ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Configuring VIP for VNC on SSG20

‎12-02-2019 09:39 AM

Hi to everybody here...

I'm trying to get familiar with Juniper firewall... so I'm a newbie

Configuring a port forwarding for VNC service I could notice that in Network > Interfaces > Edit > VIP/VIP Services > New VIP Service in the "Map to service" drop down list VNC does not appear so I went to Policy > Policy Elements > Services > Custom

to create one, but when I tried to create a custom service named VNC I got duplicate name error.

So going do Policy > Policy Elements > Services > Predefined I could see the VNC service is already present as predefined service.

So my question is: if the service VNC is already present why does it not appear in "Map to service" drop down list in VIP service?

I could workaround creating a custom service called VNC2 but it looks not right and elegant to me.

So am I missing something?

Thank you very much in advance for your precious help.



ScreenOS Firewalls (NOT SRX)
Accepted by topic author pass75
‎12-07-2019 02:20 PM

Re: Configuring VIP for VNC on SSG20

‎12-02-2019 05:18 PM

The pre-defined service for vnc covers two destination ports that are possible.  This can be used in policies but not in the vip object.  With the vip you can only specify one virtual port that maps to one destination port.  Since the object has two possible ports it cannot be a selection.  


If you needed to map both ports you would need to create two separate vip for that purpose.


Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
ScreenOS Firewalls (NOT SRX)

Re: Configuring VIP for VNC on SSG20

‎12-05-2019 03:54 AM

Ok, I see... Thank you very much for your quick reply! 🙂