Netscreen 5xp Setup Help

Why is the trust interface down? Thats your first hurdle.

Okay, there wasn't enough config/status posted in your first message to determine if something was right or wrong or what the problem was, other than you were showing the interface as down.

Otherwise, the bit you posted looked okay.

First steps to troubleshoot your problem.

Make sure you can ping outwards from the firewall and get to your next-hop gateway.

Make sure that you have a default static route installed.

Make sure that you have a policy from Trust->Untrust allowing All-All-Any. (not every network wants this policy, but it is a default policy, and lets outbound traffic get out).

If you are doing NAT (IIRC, you were), make sure the default any outbound policy has the NAT flag checked.

You do NOT need to worry about bandwidth setup, or logging or usage at this point. Your basic setup is to put the IPs on the interfaces, setup the default route, and check on your policies. The policies and interfaces are what you need to worry about starting out.

Ok. Everything was setup right from what I could tell. From what I could tell I had to change the bandwidth on the trust interface from 0 to something.I matched the untrust and trust with 1024 and it works.I was able to ping but unable to move traffic thru the web browser, Now I have to get help on the vpn setup.I dont know if this is possible but I would like to setup a group and then just add users as I need or take away.I am essentially trying to learn this and a cisco pix501 to be able to set them up and have multiple sites connected together.

There has been a new development on this that is not makeing sense to me. Moved the netscreen to a new location that has static ip's/ Now it will only get on if I type in the ip address of the site not the dns url. Its having an issue resolving addresses. The old location it was set to go out thru a linksys router.Put in the static ip's for that network and gateway as the linksys address. All worked there. New location has static ip's on a dsl account. Heres the layout. DSL comes in to netopia that has dhcp and nat turned off. 2 other routers connect thru by setting up the ip's and dns servers (Belkin.Netgear) Those work just fine. In the netscreen put in the static ip's on the untrust side with the gateway set to the netopia just like the other routers.Put in the dns server given by the isp. I can ping the gateway and outside world only by ip. I can go to sites if I type in the ip address. Put in a url and it can't go. Changed dns to the gateway and to the trust side ip still the same. Now if the same settings work in the other routers why is this having an issue resolving correctly.

Internet > DSL modem > switch> 3 routers. (belkin. netgear.work fine)(NS not resolving addresses.)

Policy on outgoing is set to any just like it was before. Any ideas or help is appreciated.

Are you expecting the Netscreen box to be a DNS proxy? (It doesn't do that, but some of those other boxes you mention usually can be DNS proxys).

What device is being your DHCP server? What info is it handing out as the DNS server? Something internal? Something external?