Juniper SRX begining setup

Kacey Fern
Kacey Fern used Ask the Experts™
on
Greetings Experts,

I'm transitioning from Juniper SSG to SRX and it's a little different.  I have a new SRX 210 where I was able to do the basic configuration via the GUI and get the Internet working.

I need to get mail to pass to my exchange server.  I only have one Static IP which the Juniper is using.

What I did was add an address to the address book to the Internal zone.  Problem is when I put in the IP it comes up with the wrong subnet.  I inherited this network 10.0.0.0 / 24.  Juniper = 10.0.0.100 and server = 100.0.0.5.  When I add the address to the address book, it comes up / 32.  I try to change it to /24, but get an error when committing.

So I added the rules via the wizard and can see them when I go to policy.  internet - new internal address.  Permit junos-mail.
Internet is working, mail is not routing.  Any idea?  Can this be done via the gui or do I need to learn the cli?  I usually use Telnet for the ssg, but this is slightly different.

Any help would be most appreciated,
Kacey
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Kacey FernSystem Engineer

Author

Commented:
I was able to add the subnet in the address book, but see config below.  my firewall ip is correct, but when I put in the server it keeps going to /32:

ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.0.0.100/24;
 zones {
        security-zone Internal {
            address-book {
                address Local 10.0.0.0/24;
                address MAIL 10.0.0.5/32;
Did you add MAIL as a /24 or whatever?

Next you will need to create a security policy between zones that will allow traffic to pass.


harbor235 ;}
Kacey FernSystem Engineer

Author

Commented:
Hi Harbor, thanks for the reply,

Yes, I put /24 in when I did mail and it fails.  So it won't let me put it in that way.  I even went into the config and manually made the change and it failed once I hit commit.  When I add the ip it manually puts in the /32.

I added the policy, but fear that due to the subnet being wrong, it is not passing the traffic.
oh, because you already have an entry for the network 10.0.0.0/24, all other entries are host specific and would be /32s.



harbor235 ;-}
Top Expert 2007
Commented:
Please have a look at link below:
https://www.juniper.net/documentation/en_US/junos11.4/topics/example/nat-security-destination-single-address-translation-configuring.html

If you wish to forward traffic to multiple internal servers on different ports, then when you define the pool, other than private-ip of the server, also mention the port/protocol. You can define multiple pools this way and forward traffic to different servers.
Eg,TCP 25 to 10.0.0.5; say TCP 80 to 10.0.0.x; say UDP 53 to 10.0.0.y.

Thank you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial