Skip to main content

Whaddya know how to Mapped IP network using Juniper/Netscreen Firewall?

When you manage a firewall in one office, you set it up, test and deploy. You will only change the firewall policy when you need to add ports allowing to enter know "network or traffic" to your private network, or update firewall policy for your new server application, etc. This is once in a blue moon configuration.

This is a different situation if you are managing a big network, changing firewall policies is a daily or week task.

For this article, I will provide a step by step procedure to complete this task. To setup a Mapped IP or some tech guys prefer to use NAT for network address translation.

Save your Firewall configuration:
Before you begin making changes to your existing Firewall policy, download a fresh backup of your configuration firewall policies. In a small network, you manage your Netscreen/Juniper Firewall using Internet Explorer, go to the Firewall box IP Address, for this example let us connect to 192.168.1.2.

Login to your Firewall using your admin account or use the default account "netscreen", and your password. Click on Login to continue.

Click on Configuration, Update, then Config File
In Current System Configuration: (Total size: 11000 bytes, you will your actual byte size here), click on Save to File.
File Download, click Save
Save it to your workstation drive or network drive for restore if needed.

Let's create the Object that you need for this setup:
Click on Objects
Address
In List, click on New to create a new network address.

For example:
Address Name: KING_NET
IP/Netmask: 200.10.2.1/24
Select zone: untrust
Click on OK to continue.

If you create a multiple networks e.g. KING_NET2 200.20.2.1/24, KING_NET3 200.30.2.1/24, and so on...

You can use the Groups object to include the network in one group to simplify the Firewall policy.

Let's now create a MAPPED IP or MIP or NAT:
Click on Network
Click on Interfaces, here you will see the name of ethernet1, ethernet2, ethernet3, ethernet4 or more depending on your firewall device. In this page, you will see the IP/Network assignment, Zone, Type Layer3, Link status (up or down) and configure.

You need to identify your internal network and public network.  In your public network, click the Edit (configure), click MIP, click New to add.

Mapped IP: 200.10.2.100
Netmask: 255.255.255.255
Host IP Address: 192.168.1.100 ; this is the IP address of your server.
Host Virtual Router Name: trust-vr

Add this object to the Firewall Policy:
Click on Policies
From: Untrust, To: Trust, click New to add new policy 

Source Address: ANY or specific network only
Destination Address: Your Mapped IP server
Service: Any or specific service only to protect your server (recommended)
Tunnel: optional for this example.
Logging: optional
Click on OK to save

The new firewall policy is successfully added to your device.

Now test your server if accessible from outside using the define networks and services. 

For any question, please post here.

Have a safe computing environment.




Popular posts from this blog

Alternative Social Networks

If you are planning to create your social network e.g. similar to Facebook. Here's a short list of alternative software's:

Open Source and Free​
http://buddypress.org/ - Wordpress (Open Source and Free)http://elgg.org/ - (Open Source and Free)Commercial Social Networks software
http://www.socialengine.com/ ($299 Stand Alone, $29/mo Cloud)http://www.jomsocial.com/ (run with Joomla, need to know CMS)http://www.boonex.com/ (very expensive, $399 for Standard)http://www.anahitapolis.com/http://www.oxwall.org/http://sharetronix.com/http://www.moosocial.com/http://www.jcow.net/http://phpdolphin.comhttp://www.grou.ps (from free to Commercial, I left my networks and they are selling it http://www.phpfox.com/ (I used this before, it's hard to maintain. I moved to NING but left too after it was sold to another company)http://www.ning.com (I don't recommend using this service, it's hard to export your data when it's time to move)Something to check when selecting your next soc…

Example of Out of Office Reply for Terminated Employee

This is a sample message that I used for terminated employees, unless HR staff specified a different message.
=== Example for KING.NET Employee === John Doe (employee or consultant) is no longer with KING.NET effective June 1, 2008 (termination date). For matters relating to "Project Name here" please direct your concerns to John Smith at johnsmith@king.net (Manager or Supervisor). For all other matters, please direct your email to Mary Smith HR at marysmith@king.net.
Please call our main office 703-345-6789 if you have other concerns.
Thank you.
=== end of message ===

Frequent Account Lockout in Active Directory

I have a user in Windows Pro 7, and Windows Server 2003 environment that is frequently account locked out. I tried many different scenarios to resolve this account lockout issue, from resetting his password, changing a new password, remove and re-join the domain, rebooting the workstation and active directory servers.

I tried to use the command prompt utility to run "rundll32.exe keymgrdll, KRShowKeyMgr" (case sensitive) to delete the account in Windows 7 password cache, and still no luck.

Still searching for answer ... Let me know if you encounter a similar issue in Windows Pro 7 and Windows Server 2003.

Continue reading updated post here:
http://www.whaddya.com/2011/09/windows-needs-your-credentials.html