Re: 2nd opinion about scenario on MAG4610 ?

gabox_ · ‎05-17-2012

Hi Team. I want to ask you about 2 scenarios. I have a Juniper Netscreen plus one MAG 4610 SA mode. I have not enough experience in how configure fw in transparent mode. My doubt is which scenario is better ?

thanks in advance.

zanyterp_ · ‎05-21-2012

what is transparent mode? probably the L3 scenario

gabox_ · ‎05-22-2012

Thanks for your Answer. Could you explain me, why you chose layer 3 ?

AJA_ · ‎05-29-2012

Please read the admin guide which will help you in the SA deployment.

There are 2 modes - single arm and double arm mode.

ed_gpc_ · ‎06-01-2012

Transparent mode on screenos is L2 firewall

zanyterp_ · ‎06-01-2012

I went with L3 as I am not familiar with L2 details.

gabox_ · ‎06-06-2012

Thanks a lot for yours answer.

-Zany, Could you show me your scenario ? and if is it possible basic config ?

regards.

jayLaiz_ · ‎06-25-2012

Hi,

The L3 config is what I would recommend, you can connect the dmz port of your firewall to the external intreface of the Juniper SA ands do a one-one NAT to NAT a public IP to the IP assigned to the external interface of the JUniper SA, users will be connecting to the SA using that public IP from the outside.You need to allow port 443 inbound to the extrenal interface of the Juniper SA and also port 4500 udp if you want to use ESP as the transport mode for network connect Users.The internal Port of the SA can be connected to the internal network(There would be no one-one NAT required here)

Regards,

Jay

gabox_ · ‎09-05-2012

ok, thanks a lot! i test all suggestion.