Configure NetScreen Between LAN and Internet Router

[squad4life]

Hello everybody,
I’m about to make my first installation of the firewall NetScreen 5GT, I read a lot of information about it, but I thinks that I need some more specific to what I want. With some examples etc…

Can anyone tell me Step by Step how to do this?

My Big problem is how to change the default IP address 192.168.xx and Submet Mask /24 to a different address (IP and Subnet Mask) and how be sure that that DHCP is working in new range with new address.

Cheers,

 

[Packet7]

Hello,

I would take the 5GT offline and connect via the console. From the command line enter (replace x and y values with your network info)

set int trust x.x.x.x y.y.y.y
set int trust manage
set int trust dhcp server service
set int trust dhcp option domain xxxx
set int trust dhcp option gateway x.x.x.x
set int trust dhcp option netmask y.y.y.y
set int trust dhcp option dns1 x.x.x.x
set int trust dhcp option dns2 x.x.x.x
set int trust dhcp option wins1 x.x.x.x
set int trust dhcp option wins2 x.x.x.x
set int trust dhcp enable
set route 0.0.0.0/0 int untrust gate x.x.x.x

save

Plug your PC/Laptop into one of the ports and verify DHCP info. Once this is done, you can also connect via the WebUI from your machine and configure the rest via the WebUI. Hope this helps.

Rgds,

John

Rgds,

John

 

[squad4life]

Thanks for that, I'm going to try after that I'll give a reply.

 

[squad4life]

Hello Packet7,

Is necessary to configure wins? because i don't have.

 

[Packet7]

Not at all. I just thought I would add in all the options. BTW, you might want to add the range as well. We usually reserve the first 10 IP's for static IP's. Try:

set dhcp server ip x.x.x.x to x.x.x.x

Hope this helps.

Rgds,

John

Rgds,

John

 

[maqsoodjee]

Packet7

I Just recently bought NetScreen 5GT & plug the device in our network ... like DSL ---- Netscreen ------ Network.
My question is what can i do. as i don't have any DNS as well as WINS in my network .
If i gave netscreen ip in the dns internet won't work & if i have gave ISP's DNS internet works but facing a problem not sure related to DNS or not. (every thing is done by DHCP running on Netscreen ).
I have two live IP's . 1 is assign to DSL eth port which is connected in NetScreen 5GT & 1 is assign to Netscreen Untrust Port. Netscreen is running with defualt wizard settings.
Help me.

Thankx

 

[Packet7]

Hi,

You can configured your Untrust IP as a DHCP client. Configure DHCP Server on the Trust as explained previosly and assign the Trust IP of the Netscreen for DNS. This will allow the Netscreen to act as a DNS Server for your internal machines. I normally like to add an additional two DNS Servers from the ISP as well. Let me know if you have any problems.

Rgds,

John

Rgds,

John

 

[maqsoodjee]

Hi Packet

Thankx for you the time you have looked into my problem. Well i can't really understand about untrust as a DHCP client.
Do you need me to send any config file to you.
I have 2 Live IP's . so 1 is configured on DSL eth & 2nd is configured on NetScreen untrust port.
DSL eth port is pluged into NetScreen Untrust port.
main problem is that in start Internet works if i assign ISP's DNS Server's to the client . but it just only for
10 - 15 minutes . & after 15 it stops working so if i repair / refresh mein network connection settings on client computer internet started work again. thats why i am more confused that why in the start internet work & after 15 min it goes down.

i hope you can understand my problem.

thankx

 

[Packet7]

Hi,

Not too sure I follow. If you have two ISP's, I would configure one has a primary and one as a secondary. If you have a static IP config, I would use your ISP's DNS and add the info to your DHCP options. We like to configure IP Tracking on our Untrust Interfaces so that in the event one ISP goes down, the link and route automatically failover. Hope this helps.


Rgds,

John

 

[maqsoodjee]

Packet
i just try to explain in a simple .I have

1 DSL Router ( Alcatel)
1 Netscreen 5GT
2 working Live IP's from the same ISP

i am using DSL to connect with ISP through PPOE with NO DHCP , NO NAT. I assign 1 of my live ip(202.49.99.181) to etho (LAN) & connected that LAN port to Untrust Port of NetScreen.After that i assign (202.49.99.182) to Untrust port of Netscreen.
Now i have assign 10.0.0.1 to trust port of Netscreen & install DHCP Server.I enable Nat on trust Port.
Before setting all the above settings i Run defualt config wizard with default settings.

Problem:

If i assign Netscreen (10.0.0.1) as DNS (through dhcp) to my client machine Internet did not work.
If i assign my ISP's DNS Server ( 203.127.40.3 , 203.127.40.4) (through DHCP) to my clients they started browes internet.

But that browsing is only for 10 - 20 minutes then it stop working . so i tried to ping Netscreen 10.0.0.2 it is pinging . so i tried repair my network connection on XP client. & after that internet started working again.

so this cycle continue every 10 - 20 minutes.
??

Hope you got much understanding.

Thank you very much.

 

[Packet7]

Hi,

I'm not sure I follow. When the browsing fails. Can you ping the trust, untrust, dsl modem and dns server from a client PC? Or is your PC NIC card failing?

Rgds,

John

 

[maqsoodjee]

Hi packet.

THank you very much for you time & interest .
I have solved the problem. Problem is
actulay i don't have any dhcp or dns server in my network & i use ether DSL / Netscreen dhcp/dns serverces so some how i don't know where but Netscreen show ip confliction due to which it stops working .
How i trace that problem
I tried with only 1 computer attached to it & also change the Internal IP pool genious na?
& it works great.

Packet i have traced 1 more problem . before netscreen my users use pptp to connect remote computers . but after netscreen maximum or my users are unable to pptp . very few i think 1 or 2 are able to connect to remote server's via pptp.

know any reason for that?