Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  NAT/PAT from DMZ

    Posted 08-02-2009 22:51
    I've got an SSG20 running ScreenOS v6.0.0r4 and have set up an ethernet port to be a DMZ and set it to NAT to the Internet (PAT by default). When I put the port in the Trusted Zone, all works fine. When I put the port in the DMZ zone it does not work, and I suspect it will not do the NAT. Somewhere in these forums it has been said that the ScreenOS will NAT from the DMZ. Anybody know if there is an issue with NAT from a DMZ?


  • 2.  RE: NAT/PAT from DMZ

    Posted 08-03-2009 04:11

    Hi

     

    it isen't issue i invite you to read Volum2 Fundamentals >>>interface Mode 

     

    thanks 



  • 3.  RE: NAT/PAT from DMZ
    Best Answer

    Posted 08-03-2009 05:38

    Hi,

     

    When using interface NAT, the source Interface must be in the Trust.  When binding the source to the DMZ, you must specify the NAT using Policy.  Because of this limitation, I typically use Route mode for all interfaces and simply NAT via policy as needed.

     

    I hope this helps.

     

    -John



  • 4.  RE: NAT/PAT from DMZ

    Posted 08-03-2009 15:39
    Good advice. Worked like a charm ... thanks a bunch.