Wednesday, November 21, 2007

Juniper NetScreen 5GT (NetScreen-5 Series)


My company implement small office router for customer equipment / CE plus value add firewall appliance that is Juniper NetScreen 5GT.

First time look at the device, not sure with small dimension can handle routing table & firewall applicance, ok let see

1. 5GT devide 2 segment 'trust' & 'untrust', trust is segment local / LAN, untrust is segment public / internet
2. default these segment Juniper have default config, for untrust with static IP & trust with DHCP IP + NAT enable

I have example step by step config for simple gateway 5GT without NAT & DHCP

1. set interface utrust with public IP from service provider for back to back allocation (172.16.0.0/30)
2. make interface utrust disable NAT & DHCP
3. set interface trust with public IP for host allocation (172.16.0.4/28)
4. set default route 0.0.0.0/0 to get destination to back to back IP in service provider
5. test ping & save configuration

Here the capture :

ns5gt-> set interface untrust ip 172.16.0.2 255.255.255.252
ns5gt-> set interface untrust manage ping
ns5gt-> get interface

A - Active, I - Inactive, U - Up, D - Down, R - Ready 

Interfaces in vsys Root: 
Name           IP Address         Zone        MAC            VLAN State VSD      
trust          192.168.1.1/24     Trust       0017.cbef.48b2    -   U   -  
untrust        172.16.0.2/30  Untrust     0017.cbef.48b1    -   U   -  
serial         0.0.0.0/0          Null        0017.cbef.48b6    -   D   -  
vlan1          0.0.0.0/0          VLAN        0017.cbef.48bf    1   D   -  
null           0.0.0.0/0          Null        N/A               -   U   0  

ns5gt-> set interface trust route
ns5gt-> unset interface trust dhcp server service
ns5gt-> set interface trust ip 172.16.0.5 255.255.255.240
ns5gt-> get route

IPv4 Dest-Routes for  (0 entries)
--------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent D: Auto-Discovered
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2

IPv4 Dest-Routes for  (4 entries)
--------------------------------------------------------------------------------
   ID          IP-Prefix      Interface         Gateway   P Pref    Mtr     Vsys
--------------------------------------------------------------------------------
*   5    172.16.0.4/28          trust         0.0.0.0   C    0      0     Root
*   6    172.16.0.5/32          trust         0.0.0.0   H    0      0     Root
*   4  172.16.0.2/32        untrust         0.0.0.0   H    0      0     Root
*   3  172.16.0.0/30        untrust         0.0.0.0   C    0      0     Root

ns5gt-> set route 0.0.0.0 0.0.0.0 interface untrust
ns5gt-> get route

IPv4 Dest-Routes for  (0 entries)
--------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent D: Auto-Discovered
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2

IPv4 Dest-Routes for  (5 entries)
--------------------------------------------------------------------------------
   ID          IP-Prefix      Interface         Gateway   P Pref    Mtr     Vsys
--------------------------------------------------------------------------------
*   7          0.0.0.0/0        untrust         0.0.0.0   S   20      1     Root
*   5    172.16.0.4/28          trust         0.0.0.0   C    0      0     Root
*   6    172.16.0.5/32          trust         0.0.0.0   H    0      0     Root
*   4  172.16.0.2/32        untrust         0.0.0.0   H    0      0     Root
*   3  172.16.0.0/30        untrust         0.0.0.0   C    0      0     Root

or 

ns5gt-> set route 0.0.0.0 0.0.0.0 interface untrust gateway 172.16.0.1
ns5gt-> get route

IPv4 Dest-Routes for  (0 entries)
--------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP P: Permanent D: Auto-Discovered
iB: IBGP eB: EBGP O: OSPF E1: OSPF external type 1
E2: OSPF external type 2

IPv4 Dest-Routes for  (5 entries)
--------------------------------------------------------------------------------
   ID          IP-Prefix      Interface         Gateway   P Pref    Mtr     Vsys
--------------------------------------------------------------------------------
*   8          0.0.0.0/0        untrust  172.16.0.1   S   20      1     Root
*   5    172.16.0.4/28          trust         0.0.0.0   C    0      0     Root
*   6    172.16.0.5/32          trust         0.0.0.0   H    0      0     Root
*   4  172.16.0.2/32        untrust         0.0.0.0   H    0      0     Root
*   3  172.16.0.0/30        untrust         0.0.0.0   C    0      0     Root

ns5gt-> get interface
A - Active, I - Inactive, U - Up, D - Down, R - Ready 
Interfaces in vsys Root: 
Name           IP Address         Zone        MAC            VLAN State VSD      
trust          172.16.0.5/28    Trust       0017.cbef.48b2    -   U   -  
untrust        172.16.0.2/30  Untrust     0017.cbef.48b1    -   U   -  
serial         0.0.0.0/0          Null        0017.cbef.48b6    -   D   -  
vlan1          0.0.0.0/0          VLAN        0017.cbef.48bf    1   D   -  
null           0.0.0.0/0          Null        N/A               -   U   0  

ns5gt-> save
Save System Configuration  ... 
Done
ns5gt->
Posted by Hermawan Widiyanto at 11:24 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)