Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  not able to get out

    Posted 12-18-2008 14:03

    We have a SSG5, I have left the 0/0 as the outside interface and configured a second inside interface on 0/4. I have created a new zone and assigned it to 0/4, it use the default VR, I have setup a MIP and can connect in to the device but cannot connect out from the device. I can ping the between devices and the devices can ping the IP of the SSG, the devices can ping the public external interface of the SSG but nothing on the internet. The devices plugged into 0/1 are able to get out on the internet no problem.

     

    Thanks


    #SSG5
    #outbound
    #connections


  • 2.  RE: not able to get out
    Best Answer

    Posted 12-18-2008 21:30

    HI,

     

      I have setup a MIP and can connect in to the device but cannot connect out from the device.

     

    i gues the problem would be NAT. Make a policy from eth0/4 zone to eth0/0 (assuming this interface has public IP) zone with source any and destination any action permit then go to advanced and check source translation with egress interface IP

     

    Hope this helps

     

    thanks



  • 3.  RE: not able to get out

    Posted 12-19-2008 06:13

    Thanks!!

     

     

    works like a charm:)



  • 4.  RE: not able to get out

    Posted 12-19-2008 06:07

    When the traffic is from trust to untrust , Interface based natting is by default available for address translation, But in case of the trafiic from trust and user-defined zone and vice versa, you need to use "policy based NAT" in the advanced option of a zonal policy.

     

    HTH

     

    regards,