Re: netcreen 25 dmz web servers
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: netcreen 25 dmz web servers

From: Somebody. <somebody.@spamout.russdoucet.com>
Date: Mon Oct 31 2005 - 04:47:06 CET




<prodest@gmail.com> wrote in message 


news:1130698225.587222.7820@g44g2000cwa.googlegroups.com...


>  Hi:


>


> Atm i have running the trus t site of my company with internet accesss


> with no problrms, but now i want to be able to access to internet with


> my web servers in the Dmz zone, both web servers in the dmz have


> 10.0.0.x ip and for now they cant go out, i ll would aprecciate some to


> tips to be able to access to internet with this dmz servers and cant


> reach them from outside. I read some stuff bout MIP but i cant make


> this config run.


>


> thx in advice



Edit the untrust interface


Click MIP


Add the public IP that you're going to use (not the public IP of the NS25) 


and the 10.x it's going to, save the MIP.


Create a policy from untrust -> trust from Any ip to the MIP.  (NOT to the 


10.x IP, to the MIP)



Now people can hit your web server from outside.



For it to get out (ie, patch updates, etc) you need to



Create an address book entry for the 10.x IP of the server


Create a policy from DMZ -> Untrust for 10.x IP, enable NAT in the advanced 


properties.



-Russ. 


Received on Mon Nov 21 02:36:25 2005