05-17-2012 07:48 AM
Hi Team. I want to ask you about 2 scenarios. I have a Juniper Netscreen plus one MAG 4610 SA mode. I have not enough experience in how configure fw in transparent mode. My doubt is which scenario is better ?
thanks in advance.
06-25-2012 04:51 AM
The L3 config is what I would recommend, you can connect the dmz port of your firewall to the external intreface of the Juniper SA ands do a one-one NAT to NAT a public IP to the IP assigned to the external interface of the JUniper SA, users will be connecting to the SA using that public IP from the outside.You need to allow port 443 inbound to the extrenal interface of the Juniper SA and also port 4500 udp if you want to use ESP as the transport mode for network connect Users.The internal Port of the SA can be connected to the internal network(There would be no one-one NAT required here)