Looking for a guru that can help me setup NS5 gt-wireless unlimeted correctly
Looking for some to help setup my NS correctly :mrgreen:
what i got is
1 Netscreen-5 GT-Wireless unlimited
Outside i have
1 primary official ip adress
32 routed official ip adresses
3 subnets on seperate switches
xxx.xxx.1.0 10-20 servers (my hosting system)
xxx.xxx.10.0 5-10 servers
xxx.xxx.66.0 20-50 clients
one is public dmz
second is private dmz
theird is internal lan
what i really like to is to set it up to save bandwith so routed adresses dosent need to to to isp and then back again to get solved.
Then off curse a secure and correct setup with objects and so on and Vpn so i can gain access from outside (items i use for access is workstations"outside not mine" and workstations indside my own machines, laptop, Pda, mobile phone) and last strict access for admins like me and some friends so any guru there voluntiare to help me and so i can learn more.
I do not make monye on my system it is for my self and friends and to host some off my webportals there support PHP CMS for free so it is non profit.
I really dont know if it is extended just that it is unlimited
but i can see the i can set port mode to four different stages
Combined, Dual-Unthrust, Thrust-Unthrust, Home-Work
I am not an expert thats why i whrite here :mrgreen:
but where do i see that if it is a extended version
but here is a output from the config from the gui
Sessions: 2064 sessions
Capacity: unlimited number of users
VPN tunnels: 10 tunnels
Vrouters: 3 virtual routers
Zones: 9 zones
VLANs: 10 vlans
Deep Inspection: Enable
Deep Inspection Database Expire Date: 2006/1/8
Signature pack: Standard Deep Inspection Pack
Url Filtering: Expire Date: 2006/1/8
Deep Inspection signature database version is 484.
Also one thing you can think about is to use sort of physical zone for DMZ public and DMZ private. I assume you have an extended device ?
Since you have 2 ports on each zone, you can connect public DMZ switch on 1 port and private DMZ switch on the other port. This two port will be in the same zone for the NetScreen but traffic have to flow through the box to pass from 1 DMZ to the pother. Define secondary IP to have your 2 DMZ in different subnet and then define intra zone policies.
the switches i got is not new ones
xxx.xxx.10.1 has a synoptics switchs old bastard but reliable
xxx.xxx.66.1 has a Dlink 3225G switch
i do mean that dlink has vlan
but if it help then i can merge dmz zones to one so i close dmz private and move all servers to public
is the segments there are left if i remove dmz private
and i do have a spare NS-5 XT 10 users if thats help
You have 4 different zones. It will not be possible to connect all of these unless you use sub-interfaces and 802.1q tags. Do any of your switches support VLAN tags?