Juniper SRX begining setup

Greetings Experts,

I'm transitioning from Juniper SSG to SRX and it's a little different.  I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.

I need to get mail to pass to my exchange server.  I only have one Static IP which the Juniper is using.

What I did was add an address to the address book to the Internal zone.  Problem is when I put in the IP it comes up with the wrong subnet.  I inherited this network 10.0.0.0 / 24.  Juniper = 10.0.0.100 and server = 100.0.0.5.  When I add the address to the address book, it comes up / 32.  I try to change it to /24, but get an error when committing.

So I added the rules via the wizard and can see them when I go to policy.  internet - new internal address.  Permit junos-mail.
Internet is working, mail is not routing.  Any idea?  Can this be done via the gui or do I need to learn the cli?  I usually use Telnet for the ssg, but this is slightly different.

Any help would be most appreciated,
Kacey
Kacey FernSystem EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kacey FernSystem EngineerAuthor Commented:
I was able to add the subnet in the address book, but see config below.  my firewall ip is correct, but when I put in the server it keeps going to /32:

ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.0.0.100/24;
 zones {
        security-zone Internal {
            address-book {
                address Local 10.0.0.0/24;
                address MAIL 10.0.0.5/32;
0
harbor235Commented:
Did you add MAIL as a /24 or whatever?

Next you will need to create a security policy between zones that will allow traffic to pass.


harbor235 ;}
0
Kacey FernSystem EngineerAuthor Commented:
Hi Harbor, thanks for the reply,

Yes, I put /24 in when I did mail and it fails.  So it won't let me put it in that way.  I even went into the config and manually made the change and it failed once I hit commit.  When I add the ip it manually puts in the /32.

I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
0
harbor235Commented:
oh, because you already have an entry for the network 10.0.0.0/24, all other entries are host specific and would be /32s.



harbor235 ;-}
0
dpk_walCommented:
Please have a look at link below:
https://www.juniper.net/documentation/en_US/junos11.4/topics/example/nat-security-destination-single-address-translation-configuring.html

If you wish to forward traffic to multiple internal servers on different ports, then when you define the pool, other than private-ip of the server, also mention the port/protocol. You can define multiple pools this way and forward traffic to different servers.
Eg,TCP 25 to 10.0.0.5; say TCP 80 to 10.0.0.x; say UDP 53 to 10.0.0.y.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.