ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

Need Help setting up DMZ traffic outbound allow to untrust or www

02.11.08   |  
‎02-11-2008 11:57 PM
Hi Alls,

I need help on how to enable a system in the DMZ to be able to access the internet.
Not sure how to approach this.
Thanks in advance.

Mr.Sinista
2 REPLIES
ScreenOS Firewalls (NOT SRX)
Solution
‎07-16-2008 12:04 AM

Re: Need Help setting up DMZ traffic outbound allow to untrust or www

02.12.08   |  
‎02-12-2008 07:24 AM
For any hosts that are in the DMZ zone, and you want it to communicate to the Internet (and you only have one public IP address available), you should use policy based nat.

For example, to allow everything from the DMZ to go to the Internet:

set policy from dmz to untrust any any any nat src permit

Interface nat will not work from dmz to untrust. Interface nat only works from trust to untrust.
ScreenOS Firewalls (NOT SRX)

Re: Need Help setting up DMZ traffic outbound allow to untrust or www

02.25.08   |  
‎02-25-2008 03:16 PM

Thank you so much for taking the time to answer my question.