Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  DMZ Configuration

    Posted 08-17-2008 03:03

    Dear ,

     

                Recently I have configured Netscreen 50 as transparent mode in our network. Now we are in plan of implementing DMZ network to publish two public servers. Can anyone help me , how to configure DMZ with the Netscreen 50 as it is transparent?

     

     

    Regards

     

    Abdul Rahuman.M



  • 2.  RE: DMZ Configuration

    Posted 08-17-2008 07:19

    transparent mode the v1-dmz same as v1-trust,use policy control the traffic flow.



  • 3.  RE: DMZ Configuration
    Best Answer

    Posted 08-17-2008 15:37
      |   view attached

    Hi,

     

    I have attached a diagram that show how a transparent box would look like with a DMZ.

     

    What you need to do is:

     

    1) Set one of the spare interfaces to the v1-dmz zone

     

    2) plug in a switch into the v1-dmz interface and the servers that need to be in the dmz into the switch.

     

    3) Create policies from v1-untrust to v1-dmz to allow certain traffic into the dmz for instance http.

     

    4) Becuase the firewall is in transparent mode it can't do and address translation, so if you network that your firewall on is an internal range eg. 192.168.1.0/24 then you will need another device upstream from the firewall to do the address translation for you to change a public IP from your ISP to the IP address of the server in the DMZ.

     

    Hope this information helps

     

    Regards

     

    Andy