Screen OS

Dear,

I have a problem with creating a policy in the netscreen 50 to allow the external user to access our internal server . We have a netscreen 50 firewall configured in a transparent mode. I have one server in the internal network listen in port no 491, i want all the external user to access the server with the port. If i remove firewall from the network it works, but with firewall not working, so someone please help me how to write a policy from untrust network to trust network.

Please note that already the firewall has only 2 policies created to allow ISA server and DNS server from the trust interface to access router from the untrust interface.

Thanks and Regards

Abdul Rahuman.M

 Hi abdul_mm

first you configure VLAN1 interface for management , assign the VLNA 1 interface ip adresse same  your network 

after that you enable ping ssh  and  the V1-Trust

set interface VLAN1 ip X.X.X.X./XX 

set interface VLAN1 manage WEB

set interface VLAN1 manage ping 

set interface VLAN1 manage ssh 

set zone V1-Trust manage web

set zone V1-Trust manage ping

set zone V1-Trust manage ssh

you set your default route

set vr trust-vr route 0.0.0.0./0 interface VLAN1 gateway X.X.X.254 metric 1

create object

 set address V1-trust  server  X.X.X.X/32

set policy from V1-untrust to V1-trust any dst-ip X.X.X.x 491 permit

save

Hi don't forget if you firewall is transparent mode you can't to use zone trust untrust or DMZ, you have to use V1-trust or L1-trust

hope this help you  

Dear , Thanks for your support. I can able to access the server from outside.