dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
665
share rss forum feed

atsak

join:2012-03-24
Oakville, ON

[DSL] Juniper SSG firewalls and Teksavvy Static IP blocks

In case you want to use a Juniper SSG firewall with / blocks of static IP's from Teksavvy, they are a bit tricky to config. Here's how I got it to work after reading a BUNCH of articles. There may be other ways, but I thought I'd post the steps here.

1. Setup a custom zone (called custom-zone if you like) in the untrust-vr.

2. Bind the outbound interface (ethernet0/0 is typically what I use but it doesn't matter) to the zone. Setup the PPPoE connection for that.

3. Assign a secondary IP of the first available IP in your block (so mine happens to start at .80, so I gave the interface .82)

4. MIP any additional IP's you need.

5. Set your 0.0.0.0/0 route in the trust-VR to point to the untrust-VR

6. Set your policies for allow (or deny) statements from custom-zone to trust (or DMZ, however you want to have it organized)

I haven't fooled around with route based VPN's yet so I'm not sure what the impact is for tunnel binding etc. I might get around to that soon.

Since you can get SSG 5's used (if scratched) on ebay right now for around $90 it's a real firewall for a pretty decent price. One thing to note the Junipers are pretty strict in their networking approaches and can't do MLPPP over PPPoE, nor do they support things like uPNP so they are not for typical home users.