Link to home
Start Free TrialLog in
Avatar of Kacey Fern
Kacey FernFlag for United States of America

asked on

Juniper SRX begining setup

Greetings Experts,

I'm transitioning from Juniper SSG to SRX and it's a little different.  I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.

I need to get mail to pass to my exchange server.  I only have one Static IP which the Juniper is using.

What I did was add an address to the address book to the Internal zone.  Problem is when I put in the IP it comes up with the wrong subnet.  I inherited this network 10.0.0.0 / 24.  Juniper = 10.0.0.100 and server = 100.0.0.5.  When I add the address to the address book, it comes up / 32.  I try to change it to /24, but get an error when committing.

So I added the rules via the wizard and can see them when I go to policy.  internet - new internal address.  Permit junos-mail.
Internet is working, mail is not routing.  Any idea?  Can this be done via the gui or do I need to learn the cli?  I usually use Telnet for the ssg, but this is slightly different.

Any help would be most appreciated,
Kacey
Avatar of Kacey Fern
Kacey Fern
Flag of United States of America image

ASKER

I was able to add the subnet in the address book, but see config below.  my firewall ip is correct, but when I put in the server it keeps going to /32:

ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.0.0.100/24;
 zones {
        security-zone Internal {
            address-book {
                address Local 10.0.0.0/24;
                address MAIL 10.0.0.5/32;
Avatar of harbor235
Did you add MAIL as a /24 or whatever?

Next you will need to create a security policy between zones that will allow traffic to pass.


harbor235 ;}
Hi Harbor, thanks for the reply,

Yes, I put /24 in when I did mail and it fails.  So it won't let me put it in that way.  I even went into the config and manually made the change and it failed once I hit commit.  When I add the ip it manually puts in the /32.

I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
oh, because you already have an entry for the network 10.0.0.0/24, all other entries are host specific and would be /32s.



harbor235 ;-}
ASKER CERTIFIED SOLUTION
Avatar of dpk_wal
dpk_wal
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial