Juniper Networks and SBS Question

6

65Kfosta

Weaksauce
Joined
Feb 11, 2009
Messages
88
Trying to figure out how to setup my juniper networks 5GT i just got

My old setup was

Cisco IAD-2400 -- SBS 2003 External IP----SBSDHCP --- Local Switch


Any suggestions on how to set this up would be great I have read the whole manual but im still confused

Thanks
 
So your SBS box was running multi-homed in the old setup?
I'd change to single homed..hide it all behind the Juniper.
Port forward 4125 and 443 for RWW/OWA
Port forward port 25 for SMTP mail delivery

Done.
 
Yes it was multihome how do i change it to single homed

Right now one card is the external 69.15.153.xxx address and one is the internal 172.21.1.xxx internal address
 
65Kfosta said:
Yes it was multihome how do i change it to single homed

Right now one card is the external 69.15.153.xxx address and one is the internal 172.21.1.xxx internal address
Click to expand...

Basically disable the WAN NIC...and re-run the CEICW weeeeezard.

Prior to that...setup your Juniper so the LAN IP address is in the same IP range as your primary network...say...172.21.1.1

Uplink it to your main switch, where your server and rest of your network are also plugged into.

The Junipers WAN/Internet port (Untrusted) will link to your broadband modem..and obtain the public IP address on that port. Juniper does NAT and all the other firewall/UTM features.

(I'm pretty sure that model does NAT like traditional gateway routers)
 
the 5gt's have a dhcp server enabled on the trust port by default, so ensure you console in and turn that off before wiring it into your network. simply re-addressing the trust interface away from the default 192.168.1.1/24 should disable the dhcp, but just go in and check to be sure.

juniper kit by default will nat connections going from trust to untrust (since the trust interface is in nat mode and the untrust interface is in route mode - this is configurable if you want it to be), so you just setup an outbound policy for permitted services.

for stuff coming inbound (mail, vpn, rww etc) you have several options for the nat configuration. which one you use will depend on how many public ip addresses you have and whether (for whatever reason) you want the different services offered up on different addresses. if you just want everything to hit the public ip address associated with the untrusted interface then setup a vip, if you want to offer things on different addresses then you would setup mip's.

once you've setup your address translation you will then need to accompany that with an inbound policy for the services you want to permit. you will need to setup some of the sbs functionality as custom services - 4125 for rww, as an example.

if you need any help with the config then give me a nudge, i work with this kit day in day out.
 
so why do you need the sbs? can't the juniper do all those functions for you and simplify the setup?
 
berky said:
so why do you need the sbs? can't the juniper do all those functions for you and simplify the setup?
Click to expand...

SBS is your domain controller...so active directory, user accounts.

Also it's your email server, and remote web workplace portal, and sharepoint, and file and print sharing, and application hosting, and faxing, and backups, and...well....all sorts of serious Server Stuff that a firewall/router is not designed to do.
 
gotcha. I don't mess with servers too much and I just assumed this was standard home network stuff. looking at it again, i'm assuming this is probably a small business?
 
Protoform-X said:
Small Business Server
Click to expand...

yeah, i know what it stands for, but as stonecat mentioned, some of the people around here use it for home, and since 99% of the questions here are home related.... i just wasn't thinking, plain and simple :p
 
Fair enough. Looking back, that comment was much ruder than I intended it to be. Sorry about that.
 
Does anyone know if you can do load balancing between to lines with the Juniper 5gt
 
You must log in or register to reply here.
Back
Top