Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] How to create a rule with a mapped IP (MIP) in NetScreen Security Manager (NSM)

0

0

Article ID: KB10953 KB Last Updated: 22 Oct 2020Version: 5.0
Summary:
Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
How Do I Create a Rule With a Mapped IP (MIP) in NSM?
Solution:

To create a rule using a MIP in NSM version 2007.3r1, perform the steps below.

(If the NSM version is 2004, refer to the following article: KB4326 - How do I create a rule with a MIP in NSM version 2004)

1. Connect to NetScreen Security Manager.

2. From the Device Manager, click to select Security Devices. Right-click the device, and select Edit.

Image of step two

3. From Network, click to select Interface. Right-click ethernet0/4 (or the interface bound to the untrust interface where the MIP will reside), and click Edit.

Image of step three

4. To add the MIP to the device, from NAT, click to select MIP, and under MIP, click the +

Image of step four

5. From the MIP window, configure using the following settings:
  • Mapped IP: 1.1.1.1
  • Netmask: 32
  • Host IP: 172.16.75.55
  • Host Virtual Router Name: trust-vr
 Image of step five
6.  Click  OK.

7. To accept the new MIP setting, from the Interface window, click OK.

8. From the Device window, click OK.

9. From the Object Manager, select NAT Objects, and then click Global MIP and click on + to add a new MIP.

Image of step nine

10. From the New Polymorphic MIP text box, enter 1 - Web Server, and then click +

Image of step ten

 11.  From the New - MIP window, configure the following settings:
  • Device: InternetFW
  • Interface: ethernet0/4
  • mip: 1.1.1.1

Image of step eleven

12. Click OK

13. From the Polymorphic MIP window, click OK.

Image of step thirteen

14. From the Policy Manager, select the Policy where the rule is to be added and click on

Image of step fourteen

15. Select Add Rule.

16. In the new rule that is added, under  From Zone, right-click and click on Select zone.

Image of step sixteen

17. In the Select Zone window, in the pull-down menu for Select In-Device Zone choose untrust and click OK.

Image of step seventeen

18. Under To Zone, right-click and select trust.

19. Under Destination, right-click ANY, and select Add Address.

Image of step nineteen

  20. From the Select Destination Addresses window, expand Global MIP, and then click to select 1 - Web Server, and then click on Add==> button to move it under  Selected Addresses/Groups

Image of step twenty

21. Click OK.

22. Under Action, right-click Deny, and click Permit.

Image of step twenty-two

23. From Device Manager, click Security  Devices.

Image of step twenty-three

24. Right-click InternetFW, and then click Update Device.

25. From the Save Changes window, click Yes.

Image of step twenty-five

Modification History:
2020-10-21: Tagged article for EOL/EOE.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search