Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 43478 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ to Internal

WA@Deluxe

Hi

Have been trying to get some of our DMZ servers to work with the UTM for services etc WEB proxy NTP with no luck


UTM has ..

Internal interface

External Interface

DMZ interface

and all sit behind a Juniper

DMZ hosts have access to Internal address of UTM but nothing works


FW log shows

2015:11:18-12:02:42 viper ulogd[3556]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" mark="0x315d" app="349" srcmac="58:8d:09:xx:xx:xx" dstmac="00:1e:0b:xx:xx:xx" srcip="193.xxx.xxx.xxx" dstip="10.8.xx.xx" proto="17" length="76" tos="0x00" prec="0xc0" ttl="62" srcport="123" dstport="123"

Cant think what i have missed or will it just not work ?



This thread was automatically locked due to age.
Parents
  • 0
    Using DNAT:

    For traffic from: DMZ host (193.xxx.xxx.xxx)
    Using service: NTP
    Going to: UTM DMZ Interface Address (193.x.x.x)

    Change the destination to: LOCAL HOST (10.8.x.x)
    And the service to: (BLANK)

    Automatic firewall rule: Checked
    Log traffic: checked (for debug)

    ----
    Save and enable this rule
    Clone this rule change the server to Web Proxy 8080.
Reply
  • 0
    Using DNAT:

    For traffic from: DMZ host (193.xxx.xxx.xxx)
    Using service: NTP
    Going to: UTM DMZ Interface Address (193.x.x.x)

    Change the destination to: LOCAL HOST (10.8.x.x)
    And the service to: (BLANK)

    Automatic firewall rule: Checked
    Log traffic: checked (for debug)

    ----
    Save and enable this rule
    Clone this rule change the server to Web Proxy 8080.
Children
No Data