After a lot of goggling and testing I evetunaly got my SRX 100 working as a firewall for Sky fibre broadband utilising the SKY hub as an access point. ... Setup DHCP for the local LANset system services dhcp pool 192.168.50.0/24 address-range low 192.168.50.10 set system services dhcp pool 192.168.50.0/24 address-range high 192.168.50.49 set system services dhcp pool 192.168.50.0/24 default-lease-time 86000 set system services dhcp pool 192.168.50.0/24 name-server 8.8.8.8 set system services dhcp pool 192.168.50.0/24 name-server 212.159.6.10 set system services dhcp pool 192.168.50.0/24 router 192.168.50.1 set interfaces fe-0/0/0 unit 0 description ***ACCESS_POINT_SKY*** set interfaces fe-0/0/0 unit 0 family ethernet-switching port-mode access set interfaces fe-0/0/0 unit 0 family ethernet-switching vlan members VLAN50 Vlan (SVI) for wireless devices set interfaces vlan description ***WIRELESS*** set interfaces vlan unit 50 family inet address 192.168.50.1/24 Port facing BT modem set interfaces fe-0/0/2 unit 0 description ***WAN_SKY*** set interfaces fe-0/0/2 unit 0 family inet mtu 1492 set interfaces fe-0/0/2 unit 0 family inet dhcp client-identifier ascii "username@skydsl|password" (change with your details) Route for internet traffic set routing-options static route 0.0.0.0/0 next-hop 0.0.0.0 set routing-options static route 0.0.0.0/0 resolve Local to internet based traffic set security policies from-zone LocalLan to-zone WAN policy internet-access match source-address any set security policies from-zone LocalLan to-zone WAN policy internet-access match destination-address any set security policies from-zone LocalLan to-zone WAN policy internet-access match application any set security policies from-zone LocalLan to-zone WAN policy internet-access then permit # set security nat source rule-set rs1 from zone LocalLan set security nat source rule-set rs1 to zone WAN set security nat source rule-set rs1 rule r1 match source-address 0.0.0.0/0 set security nat source rule-set rs1 rule r1 match destination-address 0.0.0.0/0 set security nat source rule-set rs1 rule r1 then source-nat interface set security nat destination rule-set InBoundAccess from zone WAN set security nat destination rule-set InBoundAccess rule r1 match destination-address 0.0.0.0/0 set security nat destination rule-set InBoundAccess rule r1 match destination-port 8443 set security nat destination rule-set InBoundAccess rule r1 then destination-nat pool dst-nat-pool-1 # set security policies from-zone WAN to-zone LocalLan policy server-access match source-address any set security policies from-zone WAN to-zone LocalLan policy server-access match destination-address xxx set security policies from-zone WAN to-zone LocalLan policy server-access match destination-address xxx set security policies from-zone WAN to-zone LocalLan policy server-access match application TCP_8443 set security policies from-zone WAN to-zone LocalLan policy server-access then permit |
JUNIPER DUMP >