ScreenOS Firewalls (NOT SRX)
Reply
Visitor
itservices
Posts: 1
Registered: ‎12-02-2009
0

configuring dmz on ssg

greetings,

 

i have a juniper ssg20 firewall on which i wish to configure dmz and put in ftp for file transfer.

 

I need to be using the eth0/1 interface and i have got a pool of public ips from which i intent to use one. havent done this so far, would appreciate any help that i can get. totally new to networking.

 

can i give any ip address to the eth0/1 interface.is there anything else that i would have to setup on that interface.

 

 also should i do the mip on the untrust interface, i tried doing it on the dmz one , but wouldnt allow me to.

 

the ultimate aim is to have the ftp server plugged into an internal switch which would be in the dmz vlan. and from there be able to allow only ftp services.

 

how would i do the policy. ,

 

that is from untrust to dmz would be for my incoming?

how about people on the internal lan being able to access that machine and put files onto that for transfer.

 

help very highly appreciated,

 

thanks in advance,

 

 

 

 

Trusted Expert
SSHSSH
Posts: 601
Registered: ‎11-21-2009
0

Re: configuring dmz on ssg

i understand the following :

attache  server to  dmz zone & access  it from the outside

x.x.x.x/24: subnet used at dmz int

y.y.y.y/24: subnet used at untrust int

1# create a mip on untrust ointerface :   mapped ip : real ip y.y.y.y   ,  host ip : server x.x.x.x

2# create policy from untrust to DMZ   : source any , dst   mip(y.y.y.y)  , service : ftp

3# put default route  with  next hop: untrust int

 

  

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.