ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Monkeyman
Posts: 12
Registered: ‎07-08-2008
0
Accepted Solution

SSG20 how to forward a port to a host on DMZ

Hi, I have an SSG with a couple of servers running on the trusted interface. I have a few ports published via VIP and they are accessible from the internet. I have one server on the DMZ interface but cant get the port forwarding working to that server.

 

I currently have an allow all policy from DMZ > UNTRUST and  from UNTRUST > DMZ

 

I also have VIP configured on the UNTRUST interface to forward the port to the ip of my server in DMZ

 

Am I missing something here?

 

 

thanks

 

 

 

Contributor
TravisJohnson
Posts: 116
Registered: ‎12-14-2009
0

Re: SSG20 how to forward a port to a host on DMZ

Sounds like you have covered it, can you post config related to VIP and Policies for services you are trying to forward?

________________________________________________


If my post helped you, please feel free to give me kudos.
Contributor
TravisJohnson
Posts: 116
Registered: ‎12-14-2009
0

Re: SSG20 how to forward a port to a host on DMZ

Sorry for double reply, but....

 

The policy for untrust to dmz allow all won't work for the VIP.

 

You have to create a policy and place it above the any with the vip as the destination.

________________________________________________


If my post helped you, please feel free to give me kudos.
Contributor
Monkeyman
Posts: 12
Registered: ‎07-08-2008
0

Re: SSG20 how to forward a port to a host on DMZ

That worked great, thanks for the info!

 

 

Contributor
TravisJohnson
Posts: 116
Registered: ‎12-14-2009
0

Re: SSG20 how to forward a port to a host on DMZ

That's what we are here for

________________________________________________


If my post helped you, please feel free to give me kudos.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.