SSG-5: Layer-2-Firewall and Layer-3-Router on same device?



  • Hi,

    I am very new to Juniper Firewalls and Routers, so forgive the question ๐Ÿ™‚

    Currently I use the SSG-5 connected to the ISP-Provided public IP Subnet on ethernet0/0. My internal network is connected to ethernet0/1.
    There is a VPN Tunnel connecting the internal LAN to the corporates network. Internet Access is NATed out directly.
    I have some servers which requires a dedicated public IP, at the moment they are connected directly to the ISP-Provided IP Subnet. (See attached Juniper-old.jpg)

    It is pretty bad having no firewall in front of those devices. Is it possible to place the SSG-5 โ€œbetweenโ€ the servers and the ISP-Subnet?
    The SSG-5 would have to do transparent firewalling. Is the device capable to do this and still provide me NAT and VPN functionality?
    (See attached Juniper-new.jpg)

    I hope there is any solution for my case.

    Thanks 1000 times in advance ๐Ÿ™‚

    Best regards,
    BigEndian
    Juniper-old.jpg
    Juniper-new.jpg



  • Hi,

    SSG may work with that configuration, but L2/L3 mixed mode is not officially supported.

    Regards,


 

34
Online

38.5k
Users

12.7k
Topics

44.5k
Posts