ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
TSG
Contributor
TSG
Posts: 13
Registered: ‎11-24-2009
0
Accepted Solution

DMZ Setup issues

Options

‎11-27-2009 07:51 AM

Dear All

 

Im having some issues with my DMZ setup, basically i have configured my lan setup ok.

 

And im now setting up and testing my DMZ.

 

Ive assigned the Address 192.168.200.148/24  to my DMZ port

I have also set up a laptop for testing purposes with the IP 192.168.200.140/24

Ive configured allow all rules in both directions.

 

And have connected the laptop to the DMZ port but I cant even ping the DMZ port address (192.168.200.148) let alone try testing NAT or any advanced rules.

 

Any ideas what i may be missing..?

 

Many Thanks

P

Message 1 of 11 (8,834 Views)
 
Reply
Distinguished Expert
Distinguished Expert
muttbarker
Posts: 1,946
Registered: ‎01-29-2008
0

Re: DMZ Setup issues

Options

‎11-27-2009 08:31 AM

OK - Dumb question time - did you configure the DMZ I/F to allow for ping?

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Message 2 of 11 (8,839 Views)
 
Reply
TSG
Contributor
TSG
Posts: 13
Registered: ‎11-24-2009
0

Re: DMZ Setup issues

[ Edited ]
Options

‎11-27-2009 08:35 AM - edited ‎11-27-2009 08:46 AM

Rule is set as ANY-ANY alow and enabled for the DMZ

 

Network > Interfaces > list>DMZ>ping box is checked

 

I have no idea why this is failing all in the same network and same subnet....

 

Paul

Message 3 of 11 (8,837 Views)
 
Reply
Trusted Expert
Trusted Expert
SSHSSH
Posts: 593
Registered: ‎11-21-2009
0

Re: DMZ Setup issues

Options

‎11-27-2009 11:00 AM

have you enabled the manageble option  under Network > Interfaces > list>DMZ>

Message 4 of 11 (8,813 Views)
 
Reply
TSG
Contributor
TSG
Posts: 13
Registered: ‎11-24-2009
0

Re: DMZ Setup issues

[ Edited ]
Options

‎11-27-2009 01:31 PM - edited ‎11-27-2009 01:32 PM

Hi

 

No i haddnt enabled the Management option is that a requirment..?

Message 5 of 11 (8,805 Views)
 
Reply
Trusted Expert
Trusted Expert
SSHSSH
Posts: 593
Registered: ‎11-21-2009
0

Re: DMZ Setup issues

Options

‎11-28-2009 05:10 PM

yes ,  for ex to enable ping on that intarface :

check managable box

check ping

Message 6 of 11 (8,755 Views)
 
Reply
TSG
Contributor
TSG
Posts: 13
Registered: ‎11-24-2009
0

Re: DMZ Setup issues

Options

‎11-30-2009 02:04 AM

Hi There,

 

Not sure if you misunderstand but i have a PC connected DIRECTLY to the port, and i cant ping the DMZ address from that PC.

 

Would that be classed as external, every other device ive encountered will ping immediatly when connected in this way.

 

Paul 

Message 7 of 11 (8,734 Views)
 
Reply
Trusted Expert
Trusted Expert
SSHSSH
Posts: 593
Registered: ‎11-21-2009
0

Re: DMZ Setup issues

Options

‎11-30-2009 03:57 AM

Hi TSG

 i 'm just speaking about the following case

"  you are directly connected to the port & cannot ping its ip "

you need to do the following under the interface :

#check the box beside ping

#check the box named manageable beside the ip pf the interface

Message 8 of 11 (8,725 Views)
 
Reply
TSG
Contributor
TSG
Posts: 13
Registered: ‎11-24-2009
0

Re: DMZ Setup issues

Options

‎11-30-2009 04:15 AM

Hi There

 

Thanks for claryfying

 

Yes that is my situation.

Yes both of those options are sellected.

 

Still times out..Even tried it with old faithfull X-over cable still nothing.

 

Paul

 

 

Message 9 of 11 (8,723 Views)
 
Reply
Trusted Expert
Trusted Expert
SSHSSH
Posts: 593
Registered: ‎11-21-2009
0

Re: DMZ Setup issues

Options

‎11-30-2009 04:42 AM

ok

can you check if you have permitted ips configured

if permiteed ips confiured , these ips only can access the firewall

check if your configuration have  lines like that :

set admin manager-ip 172.16.40.42/32

Message 10 of 11 (8,721 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.