sliknick1028
asked on
Juniper Netscreen 5GT - Is there a way to enable "Incoming NAT" for DIP via CLI?
I have a Juniper Netscreen 5GT - Firmware Version 5.0.0r8.1 (Firewall + VPN)
Using the GUI I have no option to enable "Incoming NAT" under Network -> Interfaces -> Trust interface -> Edit -> DIP (which is what I think is the option I need to enable to solve my original issue). Now I have 2 other Juniper Netscreen 5GT's with firmware version 5.3.0r6.0 and they DO have the option to enable "Incoming NAT". My first thought was that I need to upgrade the firmware on the 1 oddball firewall to match the other 2 newer firewalls, but thinking more about it I was wondering if there was a command that I can use within the CLI to enable this "Incoming NAT" option for the DIP. This way I can avoid spending extra money buying a service contract to get the firmware upgrade and avoid running into the possibility of messing up the current configuration when applying the upgraded firmware.
Any help would be appreciated. Thank You!
Using the GUI I have no option to enable "Incoming NAT" under Network -> Interfaces -> Trust interface -> Edit -> DIP (which is what I think is the option I need to enable to solve my original issue). Now I have 2 other Juniper Netscreen 5GT's with firmware version 5.3.0r6.0 and they DO have the option to enable "Incoming NAT". My first thought was that I need to upgrade the firmware on the 1 oddball firewall to match the other 2 newer firewalls, but thinking more about it I was wondering if there was a command that I can use within the CLI to enable this "Incoming NAT" option for the DIP. This way I can avoid spending extra money buying a service contract to get the firmware upgrade and avoid running into the possibility of messing up the current configuration when applying the upgraded firmware.
Any help would be appreciated. Thank You!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can look at the config of one of the newer netscreens from the GUI.
Also did you know, you can tftp the firmware from one netscreen and put it on another. We don't have any contract with juniper and when ever my boss buys a netscreen from eBay with newer firmware than I hve. I just tftp it off the device and apply it to the others.
I'm on a plane right now so whn I get to my destination I'll look up the commands.
Also did you know, you can tftp the firmware from one netscreen and put it on another. We don't have any contract with juniper and when ever my boss buys a netscreen from eBay with newer firmware than I hve. I just tftp it off the device and apply it to the others.
I'm on a plane right now so whn I get to my destination I'll look up the commands.
ASKER
Will the firmware upgrade affect any of the settings of the firewall or do we need to back up the settings some how? If we do need to back up the settings how do I go about doing that? Is it as easy as getting the config (get config all) and then upgrading and then run the config to set everything?
thanks!
thanks!
From the webui you can save a copy of the config hen you view it.
I would suggest using tftp to do this.
ie set up a tftp server
enter the following commands
get config > tftp <ip address of tftp server> config-file.txt
Similar to what you would do for backing up and upgrading the screenos image.
namely to back up
save config from flash to tftp <ip address of tftp server> <filename>
To upgrade your system
save config from tftp <ip address of tftp server> <filename> to flash
reset
I would suggest using tftp to do this.
ie set up a tftp server
enter the following commands
get config > tftp <ip address of tftp server> config-file.txt
Similar to what you would do for backing up and upgrading the screenos image.
namely to back up
save config from flash to tftp <ip address of tftp server> <filename>
To upgrade your system
save config from tftp <ip address of tftp server> <filename> to flash
reset
Am even easier way to save the config is from the GUI. I'm on a plane so I can't be sure. But I believe it's under the 'update' menu where you can view you update your screen os and keys. Upgrading the device will not break the co fig unless you are Making a major jump such as from screen os 4 to 5. Other than that upgrading the firmware will have no impact and I routinely do it to device in production environments from NSM or from the webui
ASKER
Ok, so I found the firmware upgrade that the previous person at my job position saved on the network. The filename is ns5gt.5.3.0r6.0
So do you anticipate any problems applying this update since the firmware is currently Version 5.0.0r8.1
So do you anticipate any problems applying this update since the firmware is currently Version 5.0.0r8.1
Nope, there should be no issue for this bud but before you do the upgrade, plan a few key tests to make sure that all the stuff that worked BEFORE the upgrade, still works AFTER the upgrade, ie access to servers, mail, VPNs etc.
Also did you know, you can tftp the firmware from one netscreen and put it on another. We don't have any contract with juniper and when ever my boss buys a netscreen from eBay with newer firmware than I hve. I just tftp it off the device and apply it to the others.
I'm on a plane right now so whn I get to my destination I'll look up the commands.