• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2703
  • Last Modified:

Juniper Netscreen 5GT - Is there a way to enable "Incoming NAT" for DIP via CLI?

I have a Juniper Netscreen 5GT - Firmware Version 5.0.0r8.1 (Firewall + VPN)

Using the GUI I have no option to enable "Incoming NAT" under Network -> Interfaces -> Trust interface -> Edit ->  DIP (which is what I think is the option I need to enable to solve my original issue).  Now I have 2 other Juniper Netscreen 5GT's with firmware version 5.3.0r6.0 and they DO have the option to enable "Incoming NAT".  My first thought was that I need to upgrade the firmware on the 1 oddball firewall to match the other 2 newer firewalls, but thinking more about it I was wondering if there was a command that I can use within the CLI to enable this "Incoming NAT" option for the DIP.  This way I can avoid spending extra money buying a service contract to get the firmware upgrade and avoid running into the possibility of messing up the current configuration when applying the upgraded firmware.
Any help would be appreciated.  Thank You!
0
sliknick1028
Asked:
sliknick1028
  • 3
  • 3
  • 2
1 Solution
 
deimarkCommented:
IN short, you hit the nail on the head witht eh upgrade part.

I would also recommend that you get all firewalls up to 5.4, which is the last version before going 6.0 and up.

As for the CLI commands, its normally around the following syntax (it may differ per version)

set int <int name> dip <number between 4 and 1023) <start IP> <end IP>

This might allow you to select the DIP int eh GUI when you create a rule now.

If not, then have a look at the config on the working firewalls and look for dip

ie get config | include dip

Compare the results there and copy, but you may still have issues with it as there are loads of differences between 5.0 and 5.3.

Have a look at www.juniper.net/techpubs and look for a CLI manual to assist.
0
 
Sanga CollinsSystems AdminCommented:
You can look at the config of one of the newer netscreens from the GUI.

Also did you know, you can tftp the firmware from one netscreen and put it on another. We don't have any contract with juniper and when ever my boss buys a netscreen from eBay with newer firmware than I hve. I just tftp it off the device and apply it to the others.

I'm on a plane right now so whn I get to my destination I'll look up the commands.
0
 
Sanga CollinsSystems AdminCommented:
You can look at the config of one of the newer netscreens from the GUI.

Also did you know, you can tftp the firmware from one netscreen and put it on another. We don't have any contract with juniper and when ever my boss buys a netscreen from eBay with newer firmware than I hve. I just tftp it off the device and apply it to the others.

I'm on a plane right now so whn I get to my destination I'll look up the commands.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
sliknick1028Author Commented:
Will the firmware upgrade affect any of the settings of the firewall or do we need to back up the settings some how?  If we do need to back up the settings how do I go about doing that?  Is it as easy as getting the config (get config all) and then upgrading and then run the config to set everything?

thanks!
0
 
deimarkCommented:
From the webui you can save a copy of the config hen you view it.

I would suggest using tftp to do this.

ie set up a tftp server
enter the following commands
get config > tftp <ip address of tftp server> config-file.txt

Similar to what you would do for backing up and upgrading the screenos image.

namely to back up

save config from flash to tftp <ip address of tftp server> <filename>

To upgrade your system

save config from tftp <ip address of tftp server> <filename> to flash
reset
0
 
Sanga CollinsSystems AdminCommented:
Am even easier way to save the config is from the GUI. I'm on a plane so I can't be sure. But I believe it's under the 'update' menu where you can view you update your screen os and keys. Upgrading the device will not break the co fig unless you are Making a major jump such as from screen os 4 to 5. Other than that upgrading the firmware will have no impact and I routinely do it to device in production environments from NSM or from the webui
0
 
sliknick1028Author Commented:
Ok, so I found the firmware upgrade that the previous person at my job position saved on the network.  The filename is ns5gt.5.3.0r6.0
So do you anticipate any problems applying this update since the firmware is currently Version 5.0.0r8.1
0
 
deimarkCommented:
Nope, there should be no issue for this bud but before you do the upgrade, plan a few key tests to make sure that all the stuff that worked BEFORE the upgrade, still works AFTER the upgrade, ie access to servers, mail, VPNs etc.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now