Hello,

I have an Untangle z4Plus that will replace an in-production Juniper Netscreen ns5gtDu. I am not familiar with Netscreens and am getting confused trying to piece this together.

The Netscreen is in place in our internal network separating a vendor's network from our own. The vendor does require limited access to our network and vice versa.

I am having trouble translating the settings from the old device to the new.

I've included the Netscreen current config lines for what I need to do on the Untangle side.

Would you mind pointing me in the right direction?

THANK YOU!!! I know this is a lot to put into one post, but my brain is fried from this and a dozen other revolving projects...


NOTES:

Eth0 - "US LOCAL" main local network - 10.1.1.0/24
"US - DEV" network - 10.1.2.0/24 (network back at datacenter that "US" network has access to)
"US PROD" network - 10.1.3.0/24

Eth1 - "THEM LOCAL" main local network - 10.10.10.0/23
"THEM PROD" network - 10.10.20.0/24
THEM LOCAL gateway 10.10.10.1
THEM PUBLIC IPS 01 4.20.20.0/24
THEM PUBLIC IPS 02 4.2.0.5/32
THEM PUBLIC IPS 03 4.13.0.0/16
THEM INTERNET GATEWAY 8.8.8.8

1. Need to set a "MIP" / NAT rule for traffic coming from THEM / eth1 to IP 10.10.10.40 to pass through to server on US DEV / through Eth0 US network (server address 10.1.2.2)

set interface "untrust" mip 10.10.10.40 host 10.1.1.2 netmask 255.255.255.255 vr "trust-vr"

2. "Set Address"

I am not clear on where in the Untangle I would add these. They are referenced in the firewall rules (next section).

set address "Trust" "US PROD NETWORK" 10.1.3.0 255.255.255.0
set address "Trust" "US DEV SERVER" 10.1.2.2 255.255.255.255
set address "Trust" "US NETWORK" 10.1.1.0 255.255.255.0
set address "Untrust" "THEM PROD" 10.10.20.0 255.255.255.0

3. Firewall Rules

set policy id 6 from "Untrust" to "Trust" "THEM PROD" "MIP(10.10.10.40)" "ANY" permit log
set policy id 6
set log session-init
exit
set policy id 4 from "Trust" to "Untrust" "US DEV SERVER" "Any" "ANY" permit log
set policy id 4
set log session-init
exit
set policy id 3 from "Trust" to "Untrust" "US PROD NETWORK" "Any" "ANY" permit log
set policy id 3
set src-address "US LOCAL NETWORK"
set log session-init
exit
set policy id 5 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log
set policy id 5
set log session-init

4. Routes

I THINK I have these correct. I have network, netmask, next hop configured

EX - 10.1.0.0/16 next hop 10.1.1.254

set route 10.1.0.0/16 interface trust gateway 10.1.1.254 preference 20
set route 4.20.20.0/24 interface untrust gateway 8.8.8.8 preference 20
set route 4.2.0.5/32 interface untrust gateway 8.8.8.8 preference 20
set route 0.0.0.0/0 interface trust gateway 10.1.1.254 preference 20
set route 4.13.0.0/16 interface untrust gateway 8.8.8.8 preference 20
set route 10.10.10.0/23 interface untrust gateway 10.10.10.1 preference 20 permanent
set route 10.10.20.0/24 interface untrust gateway 10.10.10.1 preference 20 permanent