Juniper SSG5 Firewall And Change External IP
I have taken on a new client of which is moving office locations, but is using the same ISP. The ISP will assign them new IP information. I am not too familiar with Juniper products, and I simply want to make sure when I change the IP address it works fine, etc. The IP information that will change is the actual IP address and the Gateway. The subnet mask, DNS Servers, and the internal network IPs and port forwarding all remain the same and should "note" be changed. This client hosts Exchange, OWA, SharePoint, VOIP, and VPN resources, so there is port forwarding going on.
I SSG5 hardware version is 710(0), and firmware version is 6.3.0r2.0, and I backed up the config as well.
I found the below link on the net that's pretty descriptive on how to accomplish this, but I do have questions that need to be clarified:
Steps 1 thru 4 are pretty straight forward. The assigned subnet mask is 255.255.255.224, so the IP will be entered as 68.?.?.?/27
Step 5: I am assuming when I change address as described in step (4), it ought to display the changed IP address within the VIP - IP Address, and not require me to select Edit which is displayed to the right of it?
Step 6: I take this step is necessary since I cannot modify the entry, and it will not dynamically update the gateway information. I just want to double check and ask if this step is actually required or has changed.
Step 7: I can see the IP Address/Mask needs to be 0.0.0.0/0, untrust-vr selected, and gateway selected, along with entering the new IP address.
So once I select OK on this screen all the changes are saved for this step right? It should, but I need to ask just in case.
Step 8: DNS remains the same so I will "not" complete this step.
I will probably reboot the router after completing the above steps to ensure all changes stick, etc. I am just trying to avoid any surprises and hangups since I must also attend to other things such as the server, PC, phones, etc.
Your feedback is appreciated.
I SSG5 hardware version is 710(0), and firmware version is 6.3.0r2.0, and I backed up the config as well.
I found the below link on the net that's pretty descriptive on how to accomplish this, but I do have questions that need to be clarified:
Steps 1 thru 4 are pretty straight forward. The assigned subnet mask is 255.255.255.224, so the IP will be entered as 68.?.?.?/27
Step 5: I am assuming when I change address as described in step (4), it ought to display the changed IP address within the VIP - IP Address, and not require me to select Edit which is displayed to the right of it?
Step 6: I take this step is necessary since I cannot modify the entry, and it will not dynamically update the gateway information. I just want to double check and ask if this step is actually required or has changed.
Step 7: I can see the IP Address/Mask needs to be 0.0.0.0/0, untrust-vr selected, and gateway selected, along with entering the new IP address.
So once I select OK on this screen all the changes are saved for this step right? It should, but I need to ask just in case.
Step 8: DNS remains the same so I will "not" complete this step.
I will probably reboot the router after completing the above steps to ensure all changes stick, etc. I am just trying to avoid any surprises and hangups since I must also attend to other things such as the server, PC, phones, etc.
Your feedback is appreciated.
ASKER
Oops, here it is:
http://www.howtonetworking.com/Routers/juniper2.htm
MIP is empty, and VIP is as follows:
http://www.howtonetworking.com/Routers/juniper2.htm
MIP is empty, and VIP is as follows:
They way I have typically handled these types of changes is to back the config up to my local machine, open it in NotePad, replace the existing IP address with the new IP address in each place, and then save the file. Once the device is in the new location, the apply the updated config file and reboot the router. I have done this a dozen times or more. It is easy and works great.
Since you are using only VIP on the interface IP, changing the interface's WAN IP should be all you need. However, getting the complete config and searching for the current IP as described by Rodney helps to be confident about that, and see if there are e.g. address entries defined which refer to the absolute IP (there should be none, but you can do that).
ASKER
I think the WAN IP and gateway IP need to be changed as per step 7 as described below. So it would be more than just the WAN IP that needs to be modified.
http://www.howtonetworking.com/Routers/juniper2.htm
Rodney's suggestion might work fine. However, I am not too comfortable doing a global find/replace for the WAN and Gateway IPs is the way to go. Since this is my first experience, I think its best I follow the above URL's steps for now anyways. That's if you agree all the steps are accurate in completing this task.
Thanks.
http://www.howtonetworking.com/Routers/juniper2.htm
Rodney's suggestion might work fine. However, I am not too comfortable doing a global find/replace for the WAN and Gateway IPs is the way to go. Since this is my first experience, I think its best I follow the above URL's steps for now anyways. That's if you agree all the steps are accurate in completing this task.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the clarification.
Even if you do not follow my option, I would still make a backup of that config file to your computer. This way it is easy to get back to where you were if something were to go wrong. Plus, it is good to keep a current copy of this file.
ASKER
Yes, I've made several backups just in case. Thanks.
Does the Juniper WAN interface have any VIPs or MIPs?
If it does not, then you can change the IP address of the WAN interface and delete the old default gateway from the routing table and add the new.
If it does, I recommend changing the information in the configuration file to match the new ISP information (include changes to MIP and VIP ips). Then upload & replace the existing config.
Hard to give any more details without additional information from your side. Please post and let us know if you have additional questions.
Thx!