Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

DMZ Questions SSG550

Jump to Best Answer

Erdem06-03-2008 11:46

I'm trying to move from a SonicWall to Juniper SSG550 and am running into problems with the DMZ. The ...

Erdem06-03-2008 18:35Best Answer

Hi DimHelmet, Juniper Firewall don t support the mixed mode L2 and L3 on SSG550. So you have to ...

Erdem06-10-2008 07:58

Thanks for the info. That's what I figured I would have to do, but I thought I'd check first.

1. DMZ Questions SSG550

0 Recommend
Erdem
Posted 06-03-2008 11:46
I'm trying to move from a SonicWall to Juniper SSG550 and am running into problems with the DMZ. The Sonicwall has the DMZ set up in transparent mode so the DMZ servers all have public IP's. We also have several NAT'd servers. How would I go about reproducing this setup on the Juniper? It looks like I'll need to use the V1-DMZ zone, but then I run into policy problems mixing L2 and L3. Any Help would be greatly appreciated.
2. RE: DMZ Questions SSG550
Best Answer

0 Recommend
Erdem
Posted 06-03-2008 18:35
Hi DimHelmet,

Juniper Firewall don t support the mixed mode L2 and L3 on SSG550. So you have to choose L2 or L3.
To put your device in a full transparent mode , you have to set every interface in a L2 Zone ( Zone that start with V1-... ) or in the null zone.

In your case ( if you realy need translation and routing), you should work in a full L3 mode , set up your servers with private IP adress and use destination adresse translation ( with MIP ) in order to simulate the same kind of config than the sonicwall.
3. RE: DMZ Questions SSG550

0 Recommend
Erdem
Posted 06-10-2008 07:58
Thanks for the info. That's what I figured I would have to do, but I thought I'd check first.

Powered by Higher Logic