Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  SSG20 how to forward a port to a host on DMZ

    Posted 02-07-2010 14:17

    Hi, I have an SSG with a couple of servers running on the trusted interface. I have a few ports published via VIP and they are accessible from the internet. I have one server on the DMZ interface but cant get the port forwarding working to that server.

     

    I currently have an allow all policy from DMZ > UNTRUST and  from UNTRUST > DMZ

     

    I also have VIP configured on the UNTRUST interface to forward the port to the ip of my server in DMZ

     

    Am I missing something here?

     

     

    thanks

     

     

     



  • 2.  RE: SSG20 how to forward a port to a host on DMZ

    Posted 02-07-2010 23:04

    Sounds like you have covered it, can you post config related to VIP and Policies for services you are trying to forward?



  • 3.  RE: SSG20 how to forward a port to a host on DMZ
    Best Answer

    Posted 02-07-2010 23:06

    Sorry for double reply, but....

     

    The policy for untrust to dmz allow all won't work for the VIP.

     

    You have to create a policy and place it above the any with the vip as the destination.



  • 4.  RE: SSG20 how to forward a port to a host on DMZ

    Posted 02-08-2010 00:35

    That worked great, thanks for the info!

     

     



  • 5.  RE: SSG20 how to forward a port to a host on DMZ

    Posted 02-09-2010 21:43

    That's what we are here for