ScreenOS Firewalls (NOT SRX)
Posts: 1
Registered: ‎12-02-2009

configuring dmz on ssg



i have a juniper ssg20 firewall on which i wish to configure dmz and put in ftp for file transfer.


I need to be using the eth0/1 interface and i have got a pool of public ips from which i intent to use one. havent done this so far, would appreciate any help that i can get. totally new to networking.


can i give any ip address to the eth0/1 there anything else that i would have to setup on that interface.


 also should i do the mip on the untrust interface, i tried doing it on the dmz one , but wouldnt allow me to.


the ultimate aim is to have the ftp server plugged into an internal switch which would be in the dmz vlan. and from there be able to allow only ftp services.


how would i do the policy. ,


that is from untrust to dmz would be for my incoming?

how about people on the internal lan being able to access that machine and put files onto that for transfer.


help very highly appreciated,


thanks in advance,





Trusted Expert
Posts: 601
Registered: ‎11-21-2009

Re: configuring dmz on ssg

i understand the following :

attache  server to  dmz zone & access  it from the outside

x.x.x.x/24: subnet used at dmz int

y.y.y.y/24: subnet used at untrust int

1# create a mip on untrust ointerface :   mapped ip : real ip y.y.y.y   ,  host ip : server x.x.x.x

2# create policy from untrust to DMZ   : source any , dst   mip(y.y.y.y)  , service : ftp

3# put default route  with  next hop: untrust int



Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.