• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 741
  • Last Modified:

Netscreen 5GT Firewall Setup with Class C IP Block

I have a netscreen 5GT firewall and a class C IP block. I would like to create three sub net in the firewall:

First Subnet: 192.168.0.1-192.168.0.100
Second Subnet: 192.168.0.101-192.168.0.254
Third Subnet: 192.168.1.1-192.168.1.254

Can this be done in Transparent mode? Do I have to configure NAT mode in the firwall? I really appreciate your help.

Thanks.
0
nauman_ahmed
Asked:
nauman_ahmed
  • 3
  • 3
  • 2
  • +1
1 Solution
 
Rick_O_ShayCommented:
The best you could do with the the first and second is split it in two with a 255.255.255.128 mask and use 192.168.0.1-126 and 192.168.0.129-254. However you could use 3 networks with 24 bit masks like 192.168.0.0, 192.168.1.0, and 192.168.2.0.
0
 
Sanga CollinsSystems AdminCommented:
I'm not sure you can do this in transparent mode on the 5gt. You may have to create subinterfaces to handle your multiple subnets. If you Need physical seperation by port. You can use home/work mode in combination with a subinterface.
0
 
rsivanandanCommented:
The whole point of transparent mode is to avoid L3, isn't it? So I guess you're trying to do something which is not clear to us. Can you be a bit more specific on why you want to do this or what you're trying to do?

Cheers,
rsivanandan
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
nauman_ahmedAuthor Commented:
Thanks for the reply guys, it was very helpful. I hope the following make it clear on what I am trying to do:

I have a class C IP address and I would like to configure the Netscreen 5GT firewall for the following environments:

1. Office - 128 IPs
2. Development Environment - 128 IPs
3. Production Environment - 256 IPs

I am trying to accomplish the above using one firewall. Would it be possible with or without NAT?

Thanks.
0
 
nauman_ahmedAuthor Commented:
Rick_O_Shay:

If I have to split it the way you mentioned, what needs to be defined in firewall network settings?

Thanks.
0
 
Rick_O_ShayCommented:
If you either subnet the one network or use 3 separate networks you need to have a router interface with a respective IP address in each one. So in the subnet case it could 192.168.0.1/25 and 192.168.0.129/25 for your router interface addresses.
0
 
rsivanandanCommented:
When the firewall is in transparent mode, you only have L3 info for accessing the firewall. So in your case, you want to have 3 networks as you mentioned. what should be done is to have this setup in your lan and send it across firewall (You don't do anything on the firewall). The routing between these networks should be taken care by a router and not this firewall. Something like this;


Office-------------------
                                |
Dev Env----------------
                                |-----Internal Router---------Firewall in transparent Mode---------Internet
Prod Env---------------
                                |

If you can't do that, like you want to have this done by the firewall then you'd have to move the firewall away from transparent mode.

Cheers,
rsivanandan

0
 
nauman_ahmedAuthor Commented:
Thanks rsivanandan:

What needs to be done if I move the firewall from transparent mode? What configuration change will be required in firewall?

Thanks.
0
 
rsivanandanCommented:
You need to take the firewall out of transparent mode (pretty much factory-default and reconfigure for route mode). Things to do;

1. You can connect the 3 networks to 3 physical ports on the firewall.

2. All those networks will have the Firewall as the default gateway.

3. All those ports put it in 'trust'

4. Outside interface put it in 'untrust'

5. set up policies for having the traffic go out to internet.

http://www.rsivanandan.com/2007/03/12/10-minute-config-of-juniper-firewalls/

Cheers,
rsivanandan
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now