ScreenOS Firewalls (NOT SRX)
Posts: 2
Registered: ‎07-10-2012

SSG5 DMZ Issues



This is more if a newbie question but would appreciate the help. I am new to Juniper and trying to setup a pretty simple network. I am using a SSG-5 and trying to be able to have a DMZ setup so it will be able to use a private IP address that points to a public IP address that users will access from the untrusted zone. For example:


I have eth0/0 setup for untrusted with the ip of and the ip address that needs to be accesed by users is (This IP is the address of a load balancer service) The load balancer will then forward this traffic to IIS servers in the range of ( 


My goal would be to have the DMZ setup with a private IP address that forwards all traffic for to the Load balancer, any suggestions? 


Thanks again for take the time to read/assist!

Distinguished Expert
Posts: 2,738
Registered: ‎03-30-2009

Re: SSG5 DMZ Issues

It sounds like you would just create a DMZ with whatever private address you want for the inbound connection of the load balancer.  You assign the private address to the load balancer and the default gateway ip to the firewall DMZ interface.


Then use destination nat to forward the public address to the load balancer input.


I assume the output port of the load balancer would go directly to the subnet with the destination servers in your example.

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.