ScreenOS Firewalls (NOT SRX)
Reply
New User
MrSinista
Posts: 2
Registered: ‎02-11-2008
0
Accepted Solution

Need Help setting up DMZ traffic outbound allow to untrust or www

Hi Alls,

I need help on how to enable a system in the DMZ to be able to access the internet.
Not sure how to approach this.
Thanks in advance.

Mr.Sinista
Super Contributor
oldtimer
Posts: 227
Registered: ‎11-06-2007
0

Re: Need Help setting up DMZ traffic outbound allow to untrust or www

For any hosts that are in the DMZ zone, and you want it to communicate to the Internet (and you only have one public IP address available), you should use policy based nat.

For example, to allow everything from the DMZ to go to the Internet:

set policy from dmz to untrust any any any nat src permit

Interface nat will not work from dmz to untrust. Interface nat only works from trust to untrust.
New User
MrSinista
Posts: 2
Registered: ‎02-11-2008
0

Re: Need Help setting up DMZ traffic outbound allow to untrust or www

Thank you so much for taking the time to answer my question.

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.