Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Configuring VIP for VNC on SSG20

    Posted 12-02-2019 09:40
      |   view attached

    Hi to everybody here...

    I'm trying to get familiar with Juniper firewall... so I'm a newbie

    Configuring a port forwarding for VNC service I could notice that in Network > Interfaces > Edit > VIP/VIP Services > New VIP Service in the "Map to service" drop down list VNC does not appear so I went to Policy > Policy Elements > Services > Custom

    to create one, but when I tried to create a custom service named VNC I got duplicate name error.

    So going do Policy > Policy Elements > Services > Predefined I could see the VNC service is already present as predefined service.

    So my question is: if the service VNC is already present why does it not appear in "Map to service" drop down list in VIP service?

    I could workaround creating a custom service called VNC2 but it looks not right and elegant to me.

    So am I missing something?

    Thank you very much in advance for your precious help.

    Ottavio.



  • 2.  RE: Configuring VIP for VNC on SSG20
    Best Answer

    Posted 12-02-2019 17:18

    The pre-defined service for vnc covers two destination ports that are possible.  This can be used in policies but not in the vip object.  With the vip you can only specify one virtual port that maps to one destination port.  Since the object has two possible ports it cannot be a selection.  

     

    If you needed to map both ports you would need to create two separate vip for that purpose.

     



  • 3.  RE: Configuring VIP for VNC on SSG20

    Posted 12-05-2019 03:54

    Ok, I see... Thank you very much for your quick reply! 🙂