Wednesday, March 17, 2021

SRX300 - Junos setup questions

Hi all! I am in way over my head. I am a software developer that was asked to take on the task of setting up a SRX300 in our office that will connect to our AWS cloud. Obviously networking is not my thing and I am needing assistance from people that have hopefully dealt with the Junos OS.

What I have done:

We already have an existing AWS VPC. I setup a Customer Gateway, Virtual Private Gateway and a S2S VPN Connection within AWS. This really isn't my issue...

What I need help with:

We already have a firewall/dns/dhcp/etc server. The purpose of getting the SRX was to be a VPN appliance to AWS. We plan on distributing these to our customers when we setup their AWS EC2, VPC, etc. I need to know how to setup the SRX so that I can keep it behind the firewall, but keep the existing switches hooked up to the firewall. Basically, I just want to plug the SRX into a port on the interior network switch, give it a static local IP (10.?.?.?), which is what our network uses (Class A). Then set it up so that it will be the gateway for the AWS network (Class B - 172.16.?.?). Basically anytime someone inside the network attempts to go to 172.16.?.? it will use the SRX as the gateway through the VPN to the AWS VPC. I know this sounds easy, but I have fought with this appliance for a few days now and I am beat. I am throwing in the towel and going to tell my boss that I am not a networking guru and never claimed to be.

I appreciate any guidance anyone can give.

For those not familiar with Junos, the initial setup makes me choose 1 of 3 methods to setup the appliance. There is standard, cluster (high availability) and passive mode. I am thinking that I want to use passive mode, but then I am told that I must make a choice of other components and I have to choose one. The choices are:

  • Universal Threat Management (requires license)
  • Intrusion Prevention System (requires license)
  • Sky ATP
  • Security Intelligence
  • User Firewall

Questions:

  1. Do I connect the cable from the switch that is connected to the firewall into the 0/0/0 port?
  2. Is that the only cable I need to connect?
  3. What settings do I need to enable/change for the appliance to know that there is already a DHCP/DNS server on the network?
  4. How do I tell the appliance to use the existing firewall as the gateway to get to the outside?
  5. How do I turn off DHCP/DNS for the appliance, so it doesn't interfere with the existing firewall?

Thanks!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)