Screen OS

Hi,

after Googling half a day and not finding a solution, I'm sorry to post my question here, hoping for a solution.

I have a SSG5 with ScreenOS 6.3.

Setup is

Private network on 192.168.10.x/24 in bgroup0 on eth 0/3. 0/4, 0/5 and 0/6, zone Trust

Private network on 192.168.30.x/24 in bgroup1 on eth 0/1 and 0/2, zone DMZ

Internet access on 192.168.5.2 on eth0/0, zone Untrust.

Default route 0.0.0.0/0 to 192.168.5.1 (modem)

Policies:

Trust to Untrust: Any Any Any

DMZ to Untrust Any Any Any

Trust to DMZ Any Any Any

Interfaces are routed with NAT source translation in policies.

Trust to Untrust (internet access) is ok

DMZ to Untrust (internet) is ok

Connections from Trust to DMZ don't work (no pings, no rdp, ....).

Pretty sure it's in the routing, but I can't solve it.

Any help would be appreciated.

(I put eth0/1 and eth0/2 in a group (bgroup1) because I need to connect 2 devices and I don't want to install an extra switch).

Thanks for any tips.

Leo

Run a debug flow basic.  This will show how the traffic is being processed.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23844#basicdebug

Hi rseibert,

thank you for the suggestion.

Routing seens to be ok, the (remote desktop) connection is closed with AGE OUT.

Installed a web server to test, and the web server is reachable.

Have to look more on the application level I guess.

Thank you.

Leo

Norton firewall was preventing RDP connections (and ICMP).

Thanks for the help!