Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  how to configure ssg20 to allow polycom?

    Posted 09-09-2009 13:09
      |   view attached

    hey guys

     

    i am trying to configure my ssg20 to allow my polycom to be access from outside. i created a custom service for all the polycom ports and when i go to apply it as  VIP i get the error attached in the pic.

     

    am i not doing this right?  how do i get around this error  and get this to work?  i have configured the same thing on a watchguard firewall the same way and have no issues.

     

    thanks

    Message Edited by phrea84 on 09-09-2009 01:23 PM

    #SSG20
    #polycom


  • 2.  RE: how to configure ssg20 to allow polycom?
    Best Answer

    Posted 09-10-2009 01:42

    Hi,

     

    If you have a spare public IP, a MIP may work out better for you. The equivilant of a 1-2-1 NAT on a WatchGuard.

     

    That error seems to  be that you are natting too many ports. You could try breaking the polycom service down into two or three smaller services, and have several VIPs?

     

    Sam.



  • 3.  RE: how to configure ssg20 to allow polycom?

    Posted 09-11-2009 08:57

    Sam is correct; a MappedIP (MIP) is better suited for tasks such as this:

    set interface "ethernet0/0" mip public.ip.add.ress host poly.com.add.ress netmask 255.255.255.255

     

    Note that the netmask is a /32, since this is a one-to-one binding.  The interface in question should be your external, or "Untrust" interface. 

     

    After adding the MIP, simply add appropriate policies:

    set policy from Untrust to Trust  AddressGroupOfAllowedExternalHosts "MIP(public.ip.add.ress)" ServiceGroupForPolycom permit log count