ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

How to create VLAN on SSG20

06.13.12   |  
‎06-13-2012 02:29 AM

 

 

Hi,

 

I have difficulty in configuring VLAN on my ssg20. I've try to search in KB but failed to get a better reference guide. I hope with this post, all the juniper expert can give advice and share some knowledge and give a futher reference to others

 

 

My situation is like this,

 

I have one dynamic IP that connected to my ssg20 at eth0 (untrust-zone). For eth2 and eth 3, i plan to set the VLAN to this interfaces. I have a server with two different network card. Both have different IP

 

For eth2 i plan to connect this interface to my server with IP,

 

IP:10.0.7.20

gateway: 10.0.7.1

netmask:255.255.255.0

 

For eth3

 

IP: 10.0.8.20

gateway:10.0.8.1

netmask: 255.255.255.0

 

I want both network card can route to internet cloud using same gateway. How can i configure this VLAN?

 

 

Thanks is advance

 

 

Attached is the example network diagram

6 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: How to create VLAN on SSG20

06.13.12   |  
‎06-13-2012 05:10 AM
No attachment.

Also, unless you're connecting the server NICs to the firewall directly, this is really a switch configuration question. If the firewall interfaces are connected to access-mode switch ports (as they should be in your case) the firewall couldn't care less what VLANs those ports belong to.
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: How to create VLAN on SSG20

06.13.12   |  
‎06-13-2012 06:34 AM
using eth0/0.0, eth0/0.1...
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
ScreenOS Firewalls (NOT SRX)

Re: How to create VLAN on SSG20

06.14.12   |  
‎06-14-2012 12:00 AM

Hi,

 

There are no need to configure VLANs here.

Could you please explain why do you want to have VLANs on the firewall?

Kind regards,
Edouard
ScreenOS Firewalls (NOT SRX)

Re: How to create VLAN on SSG20

06.14.12   |  
‎06-14-2012 02:35 AM

 

 

Hi,

 

 

Thanks for your reply. Much appreciate

 

 

The reason why i want to use VLAN is due to my server have two different network card with different gateway 10.0.7.1/24 and 10.0.8.1/24. Both of the network card must be route to internet. But i realized that i also can use two bgroup with different gateway and route using same network

 

 

Am i right?

 

bgroup1 - consist of eth0/2 with IP 10.0.7.1

 

bgroup2 - consist of eth0/3 with IP 10.0.8.1

 

 

 

 

 

ScreenOS Firewalls (NOT SRX)

Re: How to create VLAN on SSG20

06.14.12   |  
‎06-14-2012 04:29 AM
No, bgroup members cannot have their IP. So, having a single interface in a bgroup is meaningless.
ScreenOS Firewalls (NOT SRX)

Re: How to create VLAN on SSG20

06.14.12   |  
‎06-14-2012 08:12 AM

Hi,

 

Connect eth2 and eth3 of the firewall to a switch and both server cards to the same switch. That's it.

You can also configure two VLANs on the switch with two ports in each VLAN. VLAN10: eth2 and NIC1, VLAN20:eth3 and NIC2. No VLANs are required on the firewall also in this case.

Kind regards,
Edouard