internal hosts unable to access untrusted world

[SteveTheGeek]

All,
I've got a Netscreen 25, v4 OS, with the external interface in routed mode. Any host inside the trusted network which does not have an external MIP mapped to it's internal IP address is able to ping out to the untrusted interface of the Netscreen, but no farther. I've already got a policy allowing all outbound traffic from the trusted interface to the untrusted, but that doesn't seem to matter. Setting up a mapped IP address going to the internal host, without necessarily assigning any policies to it, is the only thing which works consistently.
Anyone else seen this, and/or have a fix for it?
-Steve

 

[Packet7]

Which interface is bounded to the "trusted" (internal) zone? It could be that the policy is defined properly, but the trusted zone is bound to the wrong interface.

Not sure if your using a Global-Pro, if you are, you can go to the Device List, Network Tab, Trusted Zone.

John