Port forward ?
Create the port forward in the network interface VIP ( using an existing service, or create a custom service first ) Create a policy allowing that traffic port from anywhere external to the VIP done Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:[email protected]] Sent: Friday, December 31, 2010 12:42 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different “policies” and “interfaces” and “zones”. I’m exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We’re not trying to do anything fancy and it’s taken more than 2 days to get it even half working and that’s with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we’ll like the Juniper…once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the “Home” Screen says it’s “Inactive/Unused” but the VPN monitor lists it as “Active”. Ummm….o.k. This morning my day started with a phone call from one of the local users telling me they can’t even get on the web. Good grief. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower <http://www.rolandschorr.com/> www.rolandschorr.com <mailto:[email protected]> [email protected] From: Erik Goldoff [mailto:[email protected]] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
