ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

There is no bridge group interface on ISG 2000

‎07-24-2019 10:13 AM

We have an ISG 2000 firewall running 6.3.0r13b.0 that does not have a bgroup interface configure by default, nor have I been able to create one. We need this for a VPN connection, but I've spent a lot of time trying to figure this out. Can someone point me to documentation as to how the bgroup interface is to be configured? Thanks

5 REPLIES 5
ScreenOS Firewalls (NOT SRX)

Re: There is no bridge group interface on ISG 2000

‎07-24-2019 11:14 AM

Hi,

 

Bridge interface is supported on the SSG Series of ScreenOS. Bridge Groups are new to ScreenOS starting with version 6.0. on the SSG firewall family. These represent a logical Layer 2 switch within the firewall. You can configure any port on an SSG5/20 into a Bridge Group; on the SSG140/300/500 family, only ports added via Universal Port Interface Modules, uPIMs, can be in a Bridge Group and the group cannot span uPIM modules. This is documented on the Juniper Support Site Knowledge Base within KB article number 10747, located at http://kb.juniper.net/KB10747.

 

ISG series do not support this concept and the reason must be the difference in the architecture.

 

Hope this helps.

 

Regards,

Pradeep.

ScreenOS Firewalls (NOT SRX)

Re: There is no bridge group interface on ISG 2000

‎07-24-2019 11:18 AM

If you can add more on the requirement for this bgroup interface for VPN, we can help find the alternatives on ISG,

 

Regards,

Pradeep.

ScreenOS Firewalls (NOT SRX)

Re: There is no bridge group interface on ISG 2000

‎07-24-2019 12:16 PM

Thanks for the responses. We're configuring a route-based VPN to Azure, and the configuration appears to utilize bridge groups.

ScreenOS Firewalls (NOT SRX)

Re: There is no bridge group interface on ISG 2000

‎07-24-2019 02:57 PM

can you post a link or the provided sample configuration and we can help convert it to something compatible with the ISG.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
ScreenOS Firewalls (NOT SRX)

Re: There is no bridge group interface on ISG 2000

‎07-24-2019 11:39 PM

Hi,

 

As per my knowledge, a bridge group is not a compulsory requirement for a route based VPN with Azure. Bridge group interface to the external world is just another interface with an IP configured. It bridges the traffic locally connected to the interfaces in that bridge group without a need of policies.

 

Hope this helps.

 

Regards,

Pradeep.