Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Netscreen 25 - open ports 1
- Thread starter readyyy
- Start date
-
1
- #2
Hello,
This is done using by configuring policies. First, what interfaces are being used? Once you can determine the interfaces, you will need to check the zones assigned to each. If the WAN and LAN are bound to the trust, you don't need a policy. If the traffic crosses zones, you will need a policy. The exception to this rule is when you have intra zone blocking enabled. When you are creating the policies, you select objects from the address book. That said, you may need need to create custom service and address objects prior to configuring a rule. This is where you would define the subnets, IPs and ports/services. If you require NAT, you have the option to use MIPs and VIPs. A mapped IP is used for one to one NAT. You can bind a MIP to a interface so that the IP is translated to a single internal IP via Policy. If you need to use a single IP translating to a single host over several ports, you can use a VIP. This would allow you to map a single IP to an internal server running for example HTTP and FTP. Does this help? Let me know.
Rgds,
John
This is done using by configuring policies. First, what interfaces are being used? Once you can determine the interfaces, you will need to check the zones assigned to each. If the WAN and LAN are bound to the trust, you don't need a policy. If the traffic crosses zones, you will need a policy. The exception to this rule is when you have intra zone blocking enabled. When you are creating the policies, you select objects from the address book. That said, you may need need to create custom service and address objects prior to configuring a rule. This is where you would define the subnets, IPs and ports/services. If you require NAT, you have the option to use MIPs and VIPs. A mapped IP is used for one to one NAT. You can bind a MIP to a interface so that the IP is translated to a single internal IP via Policy. If you need to use a single IP translating to a single host over several ports, you can use a VIP. This would allow you to map a single IP to an internal server running for example HTTP and FTP. Does this help? Let me know.
Rgds,
John
- Status
Similar threads
- Locked
- Question
- Locked
- Question