Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to use the virtual firewall feature on Juniper?

Posted on 2013-10-23
4
Medium Priority
?
305 Views
Last Modified: 2013-10-30
Using Juniper SSG 140, and it is in production right now. It is working as a 2-legged, with untrusted and trusted interfaces. Untrusted is WAN facing, using segment of registered public IPs - 210.24.28.128/28; trusted is office internal, using segment of 192.168.10/24. Now, we need to have one more (probably 2) firewall. This firewall needs to have 2 interfaces, untrusted for IPs - 210.24.28.128/28, and DMZ, using segment: 172.16.100.0/24;

I heard that we can make use of the virtual firewall feature, btw, how to do it? Any additional license has to purchase?

thanks,
0
Comment
Question by:MichaelBalack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 39597135
No additional licenses needed. All you have to do is use the virtual routers feature. I use this to configure secondary internet providers and guest networks inside my LAN. You can create multiple virtual routers if needed.

You can also (if a very simple setup is required) use custom zones to create and separate different networks.

Lastly although cumbersome at times because other network hardware comes into play: VLAN tags: These can also help make multiple networks viable. I am not a huge fan because you will need enterprise level switches to properly implement VLAN tgs
0
 
LVL 1

Author Comment

by:MichaelBalack
ID: 39607494
Hi Sangamc,

Do you have a more in-details information on how these virtual routers, security zones work together to achieve the objective?
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 2000 total points
ID: 39608430
Yes i can provide more details. THere is already an untrust-vr configured by default, so what I would do is create 2 new zone and make sure they are in the untrust-vr. The zones would be for example: ISP2 and LAN2

I would then go to the interfaces list and choose which interfaces I want for my new VR. Lets says eth0/2 and eth0/3

I would configure eth0/2 with ip = 172.16.100.0/24 and zone = LAN2
The configure eth0/3 with ip = 210.24.28.128/28 and zone = ISP2

I would then go to the route table and make a default route for the untrust-vr 0.0.0.0 -> eth0/3 gateway = 210.24.28.x

Finally A polict from LAN2 to ISP2 to allow internet traffic out of the secondary ISP.

~~~~
This is the very basics of how to implement a 2nd VR. Depending on what you want to happen you can create routes to send traffic from one VR to the other and you can also setup ISP failover.
0
 
LVL 1

Author Closing Comment

by:MichaelBalack
ID: 39613236
Thanks sangamc, that give a brief idea on vr, together with zones works.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question