When you manage a firewall in one office, you set it up, test and deploy. You will only change the firewall policy when you need to add ports allowing to enter know "network or traffic" to your private network, or update firewall policy for your new server application, etc. This is once in a blue moon configuration.
This is a different situation if you are managing a big network, changing firewall policies is a daily or week task.
For this article, I will provide a step by step procedure to complete this task. To setup a Mapped IP or some tech guys prefer to use NAT for network address translation.
Save your Firewall configuration:
Before you begin making changes to your existing Firewall policy, download a fresh backup of your configuration firewall policies. In a small network, you manage your Netscreen/Juniper Firewall using Internet Explorer, go to the Firewall box IP Address, for this example let us connect to 192.168.1.2.
Login to your Firewall using your admin account or use the default account "netscreen", and your password. Click on Login to continue.
Click on Configuration, Update, then Config File
In Current System Configuration: (Total size: 11000 bytes, you will your actual byte size here), click on Save to File.
File Download, click Save
Save it to your workstation drive or network drive for restore if needed.
Let's create the Object that you need for this setup:
Click on Objects
In List, click on New to create a new network address.
Address Name: KING_NET
Select zone: untrust
Click on OK to continue.
If you create a multiple networks e.g. KING_NET2 18.104.22.168/24, KING_NET3 22.214.171.124/24, and so on...
You can use the Groups object to include the network in one group to simplify the Firewall policy.
Let's now create a MAPPED IP or MIP or NAT:
Click on Network
Click on Interfaces, here you will see the name of ethernet1, ethernet2, ethernet3, ethernet4 or more depending on your firewall device. In this page, you will see the IP/Network assignment, Zone, Type Layer3, Link status (up or down) and configure.
You need to identify your internal network and public network. In your public network, click the Edit (configure), click MIP, click New to add.
Mapped IP: 126.96.36.199
Host IP Address: 192.168.1.100 ; this is the IP address of your server.
Host Virtual Router Name: trust-vr
Add this object to the Firewall Policy:
Click on Policies
From: Untrust, To: Trust, click New to add new policy
Source Address: ANY or specific network only
Destination Address: Your Mapped IP server
Service: Any or specific service only to protect your server (recommended)
Tunnel: optional for this example.
Click on OK to save
The new firewall policy is successfully added to your device.
Now test your server if accessible from outside using the define networks and services.
For any question, please post here.
Have a safe computing environment.