Juniper SRX240 Firewalls

Geekzone Status | Geekzone User IP information | NZ Cell Sites Map | Amazon order page (Kindle, books, electronics)

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

Check our new Geekzone Price Comparison web site for electronics prices in New Zealand.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Juniper SRX240 Firewalls

JAMMAN2110

871 posts

Ultimate Geek

Trusted

Topic # 69647 12-Oct-2010 16:34
Hi all We are looking at getting a Juniper SRX240 firewall but I can't find any information to answer some questions. I need to know if the ports are physically separate or if they are just VLANed apart. (After switching has been disabled) We need to have 1 interface connected to Citylink that can handle multiple IP addresses, and a backup ADSL / VDSL card. Different servers will have different IP addresses / ports associated with them, but for compliance purposes we need to be able to prove that Server A on port ge-0/0/5 (which has IP XXX.XXX.XXX.XXX externally) can't talk directly to Server B on port ge-0/0/6 (which has IP XXX.XXX.XXX.YYY externally) Can anyone help me answer the above question? Cheers James

muppet

1126 posts

Uber Geek

Trusted

Reply # 391020 12-Oct-2010 16:44
I don't quite understand what you're asking, sorry :) The ports don't act like a hub though, if that's what you mean? You have to say "this port's in this VLAN" Tim Checkout the EPIC5 script I work on, LiCe. Makes console based IRC fun and easy to use, just like the old days!

JAMMAN2110

871 posts

Ultimate Geek

Trusted

Reply # 391024 12-Oct-2010 16:48
muppet: I don't quite understand what you're asking, sorry :) The ports don't act like a hub though, if that's what you mean? You have to say "this port's in this VLAN" Tim I'm finding it quite hard to explain. Really, we need one ethernet port for internet (I'm ignoring the ADSL / VDSL card) and then have the other Ethernet ports as separate zones, such as "Web Servers", "Mail Servers", "File Servers" etc Does that explain it better? I'm told we need to do better than just VLANs

michaelmurfy

They see me trollin'
1607 posts

Uber Geek

Trusted

Telecom NZ

Subscriber

Reply # 391042 12-Oct-2010 17:34
The best thing would be to put the likes of certain ports on certain vlans, for example: If you had Port ge-0/0/1 connected to Citylink with multiple IP addresses it might be worth asking if they can do BGP with this, that way using BGP they can route you different IP addresses and all you need to do is to update the router config to make these changes. From here, you can allocate different computers / devices to different IP's - you can also get the Juniper to do natting for all computers on the "LAN" and give external IP's to the servers as needed. If you didn't want the network on Port ge-0/0/2 accessing anything on port ge-0/0/1 the normal step would be to separate them with use of Vlans, you can also add certain devices to different vlans depending on your needs. It's pretty hard to explain, but the best step would be for you to head over to these articles: http://www.juniper.net/techpubs/software/erx/erx51x/swconfig-routing-vol2/html/bgp-config.html (This is for setting up BGP) http://www.juniper.net/techpubs/software/management/nmc-rx/nmc-rx73x/swconfig-nmc-rx-vol2/html/vlan-config.html (Setting up Vlans) http://www.juniper.net/techpubs/software/erx/junose71/swconfig-routing-services/html/nat-config.html (Nat Config) With these routers don't get sucked into using the web interface, it's best to leave this disabled and use the CLI - you will get your head around things easier that way. The cool thing with these routers is if you are doing the config through the CLI and break something (and had a working config beforehand) then the router will revert to that working config after a reboot unless if you commit it. Good luck! Good on you for supporting Juniper! They are awesome pieces of equipment! Michael Murphy [Twitter] [Last.fm] [IPv6 Sage] Anything written up there is my own view on life, the universe and everything.

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow @geekzonenzforum

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow @geekz1

Follow us to receive Twitter updates when new jobs are posted to our jobs board:

Follow @geekzonenzjobs

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

Follow @geekzoneprices

News »

Amazon brings Kindle Fire to 170 countries, expand app store to more than 200 countries
Posted 24-May-2013 14:41

Gen-i and SAP partner in mobile business
Posted 23-May-2013 09:23

Ericsson to close down telecom cable manufacturing
Posted 23-May-2013 08:46

FaceToFace Communications and StarLeaf bring unique cloud-based videoconferencing to Australia and New Zealand
Posted 22-May-2013 09:12

IBM Watson finds a new job: customer services
Posted 22-May-2013 08:37

Microsoft unveils Xbox One
Posted 22-May-2013 08:11

Trending now »

Hot discussions in our forums right now:

Fecked up religious people strike again :-(
Created by Mark, last reply by freitasm on 25-May-2013 08:44 (85 replies)

... 4 5 6

Cannabis is illegal yet we have really strong 'legal highs' ?
Created by qwerty7, last reply by freitasm on 23-May-2013 23:20 (74 replies)

... 3 4 5

Xbox One
Created by DjShadow, last reply by Kingy on 24-May-2013 13:48 (68 replies)

... 3 4 5

A new project coming to Geekzone
Created by freitasm, last reply by l43a2 on 24-May-2013 23:02 (342 replies)

... 21 22 23

Troublesome transition to VDSL
Created by oseiler, last reply by michaelmurfy on 24-May-2013 13:57 (18 replies)

... 2

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by wlfkfgkwlaktka on 24-May-2013 15:49 (1564 replies)

... 103 104 105

Monolithic Cement Sheet cladding mid 80s house - "leaky home" or not?
Created by joker97, last reply by mattwnz on 24-May-2013 23:46 (15 replies)

Warning - Users with Tenda ADSL modem
Created by Psi, last reply by Psi on 24-May-2013 22:01 (44 replies)

... 2 3

Geekzone Jobs »

Most recent NZ jobs in technology:

Organisational Change Analyst
Posted 24-May-2013 19:28

Dedicated Java Developer/ Technical lead
Posted 24-May-2013 18:28

Account Manager - IT/Telco
Posted 24-May-2013 18:28

Commercial Java Developer
Posted 24-May-2013 18:28

Senior DB2 Database Administrator
Posted 24-May-2013 18:28

Technical BA
Posted 24-May-2013 18:28

OSS Systems Engineer
Posted 24-May-2013 18:28

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.

RSS feeds: Main feed; Forums feed; Tech Jobs feed; All RSS feeds

Site features: Geekzone Mobile; @GeekzoneMail; Geekzone Badges; Geekzone on Twitter

Geekzone offers: Amazon orders (Kindle, books, everything); MightyApe orders; Free technology white papers

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising on Geekzone; Trademark and copyright

©2002-2013 Geekzone®