Example: Configuring Netscreen5Gt Devices To Permit Internal Hosts; Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Example: Configuring NetScreen5GT Devices to Permit Internal Hosts (NSM Procedure)
Copyright © 2010, Juniper Networks, Inc.
In this example, you configure a NetScreen-5GT ADSL security device to permit internal
hosts to access the Internet through the ADSL interface and permit Internet users to
access a local Web server while protecting other internal hosts. To segregate traffic flow
to the Web server from the rest of the internal network, configure the Web server in the
DMZ, and then create a firewall rule that permits HTTP traffic only to the DMZ zone.
To configure a NetScreen-5GT device to permit internal hosts:
Add the NetScreen-5GT ADSL security device as ADSL 1 (device name).To enable
1.
the DMZ zone, select the Trust/Untrust/DMZ port mode.
Configure the adsl1 interface in the Untrust zone:
2.
Double-click the device icon to open the device configuration. In the device navigation
tree, select Network > Interface.
Right click the adsl1 interface and select the Edit icon. The General Properties screen
3.
appears. Using the information you previously obtained from the service provider,
configure the following options:
For VPI, enter 0; for VCI, enter 35.
For Multiplexing Mode, select VC Multiplexing.
For IP address/netmask, enter 1.1.1.1/24.
Ensure that Manageable is enabled.
Ensure that the Management IP is 1.1.1.1.
Ensure that the Mode is NAT.
In the interface navigation tree, select NAT > MIP. Configure the following options:
4.
For Mapped IP, enter 1.1.1.5.
For Netmask, enter 32.
For Host IP, enter 10.1.1.5.
Ensure that the Host Virtual Router is set to trust-vr.
Click OK to add the MIP, and then click OK again to save your changes to the ADSL
5.
interface.
Configure the Trust interface (ethernet1 in the Trust zone).
6.
Right-click ethernet1 and select the Edit icon. The General Properties screen appears.
7.
Configure the interface to use an IP address and netmask of 192.168.1.1/24. For Interface
Mode, select NAT.
Select the DHCP Server IP Pools tab, and then configure the following options:
8.
For starting IP, enter 192.168.1.3.
Chapter 3: Network Settings
93