ScreenOS Firewalls (NOT SRX)
Reply
Contributor
abdul_mh
Posts: 33
Registered: ‎06-18-2008
0
Accepted Solution

DMZ Configuration

Dear ,

 

            Recently I have configured Netscreen 50 as transparent mode in our network. Now we are in plan of implementing DMZ network to publish two public servers. Can anyone help me , how to configure DMZ with the Netscreen 50 as it is transparent?

 

 

Regards

 

Abdul Rahuman.M

Visitor
piaoyc
Posts: 3
Registered: ‎06-01-2008
0

Re: DMZ Configuration

transparent mode the v1-dmz same as v1-trust,use policy control the traffic flow.

Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008
0

Re: DMZ Configuration

Hi,

 

I have attached a diagram that show how a transparent box would look like with a DMZ.

 

What you need to do is:

 

1) Set one of the spare interfaces to the v1-dmz zone

 

2) plug in a switch into the v1-dmz interface and the servers that need to be in the dmz into the switch.

 

3) Create policies from v1-untrust to v1-dmz to allow certain traffic into the dmz for instance http.

 

4) Becuase the firewall is in transparent mode it can't do and address translation, so if you network that your firewall on is an internal range eg. 192.168.1.0/24 then you will need another device upstream from the firewall to do the address translation for you to change a public IP from your ISP to the IP address of the server in the DMZ.

 

Hope this information helps

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.