This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ to Internal

WA@Deluxe over 9 years ago

Have been trying to get some of our DMZ servers to work with the UTM for services etc WEB proxy NTP with no luck

UTM has ..

Internal interface

External Interface

DMZ interface

and all sit behind a Juniper

DMZ hosts have access to Internal address of UTM but nothing works

FW log shows

2015:11:18-12:02:42 viper ulogd[3556]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x315d" app="349" srcmac="58:8d:09:xx:xx:xx" dstmac="00:1e:0b:xx:xx:xx" srcip="193.xxx.xxx.xxx" dstip="10.8.xx.xx" proto="17" length="76" tos="0x00" prec="0xc0" ttl="62" srcport="123" dstport="123"

Cant think what i have missed or will it just not work ?

This thread was automatically locked due to age.

Parents

0 WA@Deluxe over 9 years ago

Thanks so DNAT as

Traffic from : 193..x.x.x
Service: Any
Going to: Internal Address

Change Destination to: ? Not sure
And Service to : Any
Cancel
Vote Up 0 Vote Down

Cancel
0 /dev/nul over 9 years ago in reply to WA@Deluxe

In this case U will forward all Ports... Not suure if this will be a good idea but it's your ass... :-P
Traffic from Internet(!)
Service any
Going to 193.x.x.x
Change Destination to Internal Address
Lave the change service blank...
Cancel
Vote Up 0 Vote Down

Cancel
0 WA@Deluxe over 9 years ago in reply to /dev/nul

Thanks That does not work... i will explain a bit further i think my setup is a bit iffy
UTM
external : 192.150.x.x
Internal: 10.8.x.x
DMZ: 193.X.x.x

The host that is trying to get NTP and 8080 to the UTM is on 193..x.x.x same subnet as DMZ
so 193.x.x.x >>>> 10.8..x.x 8080 and NTP

Does that help a bit ?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to WA@Deluxe

"The host that is trying to get NTP and 8080 to the UTM is on 193..x.x.x same subnet as DMZ
so 193.x.x.x >>>> 10.8..x.x 8080 and NTP"

Sorry, I can't parse that. Can you show a simple diagram?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 /dev/nul over 9 years ago in reply to WA@Deluxe

O_o I'm realy confused... Bob is right I think we'll need any kind of diagram to understand the config.

Am I right?
- External address is connected 2 Juniper
- UTM ist connected 2 Juniper
- UTM got a private IP on the external interface
- Juniper forwards some Ports (maybe all) 2 the private IP of the UTM

But where is the DMZ located?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 /dev/nul over 9 years ago in reply to WA@Deluxe

O_o I'm realy confused... Bob is right I think we'll need any kind of diagram to understand the config.

Am I right?
- External address is connected 2 Juniper
- UTM ist connected 2 Juniper
- UTM got a private IP on the external interface
- Juniper forwards some Ports (maybe all) 2 the private IP of the UTM

But where is the DMZ located?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 WA@Deluxe over 9 years ago in reply to /dev/nul

So am i :)

Answers to your questions all Yes

have done a hand diagram attached hope that helps

My guess is that i need to apply a public ip to the External interface on the UTM ?

Sorry for the orientation
Cancel
Vote Up 0 Vote Down

Cancel