Juniper SRX begining setup
Greetings Experts,
I'm transitioning from Juniper SSG to SRX and it's a little different. I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.
I need to get mail to pass to my exchange server. I only have one Static IP which the Juniper is using.
What I did was add an address to the address book to the Internal zone. Problem is when I put in the IP it comes up with the wrong subnet. I inherited this network 10.0.0.0 / 24. Juniper = 10.0.0.100 and server = 100.0.0.5. When I add the address to the address book, it comes up / 32. I try to change it to /24, but get an error when committing.
So I added the rules via the wizard and can see them when I go to policy. internet - new internal address. Permit junos-mail.
Internet is working, mail is not routing. Any idea? Can this be done via the gui or do I need to learn the cli? I usually use Telnet for the ssg, but this is slightly different.
Any help would be most appreciated,
Kacey
I'm transitioning from Juniper SSG to SRX and it's a little different. I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.
I need to get mail to pass to my exchange server. I only have one Static IP which the Juniper is using.
What I did was add an address to the address book to the Internal zone. Problem is when I put in the IP it comes up with the wrong subnet. I inherited this network 10.0.0.0 / 24. Juniper = 10.0.0.100 and server = 100.0.0.5. When I add the address to the address book, it comes up / 32. I try to change it to /24, but get an error when committing.
So I added the rules via the wizard and can see them when I go to policy. internet - new internal address. Permit junos-mail.
Internet is working, mail is not routing. Any idea? Can this be done via the gui or do I need to learn the cli? I usually use Telnet for the ssg, but this is slightly different.
Any help would be most appreciated,
Kacey
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Did you add MAIL as a /24 or whatever?
Next you will need to create a security policy between zones that will allow traffic to pass.
harbor235 ;}
Next you will need to create a security policy between zones that will allow traffic to pass.
harbor235 ;}
Hi Harbor, thanks for the reply,
Yes, I put /24 in when I did mail and it fails. So it won't let me put it in that way. I even went into the config and manually made the change and it failed once I hit commit. When I add the ip it manually puts in the /32.
I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
Yes, I put /24 in when I did mail and it fails. So it won't let me put it in that way. I even went into the config and manually made the change and it failed once I hit commit. When I add the ip it manually puts in the /32.
I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
oh, because you already have an entry for the network 10.0.0.0/24, all other entries are host specific and would be /32s.
harbor235 ;-}
harbor235 ;-}
Please have a look at link below:
https://www.juniper.net/documentation/en_US/junos11.4/topics/example/nat-security-destination-single-address-translation-configuring.html
If you wish to forward traffic to multiple internal servers on different ports, then when you define the pool, other than private-ip of the server, also mention the port/protocol. You can define multiple pools this way and forward traffic to different servers.
Eg,TCP 25 to 10.0.0.5; say TCP 80 to 10.0.0.x; say UDP 53 to 10.0.0.y.
Thank you.
https://www.juniper.net/documentation/en_US/junos11.4/topics/example/nat-security-destination-single-address-translation-configuring.html
If you wish to forward traffic to multiple internal servers on different ports, then when you define the pool, other than private-ip of the server, also mention the port/protocol. You can define multiple pools this way and forward traffic to different servers.
Eg,TCP 25 to 10.0.0.5; say TCP 80 to 10.0.0.x; say UDP 53 to 10.0.0.y.
Thank you.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Word 2007 Inter… 197 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - Excel 2016 Part … 129 lessons
-
Business CommunicationCertification: PMI ACP® Project Management Institute Agile Certified P… 340 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
ge-0/0/1 {
unit 0 {
family inet {
address 10.0.0.100/24;
zones {
security-zone Internal {
address-book {
address Local 10.0.0.0/24;
address MAIL 10.0.0.5/32;