I have a netscreen 5gt that I'm trying to set up to host 1 web server and one SQL server.
I was told the best way to do it was to put the web server in a DMZ and the SQL server in a protected zone
I went out and got a netscreen 5gt that doesn't have a 'DMZ' setting because its the cheaper model, but I was told that if I used the Untrusted/Work/Home zone setup the 'Home' Zone would work as the 'protected/firewalled' zone and the Work zone would act as the DMZ.
The problem is that the netscreen doesn't allow the 'Home' zone to talk to the 'Work' zone but the 'work' zone can talk to the 'home' zone.
So a netscreen salesperson said that I could work around this by mapping Ip's from the work zone to the home zone.
So I set up the netscreen with the home/work/untrusted setup and setup the following addresses.
Untrusted = 66.45.xx.xx
Work = 192.168.1.1
Home = 10.250.1.1
My servers are
#1 Webserver - 192.168.1.2 = Work Zone
#2 SQL Server - 10.250.1.2 = Home Zone
How do I map these IP's so the SQL server is protected in the home zone but the webserver can get data from the it?
Also does it have anything to do with what juniper calls 'Virtual IP"?