ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

SSG 140 Basic setup URGENT

‎01-17-2011 05:22 AM

Hi there all,

Sorry to ask this since i'm pretty sure for most o you guys its must be a lamme subject.

I Have no experience in Juniper products and i must conffess i'm lost even tough i have a bunch os materials here to read.

But got no sucess at all until now.

I'm trying to setup a Lan port wich its going to be connected to a swichcore inside our datacenter and an another port whose objective is to and give internet access throughout a static ip adress given by our ISP, this interfce will used inityally only webfiltering service to all users coming troughtout the lan.

So here's what i have planned.

Unbinded all  default interrfaces and seted  as follow:

e0/0 it's goig to be my LAN interface that's going to be connected to the switchcore
e0/1 it's goiing to receive a WAN link with static IP and it's going to be used to provide internet access to my LAN.
e0/0 is setted in the trust zone and the e0/1 is setted in the Untrusted zone, i've setted the Untrust zone to the untrust-vr and also configured the e0/0 to NAT mode.

How can i assign all the traffic coming from  e0/0 to the e0/1 and apply webfiltering on it?

Any help will be appreciated, since the subject it's URGENT.



Cristiano Sina

ScreenOS Firewalls (NOT SRX)

Re: SSG 140 Basic setup URGENT

‎01-17-2011 06:31 AM

Hi Cristiano Sounds like an easy setup.


 First things first - you need a Web Filter license. Once you have the licenses it needs to be activated on Junipers website. You should get an RTU code and with this code, activate the license.


Then you will need to connect to the unit via the web address (default is (username = netscreen password  = netscreen) then click on "configuration" - then "update" the  click "screenOSkeys" and then click "retrieve License see a popup showing you the license you purchased - Remember the unit needs to have internet access to retrieve its license keys.


Once the key is activated, you can now use web filter.


Click on Policies, sort you policeis from trust to untrust - edit the default policy and enable web filter (ns-profile).....then click OK to save........


You can customerise your web filter by following this link



hope it helps



ScreenOS Firewalls (NOT SRX)

Re: SSG 140 Basic setup URGENT

‎01-18-2011 11:24 AM

Thank you Andrew,


I understood about enabling the webfiltering feature, but how can i do, step-by step to route all traffic from int e0/0 (trust zone in the trust-vr) to int e0/1 (BRT <- untrusted zone in utrust-vr) ?


i also have DHCP server enabed in int e0/0 and have seted the DNS1 and DNS2 in the box so if i connect to it using the console port, i can ping anywhere throught it.


Can u give a litte help on how to set up this routing prcedure?