Configuring modem for Netscreen 5GT firewall

I have a 5GT which I want to setup at home to learn from. Can't seem to find exactly how to configure my Netgear router with a 5GT. I need someone to simply walk me through an installation without too much technical jargon.

I've got all the standard instructions that came with the unit or whatever I found on the Web regarding installs, but nothing on how to set up the Modem/Router or anything on troubleshooting initial setup.

I have a netgear ADSL modem/router DG834 v3. I have connected an RJ45 from the untrusted port of the 5GT to one of the ports on the Netgear. I have another RJ45 from trusted port 1 going to my laptop. I have a serial cable going from the laptop to the 5GT and have no trouble in accessing the 5GT Web UI.

I have one static ip 78.X.X.X  with netmask of which is automatically assigned to my Netgear.

What configuration needs to be done on the Netgear?
Do I need to be in Bridge Mode?

I can run the Rapid Deployment on the 5GT but I am not sure if I am entering all the correct or required information or what needs to be done next.

My goal is to complete a basic install with the 5GT and get internet access to machines on my home lan.
Who is Participating?
Sanga CollinsConnect With a Mentor Systems AdminCommented:
go through the rapid deployment so you can get the basics out of the way. you can change the values later if they do not work in your environment.

there are two ways you can get this going.

The first is by leaving the modem configuration as is. make sure you can surf the web with your laptop plugged into the modem. Unplug the laptop from the modem and connect the juniper using the untrusted port. log into the juniper webui from the laptop and make sure under Network>interfaces, your untrusted ip is being assigned properly by the modem. (this will be similar to the ip the laptop gets when plugged in directly, not necessarily your public ip). go to policies and create two policies.

the first from trust to untrust. source: any, dest: any, service: any, permit and log
the second from global to global. source: any, dest: any, service: any, deny and log

the policy rules are processed in order so the global rule being last will block any traffic that does not match policies listed above it. (you can intially leave this rule out while testing your setup, but its a good rule to have in your firewall.)

this should get you going and surfing the web so you can get to where there is tons of good info on using their devices :)

the second way is a little more complex. bascially what you do is put the modem in bridge mode and have the juniper handle you PPPoe authentication for you.

from the webui under Network>PPP>PPPoe profile, create a new profile where you will put your DSL information. (account password etc) Leave everything at the default values, but check the box for static ip. Go back to Network>interfaces and click on 'edit' for the row labeled untrust. at the top of the window select 'Obtain IP using PPPoE' and select the profile you created from the drop down list. enter your static ip, and netmask while leaving manage ip blank. at the bottom of the screen click apply changes and then click ok. if your modem is bridged correctly, the column labeled 'PPPoE status" will have a green check mark. if the modem is misconfigured or you have the wrong login info you will see a red x.

when using a static ip configured from the webui you need to specify your default gateway in the routing table. without this traffic will not know how to get out to the internet.

go to Network>routing>destination and click on new TRUST-VR to create a new route. the ip address and netmask will be, the gateway interface will be 'untrust' and the gateway ip address will be the one provided by your isp something like 78.x.x.x

i hope this gets the ball rolling in the right direction for you.
sanaar99Author Commented:
Thanks for the info. Option two was the method I have been trying. I was always getting a red X. I will try again from scratch with both methods and get back to you.
Sanga CollinsSystems AdminCommented:
if you are getting the red 'x' its usually one of two things. either the user name and password you put in the juniper is incorrect, or the modem is not proper;y in bridge mode. when i run into this problem its usually the modem. you can test the modem by putting it in bridge mode, connecting you laptop and from the network connection manager creating a PPPoE connection.
sanaar99Author Commented:
Your instuctions worked perfectly, which also enabled me to understand where I had gone wrong.
I used bridge mode as I seem to understand this better than the other method.

I did not need to create a routing destination as one was automatically added by the firewall.

The first time I was going wrong when entering  the gateway address, which was not required because the PPPoE setup provided it automatically and I was entering something different.

The second attempt I actually had it working but did not realise because I had used a static IP on my laptop but did not enter DNS settings. Because I could not get out to the internet I assumed the firewall was still configured incorrectly.

Anyway, after recieving your input It was easy to compare my previous attempts against your instuctions, and it was easy to see where I was going wrong.

So, I not only got what I wanted I have also managed to get some troubleshooting, which is probably more valuable that the setup!!

Thanks for your assistance.

Sanga CollinsSystems AdminCommented:
thats good to hear!

dont forget to check out the knowledge base on the juniper website. there is a lot of good info there
All Courses

From novice to tech pro — start learning today.