Hi all! I am in way over my head. I am a software developer that was asked to take on the task of setting up a SRX300 in our office that will connect to our AWS cloud. Obviously networking is not my thing and I am needing assistance from people that have hopefully dealt with the Junos OS.
What I have done:
We already have an existing AWS VPC. I setup a Customer Gateway, Virtual Private Gateway and a S2S VPN Connection within AWS. This really isn't my issue...
What I need help with:
We already have a firewall/dns/dhcp/etc server. The purpose of getting the SRX was to be a VPN appliance to AWS. We plan on distributing these to our customers when we setup their AWS EC2, VPC, etc. I need to know how to setup the SRX so that I can keep it behind the firewall, but keep the existing switches hooked up to the firewall. Basically, I just want to plug the SRX into a port on the interior network switch, give it a static local IP (10.?.?.?), which is what our network uses (Class A). Then set it up so that it will be the gateway for the AWS network (Class B - 172.16.?.?). Basically anytime someone inside the network attempts to go to 172.16.?.? it will use the SRX as the gateway through the VPN to the AWS VPC. I know this sounds easy, but I have fought with this appliance for a few days now and I am beat. I am throwing in the towel and going to tell my boss that I am not a networking guru and never claimed to be.
I appreciate any guidance anyone can give.
For those not familiar with Junos, the initial setup makes me choose 1 of 3 methods to setup the appliance. There is standard, cluster (high availability) and passive mode. I am thinking that I want to use passive mode, but then I am told that I must make a choice of other components and I have to choose one. The choices are:
- Universal Threat Management (requires license)
- Intrusion Prevention System (requires license)
- Sky ATP
- Security Intelligence
- User Firewall
Questions:
- Do I connect the cable from the switch that is connected to the firewall into the 0/0/0 port?
- Is that the only cable I need to connect?
- What settings do I need to enable/change for the appliance to know that there is already a DHCP/DNS server on the network?
- How do I tell the appliance to use the existing firewall as the gateway to get to the outside?
- How do I turn off DHCP/DNS for the appliance, so it doesn't interfere with the existing firewall?
Thanks!
No comments:
Post a Comment