Configure Juniper SSG 140 gigabit ports be used as main trust / untrust ports?

Greetings Experts,

I would like to reconfigure my Juniper SSG 140 to use the two gigabit ports 0/8 and 0/9 for my trust / untrust interface.  

Currently I’m using 0/0 and 0 / 2.  I’ve tried to get this working already, with poor results.  I reset the device and did the initial setup via the GUI wizard.  There is no option to assign the trust / untrust to the gigabit ports.

I have a 200 meg connection and the current setup is only passing about 50 megs of speed per  I understand that I won’t get full gigabit, but I should get the full 200 meg speed.  I’ve tested with a laptop connected to the router and it works fine.

So after I configure the firewall and get online with port 0/0 and 0/2 I assigned 0/8 with the untrust info and plugged in the cable.  I changed the zone to untrust as well.  The firewall didn’t go on the Internet.  

Another expert told me to check  the route / nat setting.

I will be working on this Thursday night and wanted to see if anyone had done this and had directions.  Of course the firewall doesn’t have a support contract so I can’t call Juniper.

Any help or pointers would be much appreciated.
Kacey FernSystem EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sanga CollinsSystems AdminCommented:
That is very strange indeed. I have an SSG 140 os version 6.3.or10.0 and I have port 0/8 as my trust zone and port 0/9 as my untrust.

Can you post your sanitized config so we can take a look. There is probably something small that is misconfigured that is preventing you from configuring as needed.

also if you have the device already configured, instead of resetting and starting from scratch, you can save the config file, change the ports from 0/0 to 0/8 and 0/1 to 0/9 in the text file and reload the config to have the settings applied.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kacey FernSystem EngineerAuthor Commented:
Thanks Sanga..

I won't configure till Thursday around 5pm gmt-5 so posting a config probably won't do anything.  I do have it already setup with VPN's and a bunch of polices.  I'll try and change the config file.  If I can just change all the ethernet0/0 to ethernet0/8 and then upload, that would be awesome.  Will only take a few minutes.  
At least I know it can be done now.  So if it doesn't work I'll try and get it going.  I'll post results tomorrow.
Thanks again..
Sanga CollinsSystems AdminCommented:
Sounds good!

Note,: since you have VPN's configured, make sure when changing the interfaces in the config file, that you also update the VPN's with the new interface or they will stop working. Keeping a copy of the config before making changes and applying to the device is also a good idea in case something goes wrong.
Kacey FernSystem EngineerAuthor Commented:
Thank you Sanga,

This worked perfectly.
Changed the config ports and vpn outgoing port on the config file, replaced the config.  Left cables in 0,2,8,9 and then hit the confg apply button.  Came up within two minutes.

Tested speed and received over 200 meg down.  Pulled the cables from 0 & 2 and everything continued to work.

Thanks again,
Sanga CollinsSystems AdminCommented:
Good to hear!!!

If you run into any additional issues, do not hesitate to post.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.