Netscreen Firewall 5GT Route

Posted on 2010-09-22
Last Modified: 2012-05-10
Hi All. We have a small network of about 45 computers and server and at present they are all simply setup so that they all point to the Default Gateway of the Netscreen 5GT firewall if wanting to go outside of our LAN ie to the world wide web (untrust). We have recently just downloaded a trial edition of GFI Web Monitor and installed it onto one of our servers. We want to assign certain users from specific ip addresses to be forwarded from the firwall to the GFI web Monitor so that these specific Ip Addresses can have the content filtered.
A way of doing it would be to point all of our computers to the GFI as the Default gateway before that goes out of the Netscreen. We do not want to do it this way. As we want to control the policies and traffic and schedueing from the Netscreen before going anywhere.
 I assume all that need to be done is create a policy of some form that see traffic coming from these defined ip addresse, wanting to use port 80 or port 433 and therefore forward this traffic to the CFI Server's Ip Address rather than going straight out. I hope my details mentioned above make sense.  
Question by:GenieMaster
  • 2
  • 2
LVL 18

Expert Comment

by:Sanga Collins
ID: 33739752
Policy based routing will allow you to do this. You can take traffic that matches a specific condition ( in this case HTTP and specific ip range or subnet ) and route it to the ip address of the web filtering server

Author Comment

ID: 33744087
Hi Sangamc. Somone else mentioned that Policy Based routing is the easiest way to do this. I do not have a clue on how to do this. Can you please provide me a step by step guide on how to do this, that would be much appreciated.
LVL 18

Accepted Solution

Sanga Collins earned 250 total points
ID: 33744293
It is way too much info to put into this post. Here is a link to a page describing how to set it up as well as how and why it works

you should also download the screenOS chapter on routing from the Juniper website. there is a very descriptive example on setting up PBR.

Author Comment

ID: 33747454
Thanks Sangamc. I am not familar at all with Netscreen as its all new to me. I have checked the link you provided and will try and see if there is a detailed step by step guide to set what I need. If any other experts are able to provide a detailed guide that would be much appreciated. Thanks
LVL 68

Expert Comment

ID: 34399070
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now