I have a medical office with a Juniper 208 Firewall. They want to add an Wireless access point for their patients in the waiting room. This need to be separate and unable to access their secure private network. What is the simplest way of doing this with the Juniper 208? Separate Port? Please explain config.

-Shawn

separate port, separate zone.

_________________
www.mellowd.co.uk/ccie/

Thanks for the reply. I thought that might have been the correct setup. I tried that before but was unable to get internet access with that config. Would you be able to provide a sample config?

Did you create rules between the zones? Enabled NAT? Checked the logs?

_________________
www.mellowd.co.uk/ccie/

Here is what I have ...

Created New Virtual Route:
name: public-vr

Created New Zone:
name: Public
virtual router: public-vr
interface: ethernet4

Set Interface:
interface: etnernet4
zone: Public
ip: static (172.21.20.1/24)
mode: NAT

Created New Policy:
direction: From Public To Untrust
service: http, https
action: Permit

Not sure where I went wrong?

-Shawn

Why did you create a new virtual router? All you need is new zones

Also you've allowed http and https, but what about DNS etc?

_________________
www.mellowd.co.uk/ccie/

Ok, looks good.

One more question. Is there a way to restrict access to the internet on that interface with a simple username and password. This is just to keep the honest people honest. This would allow the front desk receptionist to hand out the username/password to their clients in the lobby and disallow their neighbors to gain free internet access. I know I could configure a key on the wireless radio but I want to keep it simple for the staff and patients.

- Thanks, Shawn

You can't do that on the firewall

_________________
www.mellowd.co.uk/ccie/

would enabling Webauth on the that interface on the 208 do what you want?

Mark