asked on Juniper SRX begining setup
Greetings Experts,
I'm transitioning from Juniper SSG to SRX and it's a little different. I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.
I need to get mail to pass to my exchange server. I only have one Static IP which the Juniper is using.
What I did was add an address to the address book to the Internal zone. Problem is when I put in the IP it comes up with the wrong subnet. I inherited this network 10.0.0.0 / 24. Juniper = 10.0.0.100 and server = 100.0.0.5. When I add the address to the address book, it comes up / 32. I try to change it to /24, but get an error when committing.
So I added the rules via the wizard and can see them when I go to policy. internet - new internal address. Permit junos-mail.
Internet is working, mail is not routing. Any idea? Can this be done via the gui or do I need to learn the cli? I usually use Telnet for the ssg, but this is slightly different.
Any help would be most appreciated,
Kacey
I'm transitioning from Juniper SSG to SRX and it's a little different. I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.
I need to get mail to pass to my exchange server. I only have one Static IP which the Juniper is using.
What I did was add an address to the address book to the Internal zone. Problem is when I put in the IP it comes up with the wrong subnet. I inherited this network 10.0.0.0 / 24. Juniper = 10.0.0.100 and server = 100.0.0.5. When I add the address to the address book, it comes up / 32. I try to change it to /24, but get an error when committing.
So I added the rules via the wizard and can see them when I go to policy. internet - new internal address. Permit junos-mail.
Internet is working, mail is not routing. Any idea? Can this be done via the gui or do I need to learn the cli? I usually use Telnet for the ssg, but this is slightly different.
Any help would be most appreciated,
Kacey
Hardware Firewalls
Last Comment
dpk_wal
Did you add MAIL as a /24 or whatever?
Next you will need to create a security policy between zones that will allow traffic to pass.
harbor235 ;}
Next you will need to create a security policy between zones that will allow traffic to pass.
harbor235 ;}
ASKER
Hi Harbor, thanks for the reply,
Yes, I put /24 in when I did mail and it fails. So it won't let me put it in that way. I even went into the config and manually made the change and it failed once I hit commit. When I add the ip it manually puts in the /32.
I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
Yes, I put /24 in when I did mail and it fails. So it won't let me put it in that way. I even went into the config and manually made the change and it failed once I hit commit. When I add the ip it manually puts in the /32.
I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
oh, because you already have an entry for the network 10.0.0.0/24, all other entries are host specific and would be /32s.
harbor235 ;-}
harbor235 ;-}
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.0.100/24;
zones {
security-zone Internal {
address-book {
address Local 10.0.0.0/24;
address MAIL 10.0.0.5/32;