Example: Configuring MIPs (NSM Procedure)

In this example, you create a MIP to handle inbound traffic to your Web server. After configuring the MIP, you create a Global MIP to represent the MIP you created for the device, and then use the Global MIP object in a Security Policy rule that permits HTTP traffic from any address in the Untrust zone to the MIP—and to the host with the address to which the MIP points—in the Trust zone. All security zones are in the trust-vr routing domain.

To configure a MIP:

  1. Add a NetScreen-50 security device. Choose Model when adding the device and configure the device as running ScreenOS 5.x.
  2. Configure the Trust interface for ethernet1.
    • In the device navigation tree, select Network > Interface.
    • Double-click ethernet1 (trust interface). The General Properties screen appears.
    • Configure the IP address as 10.1.1.1 and the Netmask as 24. Leave all other settings as default.
    • Click OK to save your changes.
  3. Configure the Untrust interface for ethernet2.
    • In the device navigation tree, select Network > Interface.
    • Double-click ethernet2 (untrust interface). The General Properties screen appears.
  4. Configure the IP address as 1.1.1.1 and the netmask as 24. Leave all other settings as default.
    • Click OK to save your changes.
  5. In the interface navigation tree, select NAT > MIP to display the MIP screen.
  6. Click the Add icon and configure the following:
    • For Mapped IP, enter 1.1.1.5.
    • For Netmask, enter 32.
    • For Host IP, enter 10.1.1.5.
    • For virtual router, select trust-vr.
    • Click OK to save the MIP.
  7. Click OK to save your changes to the interface, and then click OK to save your changes to the device.
  8. Create a Global MIP to reference the MIP you created for the device. You use a Global MIP when configuring NAT in a Security Policy rule; the Global MIP references the MIP for an individual device, enabling you to use one object (the Global MIP object) to represent multiple MIPs in a single rule.
  9. In the navigation tree, select Object Manager > NAT Objects > MIP.
  10. Click the Add icon to display the new Global MIP dialog box.
  11. Configure the Global MIP.
  12. Configure a firewall rule to route inbound HTTP traffic to the MIP address.

Related Documentation