1

Do Juniper firewalls support MPLS

view story
linux-howto

http://www.debianadmin.com – This article provides information about the support extended by Juniper firewalls for MPLS. As of ScreenOS 6.3.0 , 6.2.0r3 onwards: Firewalls that are running in the Route (Layer 3) mode do not support or cannot pass MPLS packets. Firewalls that are running in the Transparent (Layer 2) mode can pass MPLS packets, when the VLAN1 bypass-non-ip option is enabled (set interface vlan1 bypass-non-ip). Related content: ScreenOS support NAT in Transparent mode (Layer 2 mode) How to configure port aggregation in juniper Firewall/IPSec VPN devices Howto set Netscreen SSG model firewall (Distributions)

dayu's picture
Submitted by dayu on 10/14/2012

Stories similar to Do Juniper firewalls support MPLS

Starting with ScreenOS 6.2, the support for NAT in Transparent mode has been added with some limitations. ScreenOS 6.2 allows DIP pools to be defined on the VLAN1 interface for use in the policy-based NAT only.

This must be configured on an extended IP of the vlan1 interface, as shown below.

In order to bundle multiple physical ports together, port aggregation can be used. This way the bandwidth of multiple links can be combined into one virtual aggregate interface. This feature is available in ISG series and NetScreen-5000 series firewalls.

Important Note:- In the Firewall/IPSec VPN product range the ISG series and NetScreen-5000 series firewalls support port aggregation.

There is quite an amount of buzz in the telecommunications industry about MPLS. I am able to understand how an MPLS works over an IP network (MPLS L3). But, what is an MPLS layer 2 network and how is it different from an MPLS L3 network?

Some pointers to relevant sites will also be highly appreciated.

If you want to set the ARP cache timeout in Screen OS Firewalls use the following procedure Procedure to follow First you need to login in to your juniper firewall with SSH once you logged in run the following command get config | inc arp If the output generates nothing, then the ARP age is [...]

I'm trying to configure a Juniper SSG5 for VPN. So far I'd say I'm lost lost lost.

The server (just one for now) is a dedicated host at a hosting company.

I have a block of 8 public IPs (/29), the SSG5 has it's own IP (separate subnet from my 8 public IPs), and routes requests for the public IP's to the server.

There are two interfaces defined on the SSG5.

We had VOIP phone service and an MPLS connection between our main office and a branch office installed recently. The genuis who set things up created an internal network at the branch office using 10.11.0.0/24. Our main office has an internal network of 10.10.0.0/16 The two networks are not communicating well. We have tried to setup a route using the firewalls. Some things work, others don't.

This tutorial is a reference to understand which devices and versions can be managed by the latest NSM versions.

The table below is only for general NSM compatability information.

Related content: How to fix NSM 2011.1 S2 administration page not showing NSM configuration Debian Sources List Generator Howto clear DNS cache in Bluecoat Proxy Server Submin - S

How do I use a wildcard mask in VPM policy (Bluecoat proxy)

Solution To place a wildcard mask into the VPM policy object, use (.*). An asterisk only (*) will not work. For example, "http://www.mrbean.com/*/xyz" won't work.

For the last years we've been using a Sonicwall PRO 2040 firewall in a relatively small hosting environment. But we want to upgrade to a faster box which also support IPv6 and preferably we'd like to stay with Sonicwall (as it has served us well over the years) and upgrade to a NSA 2400.

All this time we have run this firewall in so called 'transparent mode'.