Configure Juniper SSG 140 gigabit ports be used as main trust / untrust ports?
Greetings Experts,
I would like to reconfigure my Juniper SSG 140 to use the two gigabit ports 0/8 and 0/9 for my trust / untrust interface.
Currently I’m using 0/0 and 0 / 2. I’ve tried to get this working already, with poor results. I reset the device and did the initial setup via the GUI wizard. There is no option to assign the trust / untrust to the gigabit ports.
I have a 200 meg connection and the current setup is only passing about 50 megs of speed per speedtest.net. I understand that I won’t get full gigabit, but I should get the full 200 meg speed. I’ve tested with a laptop connected to the router and it works fine.
So after I configure the firewall and get online with port 0/0 and 0/2 I assigned 0/8 with the untrust info and plugged in the cable. I changed the zone to untrust as well. The firewall didn’t go on the Internet.
Another expert told me to check the route / nat setting.
I will be working on this Thursday night and wanted to see if anyone had done this and had directions. Of course the firewall doesn’t have a support contract so I can’t call Juniper.
Any help or pointers would be much appreciated.
Thanks,
Kacey
I would like to reconfigure my Juniper SSG 140 to use the two gigabit ports 0/8 and 0/9 for my trust / untrust interface.
Currently I’m using 0/0 and 0 / 2. I’ve tried to get this working already, with poor results. I reset the device and did the initial setup via the GUI wizard. There is no option to assign the trust / untrust to the gigabit ports.
I have a 200 meg connection and the current setup is only passing about 50 megs of speed per speedtest.net. I understand that I won’t get full gigabit, but I should get the full 200 meg speed. I’ve tested with a laptop connected to the router and it works fine.
So after I configure the firewall and get online with port 0/0 and 0/2 I assigned 0/8 with the untrust info and plugged in the cable. I changed the zone to untrust as well. The firewall didn’t go on the Internet.
Another expert told me to check the route / nat setting.
I will be working on this Thursday night and wanted to see if anyone had done this and had directions. Of course the firewall doesn’t have a support contract so I can’t call Juniper.
Any help or pointers would be much appreciated.
Thanks,
Kacey
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sounds good!
Note,: since you have VPN's configured, make sure when changing the interfaces in the config file, that you also update the VPN's with the new interface or they will stop working. Keeping a copy of the config before making changes and applying to the device is also a good idea in case something goes wrong.
Note,: since you have VPN's configured, make sure when changing the interfaces in the config file, that you also update the VPN's with the new interface or they will stop working. Keeping a copy of the config before making changes and applying to the device is also a good idea in case something goes wrong.
ASKER
Thank you Sanga,
This worked perfectly.
Changed the config ports and vpn outgoing port on the config file, replaced the config. Left cables in 0,2,8,9 and then hit the confg apply button. Came up within two minutes.
Tested speed and received over 200 meg down. Pulled the cables from 0 & 2 and everything continued to work.
Thanks again,
Kacey
This worked perfectly.
Changed the config ports and vpn outgoing port on the config file, replaced the config. Left cables in 0,2,8,9 and then hit the confg apply button. Came up within two minutes.
Tested speed and received over 200 meg down. Pulled the cables from 0 & 2 and everything continued to work.
Thanks again,
Kacey
Good to hear!!!
If you run into any additional issues, do not hesitate to post.
If you run into any additional issues, do not hesitate to post.
ASKER
I won't configure till Thursday around 5pm gmt-5 so posting a config probably won't do anything. I do have it already setup with VPN's and a bunch of polices. I'll try and change the config file. If I can just change all the ethernet0/0 to ethernet0/8 and then upload, that would be awesome. Will only take a few minutes.
At least I know it can be done now. So if it doesn't work I'll try and get it going. I'll post results tomorrow.
Thanks again..
Kacey