Juniper Networks and SBS Question

Discussion in 'Networking & Security' started by 65Kfosta, Feb 20, 2009.

  1. 65Kfosta

    65Kfosta [H]Lite

    Messages:
    88
    Joined:
    Feb 11, 2009
    Trying to figure out how to setup my juniper networks 5GT i just got

    My old setup was

    Cisco IAD-2400 -- SBS 2003 External IP----SBSDHCP --- Local Switch


    Any suggestions on how to set this up would be great I have read the whole manual but im still confused

    Thanks
     
  2. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    So your SBS box was running multi-homed in the old setup?
    I'd change to single homed..hide it all behind the Juniper.
    Port forward 4125 and 443 for RWW/OWA
    Port forward port 25 for SMTP mail delivery

    Done.
     
  3. 65Kfosta

    65Kfosta [H]Lite

    Messages:
    88
    Joined:
    Feb 11, 2009
    Yes it was multihome how do i change it to single homed

    Right now one card is the external 69.15.153.xxx address and one is the internal 172.21.1.xxx internal address
     
  4. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    Basically disable the WAN NIC...and re-run the CEICW weeeeezard.

    Prior to that...setup your Juniper so the LAN IP address is in the same IP range as your primary network...say...172.21.1.1

    Uplink it to your main switch, where your server and rest of your network are also plugged into.

    The Junipers WAN/Internet port (Untrusted) will link to your broadband modem..and obtain the public IP address on that port. Juniper does NAT and all the other firewall/UTM features.

    (I'm pretty sure that model does NAT like traditional gateway routers)
     
  5. 65Kfosta

    65Kfosta [H]Lite

    Messages:
    88
    Joined:
    Feb 11, 2009
    Will this allow the sbs to continue to distribute dhcp addresses ?
     
  6. Asgorath

    Asgorath [H]ard|Gawd

    Messages:
    1,253
    Joined:
    Jul 12, 2004
    Yep. Firewall does NAT. DC does DNS, DHCP, WINS, etcetc
     
  7. atomiser

    atomiser Gawd

    Messages:
    619
    Joined:
    Jun 12, 2004
    the 5gt's have a dhcp server enabled on the trust port by default, so ensure you console in and turn that off before wiring it into your network. simply re-addressing the trust interface away from the default 192.168.1.1/24 should disable the dhcp, but just go in and check to be sure.

    juniper kit by default will nat connections going from trust to untrust (since the trust interface is in nat mode and the untrust interface is in route mode - this is configurable if you want it to be), so you just setup an outbound policy for permitted services.

    for stuff coming inbound (mail, vpn, rww etc) you have several options for the nat configuration. which one you use will depend on how many public ip addresses you have and whether (for whatever reason) you want the different services offered up on different addresses. if you just want everything to hit the public ip address associated with the untrusted interface then setup a vip, if you want to offer things on different addresses then you would setup mip's.

    once you've setup your address translation you will then need to accompany that with an inbound policy for the services you want to permit. you will need to setup some of the sbs functionality as custom services - 4125 for rww, as an example.

    if you need any help with the config then give me a nudge, i work with this kit day in day out.
     
  8. berky

    berky 2[H]4U

    Messages:
    2,233
    Joined:
    Aug 28, 2001
    so why do you need the sbs? can't the juniper do all those functions for you and simplify the setup?
     
  9. atomiser

    atomiser Gawd

    Messages:
    619
    Joined:
    Jun 12, 2004
    lol, i suspect this guy is using more than just the dhcp server functionality of sbs! ;)
     
  10. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    SBS is your domain controller...so active directory, user accounts.

    Also it's your email server, and remote web workplace portal, and sharepoint, and file and print sharing, and application hosting, and faxing, and backups, and...well....all sorts of serious Server Stuff that a firewall/router is not designed to do.
     
  11. berky

    berky 2[H]4U

    Messages:
    2,233
    Joined:
    Aug 28, 2001
    gotcha. I don't mess with servers too much and I just assumed this was standard home network stuff. looking at it again, i'm assuming this is probably a small business?
     
  12. Protoform-X

    Protoform-X [H]ard|Gawd

    Messages:
    1,203
    Joined:
    Jan 30, 2002
    Small Business Server
     
  13. YeOldeStonecat

    YeOldeStonecat [H]ardForum Junkie

    Messages:
    11,330
    Joined:
    Jul 19, 2004
    To be fair to the one who asked...some of us run SBS at home too. ;)
     
  14. berky

    berky 2[H]4U

    Messages:
    2,233
    Joined:
    Aug 28, 2001
    yeah, i know what it stands for, but as stonecat mentioned, some of the people around here use it for home, and since 99% of the questions here are home related.... i just wasn't thinking, plain and simple :p
     
  15. Protoform-X

    Protoform-X [H]ard|Gawd

    Messages:
    1,203
    Joined:
    Jan 30, 2002
    Fair enough. Looking back, that comment was much ruder than I intended it to be. Sorry about that.
     
  16. 65Kfosta

    65Kfosta [H]Lite

    Messages:
    88
    Joined:
    Feb 11, 2009
    Does anyone know if you can do load balancing between to lines with the Juniper 5gt