SRX

last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX220 Port forwarding problems?

    Posted 05-24-2015 08:51

    Hello,

     

    I've been trying to setup port forwarding on the SRX (well, for the first time) using these commands:

     

     

    set applications application RDP protocol tcp
set applications application RDP destination-port 3389

set security zones security-zone trust address-book address main-server 10.100.9.9/32

set security nat destination pool server-rdp address 10.100.9.9/32 port 3389

set security nat destination rule-set dst-nat rule main-server-rdp match destination-address 0.0.0.0/0

set security nat destination rule-set dst-nat from zone untrust

set security nat destination rule-set dst-nat rule main-server-rdp match destination-port 44000

set security nat destination rule-set dst-nat rule main-server-rdp then destination-nat pool server-rdp


set security policies from-zone untrust to-zone trust policy untrust-to-trust-rdpms match source-address any
set security policies from-zone untrust to-zone trust policy untrust-to-trust-rdpms match destination-address main-server
set security policies from-zone untrust to-zone trust policy untrust-to-trust-rdpms match application RDP
set security policies from-zone untrust to-zone trust policy untrust-to-trust-rdpms then permit

     

    It doesn't seem to work - I couldn't access the forwarded RDP port from my mobile LTE connection. On a side note, dynamic VPN is enabled, I'm not sure if that's the problem or not.

     

    Thank you.

     



  • 2.  RE: SRX220 Port forwarding problems?

     
    Posted 05-24-2015 11:18
    If you are connecting throgh dynamic vpn then please add 10.100.9.9/32 to dynamic vpn protected resources and try


  • 3.  RE: SRX220 Port forwarding problems?

    Posted 05-29-2015 01:51

    Oh, sorry I didn't make myself clear. Dynamic VPN is enabled on the SRX, but my mobile device was NOT connected over Dynamic VPN.

     

    Anyway, thank you for information on the protected resource feature. I'll keep that in mind 🙂



  • 4.  RE: SRX220 Port forwarding problems?
    Best Answer

    Posted 05-24-2015 18:03

    Please chgeck if you are policy ordering is correct?

    If the DVPN policy is any any and is ahead of the port forwarding policy, then you might be hitting th wrong policy.

     

    Regards,
    C_R
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 5.  RE: SRX220 Port forwarding problems?

    Posted 05-29-2015 01:49

    Confirmed working. The dynamic VPN policy was on the top, and that caused the error. Thank you!