In this article we will learn how to configure Juniper firewall as a beginner. So let's begin with below Network topology.
We will configure it to access the internet. If we login to the new Juniper firewall , there will be no password for root.
Just press ENTER.
root cli configure
Configuring root password
set system root-authentication plain-text-password commit
Now let's move to the main configuration part where we will configure Juniper as a network Gateway.
Interfaces configure on Juniper firewall
set interfaces fxp0 unit 0 family inet address 192.168.1.1/24 commit exit show interfaces terse
configure set interfaces ge-0/0/0 unit 0 family inet address 10.11.32.72/24 set interfaces ge-0/0/1 unit 0 family inet address 10.10.10.1/24 commit
Use "commit" command to apply candidate configuration as active configuration.
Zone configuration on Juniper firewall
I allowed everything on our Network. You can restrict services and protocols here.
configure set security zones security-zone untrust interfaces ge-0/0/0 set security zones security-zone untrust host-inbound-traffic system-services all set security zones security-zone untrust host-inbound-traffic protocois all set security zones security-zone trust interfaces ge-0/0/1.0 set security zones security-zone trust host-inbound-traffic system-services all set security zones security-zone trust host-inbound-traffic protocois all commit
Security policy configuration for Zone
In this section, I allowed everything in outgoing path and deny everything in incoming path.
edit security policies from-zone trust to-zone untrust policy lan-to-internet set match source-address any set match destination-address any set match application any set then permit exit commit edit security policies from-zone untrust to-zone trust policy deny-from-internet set match source-address any set match destination-address any set match application any set then permit exit commit
Configure static has a routing protocol
This is the way to configure static in Juniper firewall. Here is a basic Nat configuration on Juniper firewall.
set routin-options static route 0.0.0.0/0 next-hop 10.11.32.140 commit set security nat source rule-set lan-to-wan from zone trust set security nat source rule-set lan-to-wan to zone untrust set security nat source rule-set lan-to-wan rule subnet10 match source-address 10.10.10.0/24 set security nat source rule-set lan-to-wan rule subnet10 match destination-address 0.0.0.0/0 set security nat source rule-set lan-to-wan rule subnet10 then source-nat interface commit
You can now browse the Internet using any computer that connects to the Juniper's internal interface.
DHCP server configure on Juniper firewall
set system services dhcp pool 10.10.10.0/24 address-range low 10.10.10.2 set system services dhcp pool 10.10.10.0/24 address-range high 10.10.10.254 set system services dhcp pool 10.10.10.0/24 domain-name subnet10.net set system services dhcp pool 10.10.10.0/24 name-server 8.8.8.8 set system services dhcp pool 10.10.10.0/24 router 10.10.10.1 set system services dhcp pool 10.10.10.0/24 default-lease-time 3600 set security zones security-zone trust interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp commit
Facebook: https://www.facebook.com/routerbest
Twitter: https://twitter.com/routerbestcom
