Configuring modem for Netscreen 5GT firewall

Posted on 2009-04-17
Last Modified: 2012-05-06
I have a 5GT which I want to setup at home to learn from. Can't seem to find exactly how to configure my Netgear router with a 5GT. I need someone to simply walk me through an installation without too much technical jargon.

I've got all the standard instructions that came with the unit or whatever I found on the Web regarding installs, but nothing on how to set up the Modem/Router or anything on troubleshooting initial setup.

I have a netgear ADSL modem/router DG834 v3. I have connected an RJ45 from the untrusted port of the 5GT to one of the ports on the Netgear. I have another RJ45 from trusted port 1 going to my laptop. I have a serial cable going from the laptop to the 5GT and have no trouble in accessing the 5GT Web UI.

I have one static ip 78.X.X.X  with netmask of which is automatically assigned to my Netgear.

What configuration needs to be done on the Netgear?
Do I need to be in Bridge Mode?

I can run the Rapid Deployment on the 5GT but I am not sure if I am entering all the correct or required information or what needs to be done next.

My goal is to complete a basic install with the 5GT and get internet access to machines on my home lan.
Question by:sanaar99
    LVL 18

    Accepted Solution

    go through the rapid deployment so you can get the basics out of the way. you can change the values later if they do not work in your environment.

    there are two ways you can get this going.

    The first is by leaving the modem configuration as is. make sure you can surf the web with your laptop plugged into the modem. Unplug the laptop from the modem and connect the juniper using the untrusted port. log into the juniper webui from the laptop and make sure under Network>interfaces, your untrusted ip is being assigned properly by the modem. (this will be similar to the ip the laptop gets when plugged in directly, not necessarily your public ip). go to policies and create two policies.

    the first from trust to untrust. source: any, dest: any, service: any, permit and log
    the second from global to global. source: any, dest: any, service: any, deny and log

    the policy rules are processed in order so the global rule being last will block any traffic that does not match policies listed above it. (you can intially leave this rule out while testing your setup, but its a good rule to have in your firewall.)

    this should get you going and surfing the web so you can get to where there is tons of good info on using their devices :)

    the second way is a little more complex. bascially what you do is put the modem in bridge mode and have the juniper handle you PPPoe authentication for you.

    from the webui under Network>PPP>PPPoe profile, create a new profile where you will put your DSL information. (account password etc) Leave everything at the default values, but check the box for static ip. Go back to Network>interfaces and click on 'edit' for the row labeled untrust. at the top of the window select 'Obtain IP using PPPoE' and select the profile you created from the drop down list. enter your static ip, and netmask while leaving manage ip blank. at the bottom of the screen click apply changes and then click ok. if your modem is bridged correctly, the column labeled 'PPPoE status" will have a green check mark. if the modem is misconfigured or you have the wrong login info you will see a red x.

    when using a static ip configured from the webui you need to specify your default gateway in the routing table. without this traffic will not know how to get out to the internet.

    go to Network>routing>destination and click on new TRUST-VR to create a new route. the ip address and netmask will be, the gateway interface will be 'untrust' and the gateway ip address will be the one provided by your isp something like 78.x.x.x

    i hope this gets the ball rolling in the right direction for you.

    Author Comment

    Thanks for the info. Option two was the method I have been trying. I was always getting a red X. I will try again from scratch with both methods and get back to you.
    LVL 18

    Expert Comment

    by:Sanga Collins
    if you are getting the red 'x' its usually one of two things. either the user name and password you put in the juniper is incorrect, or the modem is not proper;y in bridge mode. when i run into this problem its usually the modem. you can test the modem by putting it in bridge mode, connecting you laptop and from the network connection manager creating a PPPoE connection.

    Author Comment

    Your instuctions worked perfectly, which also enabled me to understand where I had gone wrong.
    I used bridge mode as I seem to understand this better than the other method.

    I did not need to create a routing destination as one was automatically added by the firewall.

    The first time I was going wrong when entering  the gateway address, which was not required because the PPPoE setup provided it automatically and I was entering something different.

    The second attempt I actually had it working but did not realise because I had used a static IP on my laptop but did not enter DNS settings. Because I could not get out to the internet I assumed the firewall was still configured incorrectly.

    Anyway, after recieving your input It was easy to compare my previous attempts against your instuctions, and it was easy to see where I was going wrong.

    So, I not only got what I wanted I have also managed to get some troubleshooting, which is probably more valuable that the setup!!

    Thanks for your assistance.

    LVL 18

    Expert Comment

    by:Sanga Collins
    thats good to hear!

    dont forget to check out the knowledge base on the juniper website. there is a lot of good info there

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
    We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now