Solved

Juniper NetScreen 5GT-ADSL - Opening up for Webserver

Posted on 2009-05-11
7
1,138 Views
Last Modified: 2012-06-21
I'm relatively new to Juniper - heavy FortiGate background - and I'm having a bit of an issue opening it up to allow access to a webserver.  I've run through the Policy Wizard to open the HTTP service up to the specified server (Untrust -> Trust (HTTP, Logging)) but no go.  

Can some assist me with the correct method of opening this up?  

Here's some information that might be useful:
ISP - AT&T / Bellsouth
Firmware - 5.4.0r3a.0
Operation Mode - Trust-Untrust
0
Comment
Question by:ACCUmarc
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 24360835
you need to create a VIP on the untrust interface to forward the ports you require (MIP if you have static ips). After creating the VIP you then create a policy as before, but instead of using trust as the destination, choose the VIP instead (it will be one of the options)

also check out the juniper website knowledge base. it is very well organized and will help you alot.

http://kb.juniper.net/index?page=home
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 24365013
Thanks for the feedback.

Ok.  I follow what you are saying but I don't see that option.  Both the adsl1 and untrust interfaces show in the same 'untrust' zone.  I cannot add a VIP to the untrust interface as it is not an option; I can to the adsl1 interface though.  I tried to add a MIP (which I'm assuming is management ip?) but it accomplished nothing.

I've attached a few screen shots.  
interfaces-j5gtadsl.jpg
adsl1inf-j5gtadsl.png
untrustinf-j5gtadsl.png
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 125 total points
ID: 24365270
ahh i see where the confusion is. i did not take into account that you have the 5gtADSL. the VIP needs to be on the interface[port] that you use as your WAN. so in this case it would be on the ADSL port.

A MIP is a 'mapped IP' you use this if you have a block of static ip addresses from your ISP and would like to map one of your other ips to a server on your LAN. if you do not have a block of static ip's then a vip (virtual ip) will be the way to go.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 2

Author Comment

by:ACCUmarc
ID: 24365690
When I try to add a VIP Service to the ADSL interface I get the following error message:

"Service (port=80) not support for this vip <ip address>"

where <ip address> is the correct IP.

Is that because I have webui allowed on that ADSL interface?  The box is actually at my house and I'm working on it from the office so I currently have it enabled.  
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 24365856
that is because port 80 is used by the juniper for the management webpage. you can either change the port used for connecting to the juniper management page by going to

Configuration > Admin > Management and selecing a different HTTP Port (maybe 8080 or 8888)

or on your web server you can change it to use a different port other than port 80
0
 
LVL 2

Author Comment

by:ACCUmarc
ID: 24366664
Thanks for your help.  I was able to get it working by following what you were saying.  Not quite as straightforward as the FortiGates but that's ok.

Thanks again.
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 24366758
it does take a few second looks to grasp they way juniper devices work. but once you see the big picture it does make sense. please post if you run into anymore issues
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
HTTPS over a limited internet connection 6 57
VLAN Question 7 44
Site cannot be reached ONLY when connected to modem 18 43
Netflix streaming problem 18 66
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question