[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Route more than 1 public IP address through Juniper Netscreen 5gt firewall

Posted on 2009-04-17
Medium Priority
Last Modified: 2012-05-06
We have our web services set up at a hosted facility who has given us a block of IP addresses.  Currently we are only using 1 of the IP addresses to come through our Juniper Netscreen-5gt firewall and routed to our servers.  We are adding a website to our services and want to know if its possible to use the same IP address that we're using now and route it through the Juniper firewall.
Any help is appreciated.
Thank You.
Question by:sliknick1028
  • 3
  • 2
LVL 18

Accepted Solution

Sanga Collins earned 2000 total points
ID: 24172223
on the netscreen 5gt you can use a VIP to route a public ip to any equipment on your LAN. you can also use a MIP (mapped ip) since you have a block of static ips available. IMO Mip is a better way to go. you get more felxibility.

post more info if you'd like specific info on getting this working

Author Comment

ID: 24181675
-Firewall set up in trust-untrust mode

If we want to add another IP address route policy into the firewall configuration for the 2nd website to hit the new web servers, where exactly would we do that in the Juniper configuration?  would I need to add it in another interface (the only options for that are Loopback IF, Tunnel IF, or VSI IF) would I need to add another routing entry?  

Another thought, I have multiple ports open in the firewall, could I plug in another connection and then another interface in the router configuration will become available??


Author Comment

ID: 24188267
You can disregard my last comment.  We figured it out by creating a new MIP to route to the server private IP address.  So you were correct, thank you.  
We have it working when we set it to an internal IP address.  However it completely stops working when we use an internal IP address that is setup as an NLB cluster.  We can hit the NLB cluster internally with no problem, but externally it won't reach the page.

Do you know what the reason for this would be?
LVL 18

Expert Comment

by:Sanga Collins
ID: 24188528
im not sure i have enough experience with NLB (network load balancing is what you meant right?) clusters to give you the exact answer.

ill check in a couple of the juniper forums to see if anyone has more info. i put the links below as well. both sites are great assets for juniper users who do not want to pay extortion money for support.


Author Comment

ID: 24188903
Yes, Network load balancing.

Thanks for checking the forums for me!

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question