CRITICAL NOTE: We have found that IPv6 pings sent to the Juniper SSG5 will cause the device to REBOOT. Turning off IPv6 pings will prevent this issue.
The Juniper SSG5 runs on ScreenOS and we have found the ScreenOS SIP ALG works well. Instructions for activating the ALG can be found at the link below.
This article is to assist users unfamiliar with the Juniper SSG 5 running ScreenOS in getting their device up and running to the point where they can register their devices and make and receive phone calls. The SSG 5 is designed for small to medium businesses to act as a fully functional gateway providing firewall, routing and wireless services in an all-in-one device..
This walk through requires a degree of networking familiarity and is not designed for every networking eventuality, choosing accessibility over specifics in every instance. Your company’s own security and networking policies may contradict information presented within this document.
You will need to know your basic network information beforehand. If your provider supplies DHCP or if you are given a static IP, you’ll need the IP address, Subnet Mask and gateway address.
Screen shots are not supplied for every step. In the instance a screen shot is not supplied, verify that there are no specific instructions for that step, if there are not hit Next accepting the defaults options provided.
Physically connect the device as shown in the documentation included on the CD, with your ISP's Ethernet hand-off in the Ethernet port marked 0/0 and a networking cable going from your PC to the port labeled 0/3. Open your web browser and go to web address http://192.168.1.1
From here, select the default of "Use the Initial Configuration Wizard instead."
You will be prompted to provide an administrative user and password combination. Use a name password combination that you will remember which is also safe.
You'll be prompted to configure the wireless access point. We found the default selection to be perfectly fine. Just hit Next.
You'll be prompted to set one interface for untrust, dmz and trust zone respectively. Untrust in this instance refers to the internet at large. DMZ means no processing happens whatsoever on traffic to that port. Even if you do not use a DMZ, you'll need to reserve a port for the DMZ. We found the defaults of eth0/0 to be your Ethernet hand-off from your ISP, and eth0/1 to be the DMZ port to be fine. Just hit Next.
There are several elements which require your attention here and we'll deal with them in turn.
The first thing you'll define is how your Internet Service Provider assigns you an IP address, DHCP, DHCP over PPOE or Static IP. Confer with your ISP if you are uncertain.
After you have selected how your SSG will get an IP address, click on the text by the wireless antenna above the SSG to configure the wireless connection. Your individual company will need to decide what level of security is to be afforded to your wireless connection. OnSIP suggests that you do NOT leave your SSID security Open which is the default.
Click the link for bgroup0(Trust Zone) to set up your internal network's default IP assignment. Keep the default information. This means that to log into the SSG in the future you'll use 192.168.1.1.
Click the link for eth0/1(DMZ Zone) and also select Static IP. We are using 192.168.3.1 for all DMZ assignments for this example.
Then select Next at the bottom of the screen.
Here you'll be presented with the options you've thus far chosen.
Next you'll be asked if you want the Juniper device to dynamically assign IP addresses to your local wireless hosts using DHCP? We suggest Yes. Confer with your ISP for your suggested DNS.
Next you'll be asked if you want the Juniper device to dynamically assign IP addresses to your local wired hosts using DHCP? We suggest Yes. Confer with your ISP for your suggested DNS.
You'll once more be given additional a list of settings you've selected. Hit Next.
You'll be given a final screen shot of your changes and you'll be given a warning of what you'll have to do next.
Device is going to restart, when this is done, you must do the following to continue managing the NetScreen device with the WebUI:
1. Close this instance of your browser.
2. Open a new instance, and enter management ip of the device in the URL field.
3. When prompted to log in, enter your new login name and password.
It takes approximately 5 minutes to write and reboot but there will be no visible difference on the SSG itself.
After the SSG reboots you'll log in with the credentials you choose above and then your SSG is up and ready to be used in its basic condition with OnSIP and the internet in general. The SSG5 is a powerful device for most offices and as such we suggest you become familiar with it before making large scale changes which could potentially negatively affect your office.
From here, you will need to set the SIP ALG.