Juniper NetScreen 5GT-ADSL - Opening up for Webserver
I'm relatively new to Juniper - heavy FortiGate background - and I'm having a bit of an issue opening it up to allow access to a webserver. I've run through the Policy Wizard to open the HTTP service up to the specified server (Untrust -> Trust (HTTP, Logging)) but no go.
Can some assist me with the correct method of opening this up?
Here's some information that might be useful:
ISP - AT&T / Bellsouth
Firmware - 5.4.0r3a.0
Operation Mode - Trust-Untrust
Can some assist me with the correct method of opening this up?
Here's some information that might be useful:
ISP - AT&T / Bellsouth
Firmware - 5.4.0r3a.0
Operation Mode - Trust-Untrust
ASKER
Thanks for the feedback.
Ok. I follow what you are saying but I don't see that option. Both the adsl1 and untrust interfaces show in the same 'untrust' zone. I cannot add a VIP to the untrust interface as it is not an option; I can to the adsl1 interface though. I tried to add a MIP (which I'm assuming is management ip?) but it accomplished nothing.
I've attached a few screen shots.
interfaces-j5gtadsl.jpg
adsl1inf-j5gtadsl.png
untrustinf-j5gtadsl.png
Ok. I follow what you are saying but I don't see that option. Both the adsl1 and untrust interfaces show in the same 'untrust' zone. I cannot add a VIP to the untrust interface as it is not an option; I can to the adsl1 interface though. I tried to add a MIP (which I'm assuming is management ip?) but it accomplished nothing.
I've attached a few screen shots.
interfaces-j5gtadsl.jpg
adsl1inf-j5gtadsl.png
untrustinf-j5gtadsl.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When I try to add a VIP Service to the ADSL interface I get the following error message:
"Service (port=80) not support for this vip <ip address>"
where <ip address> is the correct IP.
Is that because I have webui allowed on that ADSL interface? The box is actually at my house and I'm working on it from the office so I currently have it enabled.
"Service (port=80) not support for this vip <ip address>"
where <ip address> is the correct IP.
Is that because I have webui allowed on that ADSL interface? The box is actually at my house and I'm working on it from the office so I currently have it enabled.
that is because port 80 is used by the juniper for the management webpage. you can either change the port used for connecting to the juniper management page by going to
Configuration > Admin > Management and selecing a different HTTP Port (maybe 8080 or 8888)
or on your web server you can change it to use a different port other than port 80
Configuration > Admin > Management and selecing a different HTTP Port (maybe 8080 or 8888)
or on your web server you can change it to use a different port other than port 80
ASKER
Thanks for your help. I was able to get it working by following what you were saying. Not quite as straightforward as the FortiGates but that's ok.
Thanks again.
Thanks again.
it does take a few second looks to grasp they way juniper devices work. but once you see the big picture it does make sense. please post if you run into anymore issues
also check out the juniper website knowledge base. it is very well organized and will help you alot.
http://kb.juniper.net/index?page=home