Juniper SSG140 DMZ Setup Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dohman2011

Thread Starter
Joined
Dec 12, 2011
Messages
1
Hi,

I have a Juniper SSG140 firewall and have been tasked with setting up a DMZ for the purpose of allowing incoming internet traffic to access a web server.

I have setup the web server in it's own VLAN on VMware which is connected directly to the default DMZ port on the firewall. The web server has the IP Address of 192.x.x.1 and the DMZ port on the firewall is set to 192.x.x.1.

I have setup MIP (Mapped IP address) on the internet port so 80.x.x.x maps to 192.x.x.x.

I have setup a Policy for untrust > DMZ to allow HTTP traffic through with source based translation for backwards communication (DMZ > Untrust).

I have a problem:

1) The DMZ web server fails to communicate with the internet, not sure what I should be setting the default gateway to?

Thus causing failure in accessing the web server externally.

Any help with this would be most appreciated.
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,663
I haven't played with the SSG as it run on ScreenOS because it's from Juniper's acquisition of NetScreen. It seems similar to the SRXs which run Junos. If it is similar in operation, you may have to set a interface rule/policy which is separate from the policies created for inter zone traffic.

Have you looked at the documentation on Juniper's website:

http://www.juniper.net/techpubs/en_...on-products/pathway-pages/screenos/index.html

Also, do you have post sales support?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top