Juniper SSG Manual Online: Features And Benefits. Feature High performance Best-in-class UTM security features Integrated antivirus Integrated antispam. Now I want to use SSG as the edge fire wall and VPN. I need help in the following. 1. I have to use one to one NAT for 4 servers on the SSG I am not. SSG Hardware Installation and Configuration Guide. Juniper Networks, Inc. North Mathilda Avenue Sunnyvale, CA USA
|Published (Last):||16 March 2006|
|PDF File Size:||7.50 Mb|
|ePub File Size:||9.45 Mb|
|Price:||Free* [*Free Regsitration Required]|
I suspect the same doc will apply to both as they run ScreenOS but I just wanted to be through in my product description. The basic steps are to create a sub-interface and assign the vlan tag and the zone. You can also give this an ip address if needed. For the instructions on implementing vlan subinterfaces you’ll need the screenos documentation for the version loaded on your device. Since I am using bgroups mmanual assingning physical ports to them, can I create subinterfaces on my unused ports and assign a subinterface to a bgroup?
I would assume that no static route is needed because its a sub bgroup so we have properties that are inherited from its bgroup parent of sorts?
SSG5 and SSG – docs to setup VLAN – J-Net Community
No, you do not need sgs routes. Thing is that I already have a DHCP server on that network so is it possible to jiniper traffic to the sub bgroup? I think I’m lost. Interface 1 which is bound to brgoup0 is connected to a switch which has a DHCP server connected to it. And we run into a problem: You cannot have any interface bound to two different bgroups at the same time. So, any subinterface with VLAN tag you create will not be able to communicate with untagged interfaces on the same subnet on L2.
Same subnet, or a different subnet? Does your switch support VLANs?
SSG5 and SSG140 – docs to setup VLAN
By the way, my Foundry switch is config’d as a simple layer 2 device, but I assume is has a default VLAN of some sort? If you configure more than 1 VLAN on a switch port i. The rest must be tagged. If you configure just 1 VLAN on a switch port, you can have it untagged i. You can configure VLAN membership on switch ports independently from one another. That means that the same VLAN can be tagged on some ports, and untagged on others. That gives you a lot of flexibility on the switch.
On the SSG, unfortunately, you don’t have as much flexibility. Now, if your ISP is giving you an address of 1. Going back to your wireless setup. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type. I would like some of the same interfaces on my SSGs to support 2 diff networks. Message 1 of 19 17, Views.
All forum topics Previous Topic Next Topic. Message 2 of 19 17, Views. To set a vlan on an interface, use: The configuration of vlans is covered in volume 10 “Virtual Systems”.
Message 3 of 19 17, Views. Thanks very much, greatly appreciated. Message 4 of 19 17, Views. I have several spare ports currently split to bgroup0 and 1 and are trusted LAN. Message 5 of 19 17, Views. No, unfortunately subinterfaces cannot belong to a bgroup.
Message 6 of 19 17, Views. Leave the manal bound to the bgroup, and then create a subinterface of the bgroup itself. Message 7 of 19 17, Views. Wow, seems like a very eleganty solution.
TAC couldn’t really help me on this one. Would I need a static route or will packets route? I have a DHCP server on bgroup0 and wondering if bgroup0. Thanks again for the post, the sub bgroup is very very slick! Message 8 of 19 17, Views.
Message juinper of 19 17, Views. Message 10 of 19 17, Views. Message 11 of 19 16, Views. Cool, will post a diagram soon. Message 12 of 19 16, Views.
Attached is a simple diagram. Pictured is my SSG with 9 interfaces. Interface 0 is connected to an ISP and is associated with bgroup0. Interface 9 is connected to a different ISP and is associated with bgroup1. Interface 8 is bound to bgroup1 but has nothing connected to it. Does this make sense?
Message 13 of 19 16, Views. Message 14 of kanual 16, Views. That makes it quite clearer. Considering the diagram you included, I have three more questions: Do you, by chance, have another small switch that supports VLANs? Message 15 of 19 16, Views. Both gateways have diff subnets.
Can I instead tag all interfaces on my SSG? Message 16 of 19 15, Views. Message 17 of 19 15, Views. My default VLAN is 1 which all ports on my switch mannual to. Message 18 of 19 ssb, Views. Consider the following statements when you think of a solution: You can configure a switch port on a proper manged switch to be part of one or more VLANs.
Message 19 of 19 15, Views.
Be Rewarded for sharing your voice with Juniper. Our TechWiki needs you! Author an expert advice article or convert your forum accepted solution into a “how-to” article.