HOWTO: Configure your Juniper Firewall

This page will guide you through the configuration of a Juniper firewall to get the best performances out of reemo and allowing you and your users to get a direct/udp connection with Reemo.

Get started

To get started, connect on the web administrator console

Zone Address Book

Under Security\Policy Elements, open the Zone Address Book item

Add a new Address for Turn1 Reemo Server

• Zone : Internet

• Address Name: Reemo_TURN1

• Domain Name : turn1.reemo.io

Add a new Address for Turn2 Reemo Server

• Zone : Internet

• Address Name: Reemo_TURN1

• Domain Name : turn1.reemo.io

Add a new Address for Signal Reemo Server

• Zone : Internet

• Address Name: Reemo_Signal

• Domain Name : signal.reemo.io

Address Overview

Applications

Under Security\Policy Elements, open Applications menu

Add Custom-Applications for Reemo TURN

• Application Name : Reemo_TURN_UDP443

• Match IP protocol: udp

• Destination Port : 443

Add Custom-Applications for Reemo Protocol OUT

• Application Name : Reemo_Protocol_out

• Match IP protocol: udp

• Source Port : 58200-58400

Add Custom-Applications for Reemo Protocol IN

• Application Name : Reemo_Protocol_in

• Match IP protocol: udp

• Destination Port : 58200-58400

Applications Overview

Security Policy

Under Security\Security Policy, Add Policy for TURN Servers

• Policy Name : Reemo_TURN

• Policy Action : permit

• From Zone : internal

• To zone : Internet

• Source Address : LAN

• Destination Address : Reemo_TURN1 , Reemo_TURN2

• Applications : Reemo_TURN_UDP443 , junos-https

Add Policy for Signal Server

• Policy Name : Reemo_Signal

• Policy Action : permit

• From Zone : internal

• To zone : Internet

• Source Address : LAN

• Destination Address : Reemo_Signal

• Applications : junos-https

Add Policy for ReemoAgent in

• Policy Name : ReemoAgent_in

• Policy Action : permit

• From Zone : internal

• To zone : Internet

• Source Address : LAN

• Destination Address : any

• Applications : Reemo_Protocol_in

Add Policy for ReemoAgent out

• Policy Name : ReemoAgent_out

• Policy Action : permit

• From Zone : internal

• To zone : Internet

• Source Address : LAN

• Destination Address : any

• Applications : Reemo_Protocol_out

Policies Overview

NAT Policy

Under NAT\Source click on the Global Settings

In Interface Port-Overloading section, click Off and click OK to validate

Add rules in your main Source Rule Set

Add rule for Reemo testpage

• Rule Name : Reemo_NAT_TestPage_rule

• Source Address : Local Network range (ex: 192.168.1.0/24)

• IP Protocol : udp

• Destination address : 0.0.0.0/0

• Port : 443

• Action Section :

  • Select Do Source NAT With Egress Interface Address

  • Select Persistent

    • Permit : any-remote-host

Add rule for ReemoAgent out

• Rule Name : ReemoAgent_out

• Source Address : Local Network range (ex: 192.168.1.0/24)

• Ports : 58200-58400

• IP Protocol : udp

• Action Section :

  • Select Do Source NAT With Egress Interface Address

  • Select Persistent

    • Permit : any-remote-host

Add rule for ReemoAgent in

• Rule Name : ReemoAgent_in

• Source Address : Local Network range (ex: 192.168.1.0/24)

• IP Protocol : udp

• Port Range : 58200-58400

• Action Section :

  • Select Do Source NAT With Egress Interface Address

  • Select Persistent

    • Permit : any-remote-host

NAT Overview