Hello everyone, I have a doubt about the route forwarding, hoping to get everyone's help, Thanks!
Sorry for my bad English~~
Here is a simple topology description(The Ip Address is not Really, just for example):
{Client:[ PC with IP 3.3.3.3]}|----|{Internet Cloud--[ISP Router with IP 4.4.4.4]}|----|{Company:[Juniper SSG140 with OutsideIP:4.4.4.5,DmzIP:192.168.1.1]--[DmzServer:192.168.1.2]}
Now:
1. There is nothing Route except DirectedConnected or Host Route on SSG140
2. DmzServer publishing its Web Service By using SSG140's VIP (Eg:4.4.4.6:80)
3. Set Policy from Untrust To DMZ permit any client to access DmzServer
3. Access http://4.4.4.6 from Client , it work!!
According to my understanding, There is no route to match 192.168.1.2->3.3.3.3, the access request should not be successful, but it worked, Why???
I guess maybe The SSG140 has the features just like Cisco CEF or Something Routing Over Lay2(eg:FabricPath), Anyone has idea ? Thanks! Sorry for my bad English again!