why not use application junos-http instead of defining appication HTTP?
}
from-zone untrust to-zone DMZ-trust {
policy INTERNET-TO-DMZ {
match {
source-address any;
destination-address WebServer;
application HTTP; <=====Delete this and use junos-http whichis already created for you as you can see. for the image.
applications {
application HTTP { <======Deactivate this application
protocol tcp;
destination-port 80;
Use these commands to delete HTTP rom the policy and add junos-http:
At the top of the heirarchy, save your configuration
#save rdgcatell_config (use this to restore if you need to0
#deactivate applications application HTTP
#edit security policies from-zone untrust to-zone DMZ-trust policy INTERNET-TO-DMZ
#delete match application HTTP
#set match application junos-http
#set match application junos-https
#delete security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
commit confirmed
Test- if all is well then enter commit within 10 minutes, otherwise the configuration will rollback
BTW you don't have an IP address on interface vlan.0? Is that working okay?
When you try to connect if it fails,
>show security flow session to see the packet flow
If no go, then we set up data-path debug