Screen OS

Greetings all,

First let me say I was given an SSG5 and I am very new to it. So I am needing a little help getting things tweaked to the way I need it. What I need to do is have my SSG5 to act as a L2 switch. on ports 0/1-0/6. I would like either the aux or 0/0 to be reachable via the web for remote access. I currently have another firewall in place acting ad my DHCP server. I’m sure it’s very simple to setup but I have been racking my brain with this issue for about a week now. Any help would be great.

There are two options :

1. Put interfaces E0/1-- 0/6 in a bgroup and use  them as a L2 switch. You can configure an IP on E0/0 via which you can manage the device

2. Configure the device in transparent mode , then assign an IP on VLAN which is reachable from internet for management.

You can follow th ebelo wmentioned KBs for some info on Transparent mode :

http://kb.juniper.net/KB4160

http://kb.juniper.net/KB5534

http://kb.juniper.net/KB5532

I like Option 1, but I how do I put them in L2 mode? setting up 0/0 I have figured out how to do.

hello.

you will use bridge groups...

set interface bgroup0 port eth0/1

set interface bgroup0 port eth0/2

set interface bgroup0 port eth0/3

set interface bgroup0 port eth0/4

set interface bgroup0 port eth0/5

set interface bgroup0 port eth0/6

set int bgroup ip x.x.x.x/x

At this point, port 0/1 to 0/6 are part of the same L2 "switch".

Regards,

Sam

one thing to note is that since ports 0/1 - 0/5 are all part of the same logical bgroup0 interface, you cannot apply any firewall policies.  If you want to apply firewall policies, then you need to use option 2.

Thank you I took a second look and I just needed to give the Bgroup any subnet and make sure DHCP was set off. Thank you all again for your help.

can you try giving an IP address to bgroup0?

The other devices connected on ports 0/1 - 0/5 should now be able to see each other.

And yes, you are turning off DHCP on the SSG5.

Regards,

Sam