Juniper SRX begining setup
Greetings Experts,
I'm transitioning from Juniper SSG to SRX and it's a little different. I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.
I need to get mail to pass to my exchange server. I only have one Static IP which the Juniper is using.
What I did was add an address to the address book to the Internal zone. Problem is when I put in the IP it comes up with the wrong subnet. I inherited this network 10.0.0.0 / 24. Juniper = 10.0.0.100 and server = 100.0.0.5. When I add the address to the address book, it comes up / 32. I try to change it to /24, but get an error when committing.
So I added the rules via the wizard and can see them when I go to policy. internet - new internal address. Permit junos-mail.
Internet is working, mail is not routing. Any idea? Can this be done via the gui or do I need to learn the cli? I usually use Telnet for the ssg, but this is slightly different.
Any help would be most appreciated,
Kacey
I'm transitioning from Juniper SSG to SRX and it's a little different. I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.
I need to get mail to pass to my exchange server. I only have one Static IP which the Juniper is using.
What I did was add an address to the address book to the Internal zone. Problem is when I put in the IP it comes up with the wrong subnet. I inherited this network 10.0.0.0 / 24. Juniper = 10.0.0.100 and server = 100.0.0.5. When I add the address to the address book, it comes up / 32. I try to change it to /24, but get an error when committing.
So I added the rules via the wizard and can see them when I go to policy. internet - new internal address. Permit junos-mail.
Internet is working, mail is not routing. Any idea? Can this be done via the gui or do I need to learn the cli? I usually use Telnet for the ssg, but this is slightly different.
Any help would be most appreciated,
Kacey
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I was able to add the subnet in the address book, but see config below. my firewall ip is correct, but when I put in the server it keeps going to /32:
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.0.100/24;
zones {
security-zone Internal {
address-book {
address Local 10.0.0.0/24;
address MAIL 10.0.0.5/32;
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.0.100/24;
zones {
security-zone Internal {
address-book {
address Local 10.0.0.0/24;
address MAIL 10.0.0.5/32;
Did you add MAIL as a /24 or whatever?
Next you will need to create a security policy between zones that will allow traffic to pass.
harbor235 ;}
Next you will need to create a security policy between zones that will allow traffic to pass.
harbor235 ;}
Hi Harbor, thanks for the reply,
Yes, I put /24 in when I did mail and it fails. So it won't let me put it in that way. I even went into the config and manually made the change and it failed once I hit commit. When I add the ip it manually puts in the /32.
I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
Yes, I put /24 in when I did mail and it fails. So it won't let me put it in that way. I even went into the config and manually made the change and it failed once I hit commit. When I add the ip it manually puts in the /32.
I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
oh, because you already have an entry for the network 10.0.0.0/24, all other entries are host specific and would be /32s.
harbor235 ;-}
harbor235 ;-}
Please have a look at link below:
https://www.juniper.net/documentation/en_US/junos11.4/topics/example/nat-security-destination-single-address-translation-configuring.html
If you wish to forward traffic to multiple internal servers on different ports, then when you define the pool, other than private-ip of the server, also mention the port/protocol. You can define multiple pools this way and forward traffic to different servers.
Eg,TCP 25 to 10.0.0.5; say TCP 80 to 10.0.0.x; say UDP 53 to 10.0.0.y.
Thank you.
https://www.juniper.net/documentation/en_US/junos11.4/topics/example/nat-security-destination-single-address-translation-configuring.html
If you wish to forward traffic to multiple internal servers on different ports, then when you define the pool, other than private-ip of the server, also mention the port/protocol. You can define multiple pools this way and forward traffic to different servers.
Eg,TCP 25 to 10.0.0.5; say TCP 80 to 10.0.0.x; say UDP 53 to 10.0.0.y.
Thank you.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial