How to Configure Juniper ssg 20


 I'm new to Juniper SSG device, we have ssg 20.

 I need to configure Wan IP & allow users in the Lan to browse internet, please let me know how can I do it.

 I had configured wan IP on eth0/0 & Lan network as .But I'm not able to get Internet
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sanga CollinsSystems AdminCommented:
What kind of internet service do you have? You should first try to configure the LAN as and set the WAN (eth0/0) as DHCP. Then make sure theere is a trust to untrust policy that is set to 'allow' then try to browse the internet.

Let us know if that helps.
pcisivaAuthor Commented:
I have a static Public IP. I think I can use the Lan network as 192.168.3.X.

Where can I create a trust to unstrust policy?
Sanga CollinsSystems AdminCommented:
Ok, that makes things clearer.

You will need to configure eth0/0 with the static IP and subnet mask provided by your ISP.

Then you will need to set the default route by going to

Network > routing > destination  and clicking on 'new' to create a default route in the trust-vr with the gateway IP address provided by your ISP.

Finally, if you have configured the LAN with network then you can go to the policy menu to create a trust to untrust policy. is the best place to find step-by-step guides for all the settings i have described above. It saved me a lot of time when I was new to juniper and the guides are very well written for beginers.
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

pcisivaAuthor Commented:
Please find the attached, I see everything is configured as per your recommendations itself
pcisivaAuthor Commented:
Sanga CollinsSystems AdminCommented:
Very close!

The DNS you set is only for the juniper self reference. It does not affect the computers connected to the network directly. For that you want to ssetup a DHCP range.

Network > DHCP: You can configure the DNS, range and other dhcp settings.

eth0, interfaces and polices are all correct.

In routing you are missing the default route to send traffic to the ISP. This is where the gateway they gave you comes in handy.

In the top right corner, click on 'New' for trust-vr and add the following:

IP Address/Netmask:
Next Hop: Gateway             
Interface       eth0/0
Gateway IP Address: Gateway provided by ISP       
Description: default route

and that will complete the setup. Since you have a static IP the gateway must be manually set. If DHCP it would be assigned automatically
pcisivaAuthor Commented:
Attaching the config...still no luck.

Wan cable is connected to eth0/0

Lan is on etho/4
Sanga CollinsSystems AdminCommented:
I see the problem. In the route table you the gateway as the untrust-vr instead of as eth0/0 with the ip address provided by the ISP.

You should delete the default route that you created and add a new one with gateway = eth0/0

also in dhcp server you need to set

gateway =
netmask =
dns = (google dns, you can use which ever you want)

click on apply, then click on address and set a dhcp range ( - for example)

Now your computer can get an ip from the juniper and you should be able to surf the web

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pcisivaAuthor Commented:
Below is the error msg
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
You should have received more than one  IP address from your ISP. One should be their gateway (and that is what you put into the default gateway), and at least one for you to set up on your SSG. Usually you get a block of 4 or 8 addresses, from which you have to omit the first and the last one (they are reserved - TCP/IP needs that), leaving exactly 1 or 5 for your own purposes (as 1 is used for their gateway). The gateway is probably .229, and your interface IP should then be .230.
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Closing recommendation:
  http:#a39498216  250    grade "A"
  http:#a39516419  250
I know that this thread is very old however, I just joined today for the specific reason of trying to find a way to get our new Juniper SSG 20 to connect to the Internet after spending numerous hours without result and through the help of these comments we are now able to connect.  Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.