11-27-2009 07:51 AM
Im having some issues with my DMZ setup, basically i have configured my lan setup ok.
And im now setting up and testing my DMZ.
Ive assigned the Address 192.168.200.148/24 to my DMZ port
I have also set up a laptop for testing purposes with the IP 192.168.200.140/24
Ive configured allow all rules in both directions.
And have connected the laptop to the DMZ port but I cant even ping the DMZ port address (192.168.200.148) let alone try testing NAT or any advanced rules.
Any ideas what i may be missing..?
Solved! Go to Solution.
11-27-2009 08:31 AM
OK - Dumb question time - did you configure the DMZ I/F to allow for ping?
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador
Juniper Elite Reseller
J-Partner Service Specialist - Implementation
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
11-27-2009 08:35 AM - edited 11-27-2009 08:46 AM
Rule is set as ANY-ANY alow and enabled for the DMZ
Network > Interfaces > list>DMZ>ping box is checked
I have no idea why this is failing all in the same network and same subnet....
11-30-2009 02:04 AM
Not sure if you misunderstand but i have a PC connected DIRECTLY to the port, and i cant ping the DMZ address from that PC.
Would that be classed as external, every other device ive encountered will ping immediatly when connected in this way.
11-30-2009 03:57 AM
i 'm just speaking about the following case
" you are directly connected to the port & cannot ping its ip "
you need to do the following under the interface :
#check the box beside ping
#check the box named manageable beside the ip pf the interface
11-30-2009 04:42 AM
can you check if you have permitted ips configured
if permiteed ips confiured , these ips only can access the firewall
check if your configuration have lines like that :
set admin manager-ip 172.16.40.42/32
11-30-2009 05:01 AM
Thats the one, I did have an entry for that network, just the wrong IP.
Allowed the whole 192.160.220 subnet now and its off pinging like a trooper...!
Knew it had to be somthing simple just couldnt see the wood for the trees..
Pint on me.!
(now off to deal with NAT)