offloading that work from the domain controller. Any direction there would also be appreciated.