Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How Do I Create a Rule With a Mapped IP (MIP) in NSM?

0

0

Article ID: KB4326 KB Last Updated: 12 Aug 2010Version: 5.0
Summary:
How Do I Create a Rule With a Mapped IP (MIP) in NSM?  Refer to KB10953 if NSM is version 2007.3r1.
Symptoms:

Solution:
To create a rule using a MIP in NSM 2004, perform the steps below:

NOTE:  If the NSM version is 2007.3r1, then refer to this article instead: KB10953 - How Do I Create a Rule With a MIP in NSM 2007.3r1



Connect to NetScreen Security Manager. For more information, go to Connecting to the NetScreen Security Manager.

From the Device Manager, click to select FW/VPN Devices.

Image of step two and three

Right-click the device, and select Edit.

Expand Network, and then click Interface.

Image of step four and five

Right-click untrust (or the interface bound to the untrust interface where the VIP will reside), and click Edit.

To add the MIP to the device, expand NAT, and then click to select MIP.

Image of step six and seven

Under MIP, click +.

From the MIP window, configure using the following settings:

  • Mapped IP: 1.1.1.1
  • Netmask: 32
  • Host IP: 172.16.75.55
  • Host Virtual Router Name: trust-vr

Image of step eight and nine

Click OK.

From the Interface window, click OK.

Image of step ten


From the Device window, click OK.

Image of step eleven


Expand Object Manager, expand NAT Objects, and then click Global MIP.

Image of step twelve


Under Global MIP, click +.

Image of step thirteen


From the New Global MIP text box, enter Web Server.

Image of step fourteen and fifteen

Click +.

From the HardSecClient - MIP window, configure the following settings:

  • Device: HardSecClient
  • Interface: untrust
  • mip: 1.1.1.1

Image of step sixteen and seventeen

Click OK.

From the New Global MIP window, click OK.

Image of step eightteen


Expand Policy Manager, and then click HSClient_1.

Image of step nineteen


In the From Zone drop down list, select untrust, and in the To Zone drop down list, select trust.

Image of step twenty and twenty-one

Click +, and then click Add Rule.

In the new rule, under Destination, right-click any, and then click Add Address.

Image of step twenty-two


From the Select Destination Addresses window, expand globalmip, and then click to select Web Server.

Image of step twenty-three and twenty-four

Click OK.

From Action, right-click deny, and then click Permit.

Image of step twenty-five


From Device Manager, click FW/VPN Devices.

Image of step twenty-six and twenty-seven


Right-click HardSecClient, and then click Update Device.

From the Save Changes window, click Yes.

Image of step twenty-eight

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search