Can I setup a firewall inside a already existing network protected by a firewall

  • I’m fairly new at this…
    So I have my internal network protected by a Juniper NS 5GT with trust interface set to and untrust interface set to our public IP address range which is connected to our Service providers router.  What I want to do is setup a Test environment within this internal network (trust zone) where I will have another Juniper NS 5GT inside it (Firewall A (original network) connected to a switch connected to Firewall B (Test Sub-Network)).  To make this so much easier the way I wanted to do this is to pull another line and public IP address down from the router but I can’t because we’ve run out of public IP address and a new 1 won’t be ready for 10-15 days (of which I don’t have).  Sooo, is there anyway to do this internally.  I’ve got the trust interface of the test sub-network working fine and I can ping the firewall just fine from a computer within the sub-network which is behind Firewall B.  I cannot get any computer on the original network to ping the untrust interface of the firewall.  I’ve enabled ping on the untrusted interface.  I’ve also setup a policy to allow RDP through a specific port to 1 of the computers in the test sub-network… I try to RDP from my computer on the internal network to that computer on the test sub-network but it can’t find it.
    What am I missing?  Is this possible? 
    Any help appreciated.  Thanks!

  • you should set your untrust zone to your original trust zone and your new test network to the firewall trust zone.

    Untrust A<–-A—>TrustA<---->Untrust(B)<----> Trust B

    the B firewall must have an IP in range of A trust

    if your internal firewall B has a trust IP of firewall A then all the machine on trust zone should be able to ping the B firewall,(you must allow ping)

    for your internal new zone machine to have access to A trust you need a policy along with destination NAT and for reverse access a MIP, VIP, Source Nat