ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Ziemer
Posts: 2
Registered: ‎07-10-2012
0

SSG5 DMZ Issues

Hey,

 

This is more if a newbie question but would appreciate the help. I am new to Juniper and trying to setup a pretty simple network. I am using a SSG-5 and trying to be able to have a DMZ setup so it will be able to use a private IP address that points to a public IP address that users will access from the untrusted zone. For example:

 

I have eth0/0 setup for untrusted with the ip of 5.5.5.5 and the ip address that needs to be accesed by users is 5.5.5.6 (This IP is the address of a load balancer service) The load balancer will then forward this traffic to IIS servers in the range of (192.168.1.1-192.168.1.255) 

 

My goal would be to have the DMZ setup with a private IP address that forwards all traffic for 5.5.5.6 to the Load balancer, any suggestions? 

 

Thanks again for take the time to read/assist!

Distinguished Expert
spuluka
Posts: 2,597
Registered: ‎03-30-2009
0

Re: SSG5 DMZ Issues

It sounds like you would just create a DMZ with whatever private address you want for the inbound connection of the load balancer.  You assign the private address to the load balancer and the default gateway ip to the firewall DMZ interface.

 

Then use destination nat to forward the public address to the load balancer input.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB12631

 

I assume the output port of the load balancer would go directly to the subnet with the destination servers in your example.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.