click to play button
click to replay button
Practical Amazon VPC - Part 2 of 3 - Juniper SSG-5
X
  1. Introduction
  2. Juniper SSG-5 Overview
  3. Default UnTrust Zone
  4. Default DMZ Zone
  5. Default Trust Zone
  6. Port, Zone and Cabling Summary
  7. Juniper ScreenOS Configuration
  8. Juniper ScreenOS Configuration
  9. Setup Summary
  10. Setup Summary Recap
  11. VPC Subnets
  12. VPC Deployment Demo Plan
  13. Demo
00:00 / 00:00
CC
Our device: Juniper SSG 5 ssg-5-pic.jpg Cabling guide: Internet/Untrust “zone” ssg-5-pic.jpg ethernet-0/0 ScreenOS Zone: UnTrust Connected to: Internet Cabling guide: DMZ “zone” ssg-5-pic.jpg ethernet-0/1 ScreenOS Zone: DMZ Connected to: Nothing (unused) Cabling guide: Trust “zone” ssg-5-pic.jpg ethernet-0/2 - 0/6 “bgroup0” ScreenOS Zone: Trust Connected to: Local Network Cliché Setup Example ssg-5-pic.jpg ethernet-0/2 - 0/6 “bgroup0” Connected to company LAN (“Trust Zone) ethernet-0/1 Connected to DMZ servers (FTP, SMTP, Web, etc.) (“DMZ Zone”) ethernet-0/0 Connected to Internet (“Untrust Zone) Juniper ScreenOS Configuration Oversimplifying but Configuring the device mainly revolves around: Configuring “zones” Configuring policies that enforce what is allowed to occur within each zone Configuring policies that enforce what traffic is allowed to pass/route/transit between zones A number of useful things are already setup by default on the device Juniper ScreenOS Configuration Our configuration Untrust Zone / port ethernet-0/0: Connect to internet, assign static IP DNS name: dirt.bioteam.net Allow SSH & HTTPS to static IP Block just about everything else Trust Zone / port ethernet-0/2: Attach to internal 192.168.1.0 network Connect port ethernet-0/2 to our testing server ScreenOS Policy: Allow ALL from Trust to Untrust Actual Setup ssg-5-pic.jpg ethernet-0/2 Connected to 192.168.1.0/24 network and our test Linux server ethernet-0/0 Connected to internet as “dirt.bioteam.net” VPC Deployment Demo One Juniper SSG-5 Attached to internet as ‘dirt.bioteam.net’ One local test server Attached to Juniper SSG-5 “Trust” Zone Local network: 192.168.1.0/24 Our Local Environment VPC Deployment Demo Amazon VPC lets us define our subnets We can define multiple subnets using standard CIDR network notation When starting EC2 servers we can tell AWS what subnet to attach our server to For this demo: One standard Class-C subnet (10.0.0.1/24) One smaller subnet (10.0.0.128/25) Our Amazon Cloud VPC Environment VPC Deployment Demo Set up an Amazon VPC link Define our two cloud subnets Configure our Juniper SSG-5 Bring the VPC link up Using our local test server: Start an EC2 server within our private cloud Confirm that it has been assigned an IP address within our defined 10.0.0.128/25 subnet Confirm we can ping & login to it via our local test server The Plan Demo