06-03-2008 11:42 PM
Im seeking for an urgent help from you experts regarding step by step procedure to configure SSG5-isdn firewall. Though I have some experience on Linux based firewall but Im new to hardware firewall stuffs. However, My network would be consist of two segments. Segment 1 would be consist of 4 webservers with database server support and all the server would be configured by separate global IP. Segment 2 would be our LAN and would like to access the internet through that firewall.
So guys kindly help me out regarding this matter as soon as possible.
06-04-2008 07:27 AM
Will you only be using the ISDN connection for remote access, or another form of connection as well, (eg ADSL with ISDN failover)? I can tell you now, that when I set this up, it wasn't easy.
06-04-2008 07:49 AM - edited 06-04-2008 07:57 AM
Here's a few documents to start:
Let us know how it goes.
06-04-2008 07:07 PM
Thanks for your reply. We are going to use 100Mbps shared internet connection(optical fiber connection) with 16 global IP which has been provided by our ISP. So far I stuied that eth 0/0 is for untrust zone (Im not sure whether it mean WAN zone), eth 0/1 is for DMZ zone and rest of the port for the bg group. the things that I didnt understand are,
1. Which port should I use for WAN connection of the firewall, I mean the line which come from my ISP, in which port I should put on the firewall?
2. configuration steps which I mentioned earlier.
Would you please help me out?
06-04-2008 07:14 PM
Thanks a lot for your mail and really appreciate your recommendations.
but things is Im bit in hurry situation... so I need some sort of solution as soon as possible. in a short Im seeking an urgent help regarding this matter.
06-05-2008 03:15 AM
Hi, yes, ok ethernet0/0 is the Untrust or WAN interface. When I configured our SSG 5-ISDN, I used PPPoE on this interface. You will want to use ethernet0/1 for your DMZ. You should be able to use any of your other interfaces for your Trust interface, ie internal LAN.
For your web servers, I am assuming you'll need them to have fixed public IPs, so would suggest using MIPs. This can be done through ethernet0/0 edit > MIP. The Mapped IP will be the public address & the Host obviously your web server.
Hopefully that will give you a good start on this. Do you not have Juniper support for the issue? They should be able to quickly walk you through setting everything else up.