I'm trying to setup a lab environment for a Pluralsight video course that I'm trying to follow along with. I've already sent them this data, but have yet to hear back from them more than 1 week later :( Anyway, here's why I think I need to do, but really this is sort of a somewhat educated guess. Any and all assistance is greatly appreciated:
I believe I will need to create 3 separate bridge group interfaces (called "bgroup"s in Juniper terminology), one for each Ethernet port (ethernet0/2, ethernet0/3, and ethernet0/4), because each of these groups constitutes its own broadcast domain. Each newly created bgroup needs to then be assigned a static IP address/subnet mask to define its broadcast domain/lan segment (in this case, they will be: 172.16.5.254/24; 172.16.6.254/24 & 172.16.7.254/24), and all will be assigned to the Trust zone. I then need to enable DHCP for each bgroup (i.e., per interface) and make sure the scopes match the aforementioned segments with DHCP exclusions for the static IP addresses to be used by the servers in each segment.
I believe this shows me how to do that:
Finally, I believe I need to setup a mapped IP (MIP) for each bgroup interface in order to connect the external firewall port IP address of 192.168.10.5, etc., to the respective internal IP address for each interface (172.16.5.254, etc.). I think this is the process here:
I'm assuming the host virtual router name to be selected should be trust-vr.
I am attaching the relevant network diagrams for confirmation of this analysis.