ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

SSG20 how to forward a port to a host on DMZ

02.07.10   |  
‎02-07-2010 02:17 PM

Hi, I have an SSG with a couple of servers running on the trusted interface. I have a few ports published via VIP and they are accessible from the internet. I have one server on the DMZ interface but cant get the port forwarding working to that server.

 

I currently have an allow all policy from DMZ > UNTRUST and  from UNTRUST > DMZ

 

I also have VIP configured on the UNTRUST interface to forward the port to the ip of my server in DMZ

 

Am I missing something here?

 

 

thanks

 

 

 

4 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: SSG20 how to forward a port to a host on DMZ

02.07.10   |  
‎02-07-2010 11:04 PM

Sounds like you have covered it, can you post config related to VIP and Policies for services you are trying to forward?

________________________________________________


If my post helped you, please feel free to give me kudos.
ScreenOS Firewalls (NOT SRX)

Re: SSG20 how to forward a port to a host on DMZ

02.07.10   |  
‎02-07-2010 11:05 PM

Sorry for double reply, but....

 

The policy for untrust to dmz allow all won't work for the VIP.

 

You have to create a policy and place it above the any with the vip as the destination.

________________________________________________


If my post helped you, please feel free to give me kudos.
ScreenOS Firewalls (NOT SRX)

Re: SSG20 how to forward a port to a host on DMZ

02.08.10   |  
‎02-08-2010 12:34 AM

That worked great, thanks for the info!

 

 

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: SSG20 how to forward a port to a host on DMZ

02.09.10   |  
‎02-09-2010 09:42 PM

That's what we are here for

________________________________________________


If my post helped you, please feel free to give me kudos.