Screen OS

I am in the process of setting up a SSG5 with a Terminal Server on the trust side and clients accessing from tne DMZ.  I would like the client to RDP to the address of the DMZ and then the SSG5 to redirect the request to the terminal server on the trust side.

I have the system working when everything is set to any on my policies, but am having trouble with part as described above.

Thanks for the help.

Have you defined a NAT rule to map the external address that users will hit to your TS box and then applied that to your DMZ to Trust policy?

I am a new user to the SSG5.  I am not sure where the NAT rule would be located.

We have setup some policies and have setup some VIPs, but nothing seems to work.  We can get the FTP to work when we setup a VIP and not use the address of the DMZ, but it does not work with TS.  I had to add the Terminal services because it was not in there from factory. 

What ports are you allowing - For Terminal Services I would allow 80, 1494 and 3389. Try that. 

If that does not work then you might want to turn on the policy debug feature to see what is happening when the request for the terminal services goes out. Here is a link to a really good thread on how to use it. Turn on debug, capture the result and post it along with your config!

http://forums.juniper.net/jnet/board/message?board.id=Firewalls&thread.id=2719

Thanks for the info on the debug.

We ended up having to change the order of the ports in the new server we created to 3389, 80, & 1494.

This allowed terminal server to work, but blocked everything else.