Juniper Firewall

LiLbRoLiLbRo Troy, Michigan
edited January 2009 in Science & Tech
I am trying to configure a Juniper firewall, Net Screen 204.

I want to set a static IP of 74.126.23.x and it is asking me for a "Manage IP". I try to set it to 192.168.1.1 it tells me I have to be on the same subnet. When I set it to 74.126.23.x it tells me I cannot set the interface ip the same as management IP.


What is the differance between the two? I am not 100% sure of the availability of IP's in that range (.1 -.5)

Thanks

Comments

  • LiLbRoLiLbRo Troy, Michigan
    edited January 2009
    Hey,

    I got passed the above problem, I overlooked something while reading the manual.

    I still have a problem though. I have ethernet1 (trusted) and ethernet3 (untrusted) configured with IP's. I can access both from local machines but with a computer off the network I cannot access the trusted or untrusted ports.

    When I add a IP to the allowable server list the web interface locks up and will not connect. This results in me resetting the firewall and starting from scratch every time. I have tried IPs from local machines, 192.xxx.x.x and 74.xxx.xx.x and off network IP's to be added to the white list, all with the same result.

    Anything? I have been reading documentation on this for hours to no avail.

    Thanks
  • LiLbRoLiLbRo Troy, Michigan
    edited January 2009
    Hey guys, back at it again today.

    I am still having issues accesing the web interface outside of the network. I've lost my mind trying to do this, I am sure it is something simple I am missing.

    set admin name "user
    > set admin password "password"
    > set interface ethernet1 zone Trust
    > set interface ethernet1 ip 192.168.1.1 255.255.255.0
    > set interface ethernet1 manage
    > set interface ethernet2 zone DMZ
    > set interface ethernet3 zone Untrust
    > set interface ethernet3 ip 74.126.23.2 255.255.255.0
    > unset interface ethernet3 manage
    > set interface ethernet4 zone Null
    > set interface vlan1 manage
    > save


    halp! :)
  • LiLbRoLiLbRo Troy, Michigan
    edited January 2009
    Dosen't seem like Iam gonna get any help, but here is the config anyway

    set clock timezone 0
    set vrouter trust-vr sharable
    unset vrouter "trust-vr" auto-route-export
    set auth-server "Local" id 0
    set auth-server "Local" server-name "Local"
    set auth default auth server "Local"
    set admin name "user"
    set admin password "password"
    set admin manager-ip 192.168.1.219 255.255.255.0
    set admin manager-ip 209.124.56.30 255.255.255.224
    set admin auth timeout 10
    set admin auth server "Local"
    set admin format dos
    set zone "Trust" vrouter "trust-vr"
    set zone "Untrust" vrouter "trust-vr"
    set zone "DMZ" vrouter "trust-vr"
    set zone "VLAN" vrouter "trust-vr"
    set zone "Trust" tcp-rst
    unset zone "Untrust" block
    unset zone "Untrust" tcp-rst
    set zone "MGT" block
    set zone "DMZ" tcp-rst
    set zone "VLAN" block
    set zone "VLAN" tcp-rst
    set zone "Untrust" screen tear-drop
    set zone "Untrust" screen syn-flood
    set zone "Untrust" screen ping-death
    set zone "Untrust" screen ip-filter-src
    set zone "Untrust" screen land
    set zone "V1-Untrust" screen tear-drop
    set zone "V1-Untrust" screen syn-flood
    set zone "V1-Untrust" screen ping-death
    set zone "V1-Untrust" screen ip-filter-src
    set zone "V1-Untrust" screen land
    set interface "ethernet1" zone "Trust"
    set interface "ethernet2" zone "DMZ"
    set interface "ethernet3" zone "Untrust"
    set interface "ethernet4" zone "Null"
    unset interface vlan1 ip
    set interface ethernet1 ip 192.168.1.1/24
    set interface ethernet1 nat
    set interface ethernet3 ip 74.126.23.2/24
    set interface ethernet3 route
    set interface vlan1 vlan trunk
    unset interface vlan1 bypass-others-ipsec
    unset interface vlan1 bypass-non-ip
    set interface ethernet1 ip manageable
    set interface ethernet3 ip manageable
    set interface ethernet3 manage ping
    set interface ethernet3 manage ssh
    set interface ethernet3 manage telnet
    set interface ethernet3 manage snmp
    set interface ethernet3 manage ssl
    set interface ethernet3 manage web
    set interface "vlan1" webauth
    set hostname ns204
    set ike respond-bad-spi 1
    set dns host dns1 209.124.56.2
    set dns host dns2 209.124.56.3
    set pki authority default scep mode "auto"
    set pki x509 default cert-path partial
    set ssh version v2
    set config lock timeout 5
    set ntp server "74.126.23.2"
    set ntp server backup1 "0.0.0.0"
    set ntp server backup2 "0.0.0.0"
    set snmp port listen 161
    set snmp port trap 162
    set vrouter "untrust-vr"
    exit
    set vrouter "trust-vr"
    unset add-default-route
    exit
  • primesuspectprimesuspect Beepin n' Boopin Detroit, MI Icrontian
    edited January 2009
    Not too many people on here that do Juniper, but I've sent a message out via Twitter to see if someone out in the wider world can chime in
  • LiLbRoLiLbRo Troy, Michigan
    edited January 2009
    primesuspect wrote:
    Not too many people on here that do Juniper, but I've sent a message out via Twitter to see if someone out in the wider world can chime in

    <3

    if the data center ever burns down, I'll grab the icrontic servers ;)
  • ShortyShorty Manchester, UK Icrontian
    edited January 2009
    I have some experience with screenOS. I have to dive out for a few hours now but will comment when I get back. Do you have an accompanying network diagram to go with this? Helps visualise what you are attempting to do!
Sign In or Register to comment.