Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  DMZ Setup issues

    Posted 11-27-2009 07:52

    Dear All

     

    Im having some issues with my DMZ setup, basically i have configured my lan setup ok.

     

    And im now setting up and testing my DMZ.

     

    Ive assigned the Address 192.168.200.148/24  to my DMZ port

    I have also set up a laptop for testing purposes with the IP 192.168.200.140/24

    Ive configured allow all rules in both directions.

     

    And have connected the laptop to the DMZ port but I cant even ping the DMZ port address (192.168.200.148) let alone try testing NAT or any advanced rules.

     

    Any ideas what i may be missing..?

     

    Many Thanks

    P



  • 2.  RE: DMZ Setup issues

    Posted 11-27-2009 08:32

    OK - Dumb question time - did you configure the DMZ I/F to allow for ping?



  • 3.  RE: DMZ Setup issues

    Posted 11-27-2009 08:36

    Rule is set as ANY-ANY alow and enabled for the DMZ

     

    Network > Interfaces > list>DMZ>ping box is checked

     

    I have no idea why this is failing all in the same network and same subnet....

     

    Paul



  • 4.  RE: DMZ Setup issues

    Posted 11-27-2009 11:01

    have you enabled the manageble option  under Network > Interfaces > list>DMZ>



  • 5.  RE: DMZ Setup issues

    Posted 11-27-2009 13:32

    Hi

     

    No i haddnt enabled the Management option is that a requirment..?



  • 6.  RE: DMZ Setup issues

    Posted 11-28-2009 17:11

    yes ,  for ex to enable ping on that intarface :

    check managable box

    check ping



  • 7.  RE: DMZ Setup issues

    Posted 11-30-2009 02:04

    Hi There,

     

    Not sure if you misunderstand but i have a PC connected DIRECTLY to the port, and i cant ping the DMZ address from that PC.

     

    Would that be classed as external, every other device ive encountered will ping immediatly when connected in this way.

     

    Paul 



  • 8.  RE: DMZ Setup issues

    Posted 11-30-2009 03:58

    Hi TSG

     i 'm just speaking about the following case

    "  you are directly connected to the port & cannot ping its ip "

    you need to do the following under the interface :

    #check the box beside ping

    #check the box named manageable beside the ip pf the interface



  • 9.  RE: DMZ Setup issues

    Posted 11-30-2009 04:16

    Hi There

     

    Thanks for claryfying

     

    Yes that is my situation.

    Yes both of those options are sellected.

     

    Still times out..Even tried it with old faithfull X-over cable still nothing.

     

    Paul

     

     



  • 10.  RE: DMZ Setup issues
    Best Answer

    Posted 11-30-2009 04:43

    ok

    can you check if you have permitted ips configured

    if permiteed ips confiured , these ips only can access the firewall

    check if your configuration have  lines like that :

    set admin manager-ip 172.16.40.42/32



  • 11.  RE: DMZ Setup issues

    Posted 11-30-2009 05:01

    HOOYA

     

    Thats the one, I did have an entry for that network, just the wrong IP.

    Allowed the whole 192.160.220 subnet now and its off pinging like a trooper...!

     

    Knew it had to be somthing simple just couldnt see the wood for the trees..

     

    Cheers mate

    Pint on me.!

     

    Paul

    (now off to deal with NAT)