Looking for a guru that can help me setup NS5 gt-wireless unlimeted correctly

  • Looking for some to help setup my NS correctly :mrgreen:
    what i got is
    1 Netscreen-5 GT-Wireless unlimited

    Outside i have
    1 primary official ip adress
    32 routed official ip adresses

    i have
    3 subnets on seperate switches
    xxx.xxx.1.0 10-20 servers (my hosting system)
    xxx.xxx.10.0 5-10 servers
    xxx.xxx.66.0 20-50 clients
    one is public dmz
    second is private dmz
    theird is internal lan
    what i really like to is to set it up to save bandwith so routed adresses dosent need to to to isp and then back again to get solved.
    Then off curse a secure and correct setup with objects and so on and Vpn so i can gain access from outside (items i use for access is workstations"outside not mine" and workstations indside my own machines, laptop, Pda, mobile phone) and last strict access for admins like me and some friends so any guru there voluntiare to help me and so i can learn more.
    I do not make monye on my system it is for my self and friends and to host some off my webportals there support PHP CMS for free so  it is non profit.

  • I really dont know if it is extended just that it is unlimited
    but i can see the i can set port mode to four different stages
    Combined, Dual-Unthrust, Thrust-Unthrust, Home-Work

    I am not an expert thats why i whrite here :mrgreen:
    but where do i see that if it is a extended version
    but here is a output from the config from the gui

    Sessions:           2064 sessions
    Capacity:           unlimited number of users
    NSRP:               Disable
    VPN tunnels:        10 tunnels
    Vsys:               None
    Vrouters:           3 virtual routers
    Zones:              9 zones
    VLANs:              10 vlans
    Drp:                Enable
    Deep Inspection:    Enable
    Deep Inspection Database Expire Date: 2006/1/8
    Signature pack:     Standard Deep Inspection Pack
    AV:                 Enable(1)
    Anti-Spam:          Enable(1)
    Url Filtering:      Expire Date: 2006/1/8
    Deep Inspection signature database version is 484.

  • Engineer

    Also one thing you can think about is to use sort of physical zone for DMZ public and DMZ private. I assume you have an extended device ?
    Since you have 2 ports on each zone, you can connect public DMZ switch on 1 port and private DMZ switch on the other port. This two port will be in the same zone for the NetScreen but traffic have to flow through the box to pass from 1 DMZ to the pother. Define secondary IP to have your 2 DMZ in different subnet and then define intra zone policies.

  • the switches i got is not new ones
    xxx.xxx.10.1 has a synoptics switchs old bastard but reliable
    xxx.xxx.66.1 has a Dlink 3225G switch
    i do mean that dlink has vlan

    but if it help then i can merge dmz zones to one so i close dmz private and move all servers to public
    is the segments there are left if i remove dmz private

    and i do have a spare NS-5 XT 10 users if thats help



  • administrators

    You have 4 different zones.  It will not be possible to connect all of these unless you use sub-interfaces and 802.1q tags.  Do any of your switches support VLAN tags?