Can I setup a firewall inside a already existing network protected by a firewall
nickcberk last edited by
I’m fairly new at this…
So I have my internal network protected by a Juniper NS 5GT with trust interface set to 10.0.0.1/24 and untrust interface set to our public IP address range which is connected to our Service providers router. What I want to do is setup a Test environment within this internal network (trust zone) where I will have another Juniper NS 5GT inside it (Firewall A (original network) connected to a switch connected to Firewall B (Test Sub-Network)). To make this so much easier the way I wanted to do this is to pull another line and public IP address down from the router but I can’t because we’ve run out of public IP address and a new 1 won’t be ready for 10-15 days (of which I don’t have). Sooo, is there anyway to do this internally. I’ve got the trust interface of the test sub-network working fine and I can ping the firewall just fine from a computer within the sub-network which is behind Firewall B. I cannot get any computer on the original network to ping the untrust interface of the firewall. I’ve enabled ping on the untrusted interface. I’ve also setup a policy to allow RDP through a specific port to 1 of the computers in the test sub-network… I try to RDP from my computer on the internal network to that computer on the test sub-network but it can’t find it.
What am I missing? Is this possible?
Any help appreciated. Thanks!
hrz last edited by
you should set your untrust zone to your original trust zone and your new test network to the firewall trust zone.
Untrust A<–-A—>TrustA<---->Untrust(B)<----> Trust B
the B firewall must have an IP in range of A trust
if your internal firewall B has a trust IP of firewall A then all the machine on trust zone should be able to ping the B firewall,(you must allow ping)
for your internal new zone machine to have access to A trust you need a policy along with destination NAT and for reverse access a MIP, VIP, Source Nat