Solved

Juniper 320M Configuration Advice for Multiple Public IP blocks

Posted on 2013-06-25
3
39 Views
Last Modified: 2016-04-02
HI,

I am looking for some help and advice on how to correctly configure a Juniper 320M firewall.

I work for a small Webhost and we have recently implemented a web hosting service based on some co-located servers at a Data Centre.

We were initially allocated a /28 block of Public IP addresses.  

These IP addresses are used by uublic facing Virtual machines and I was advised that these VM's should not sit behind a firewall.

I have therefore configured the a Juniper 320M firewall  as follows:

I have a BGroup Interface associated to the untrust Zone with the /28 range from the ISP assigned.  My feed from the Data Centre ISP provider is connected into one of the  ports on the firewall bound to this bggroup.  I also have a second Port bound to the BGroup. A Cat 5 cable runs from this port to a Switch where all the VM's Public NIC's are also attached.

In this way, at the moment, Traffic from the customer VM's can reach in and out without issues. I have some internal servers behind the firewall on a trust interface which are accessible via VIP and MIP as appropriate with policies applied to allow traffic from trust to untrust

I now have a requirement to add a second block of IP addresses for use by more customer VM's as we have run out of IP's from the first block.  

My problem is that I can't add these IP addresses to the BGGroup as there is no option for adding a secondary IP range for this this interface as with a normal interface.

I am basically looking for a recommendation as to how to configure the Juniper 320 so I can use multiple discrete blocks of Public IP's on the untrust Zone and allow traffic to these IPS's to reach the VM's without passing through the Firewall.  I also need to continue to let traffic from VIP\MIP pass through the firewall to the trust Zone.  

I fully admit I am inexperienced with the Juniper devices so I am looking for help in terms of how the above requirement can be fulfilled. If you need any further information regarding the setup then please ask.

Look forward to hearing from you.
0
Comment
Question by:rswainston
3 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
ID: 39274783
To add new public IP block that is different from your original, you need to use a loopback interface. You can configure an untrust-to-untrust policy to allow the traffic to these new IPs in the even you would like to use them as MIPs or VIPs.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to Create Separate Guest WiFi VLAN on Netgear R8000 19 51
winscp 000webhost.com 6 45
Bandwidth issues? 5 29
Cisco 5508 WLC software upgrade 2 34
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question