ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

DMZ Setup issues

11.27.09   |  
‎11-27-2009 07:51 AM

Dear All

 

Im having some issues with my DMZ setup, basically i have configured my lan setup ok.

 

And im now setting up and testing my DMZ.

 

Ive assigned the Address 192.168.200.148/24  to my DMZ port

I have also set up a laptop for testing purposes with the IP 192.168.200.140/24

Ive configured allow all rules in both directions.

 

And have connected the laptop to the DMZ port but I cant even ping the DMZ port address (192.168.200.148) let alone try testing NAT or any advanced rules.

 

Any ideas what i may be missing..?

 

Many Thanks

P

10 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.27.09   |  
‎11-27-2009 08:31 AM

OK - Dumb question time - did you configure the DMZ I/F to allow for ping?

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

[ Edited ]
11.27.09   |  
‎11-27-2009 08:35 AM

Rule is set as ANY-ANY alow and enabled for the DMZ

 

Network > Interfaces > list>DMZ>ping box is checked

 

I have no idea why this is failing all in the same network and same subnet....

 

Paul

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.27.09   |  
‎11-27-2009 11:00 AM

have you enabled the manageble option  under Network > Interfaces > list>DMZ>

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

[ Edited ]
11.27.09   |  
‎11-27-2009 01:31 PM

Hi

 

No i haddnt enabled the Management option is that a requirment..?

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.28.09   |  
‎11-28-2009 05:10 PM

yes ,  for ex to enable ping on that intarface :

check managable box

check ping

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.30.09   |  
‎11-30-2009 02:04 AM

Hi There,

 

Not sure if you misunderstand but i have a PC connected DIRECTLY to the port, and i cant ping the DMZ address from that PC.

 

Would that be classed as external, every other device ive encountered will ping immediatly when connected in this way.

 

Paul 

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.30.09   |  
‎11-30-2009 03:57 AM

Hi TSG

 i 'm just speaking about the following case

"  you are directly connected to the port & cannot ping its ip "

you need to do the following under the interface :

#check the box beside ping

#check the box named manageable beside the ip pf the interface

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.30.09   |  
‎11-30-2009 04:15 AM

Hi There

 

Thanks for claryfying

 

Yes that is my situation.

Yes both of those options are sellected.

 

Still times out..Even tried it with old faithfull X-over cable still nothing.

 

Paul

 

 

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.30.09   |  
‎11-30-2009 04:42 AM

ok

can you check if you have permitted ips configured

if permiteed ips confiured , these ips only can access the firewall

check if your configuration have  lines like that :

set admin manager-ip 172.16.40.42/32

ScreenOS Firewalls (NOT SRX)

Re: DMZ Setup issues

11.30.09   |  
‎11-30-2009 05:01 AM

HOOYA

 

Thats the one, I did have an entry for that network, just the wrong IP.

Allowed the whole 192.160.220 subnet now and its off pinging like a trooper...!

 

Knew it had to be somthing simple just couldnt see the wood for the trees..

 

Cheers mate

Pint on me.!

 

Paul

(now off to deal with NAT)