Solved

VIP and Port forwarding on JUNIPER ssg-140

Posted on 2009-07-10
5
2,371 Views
Last Modified: 2013-11-16
Well folks, up for grabs those delicious 500 points!

We have the following setup SSG140 with a range of external IP's, one of them i have to put on a VIP because i need port 443 pointing to my portal and i want to use this same IP to be my voip address.

The thing is, i need to forward the following ports:

UDP 10000-20000 - RTP (needed for SIP communications)
UDP 5004-5037 - SIP (needed for SIP communications)
UDP 5039-5082 - SIP (needed for SIP communications)
UDP 4569 - IAX2 (needed for IAX communications between Asterisk servers)

as far as i know SSG-140 on the  NETWORK > INTERFACES > VIP i have to do 1 forward at a time and dont know how to forward a range of ports.

After that i know i have to setup the POLICIES to allow traffic from the EXTERNAL NETWORK (UNTRUST) to the trust zone also.

THe main question is how to forward a range of ports from the external IP to an internal machine.

0
Comment
Question by:manolocruz
5 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24832158
The CLI to configure port range with VIP is [based on SOS 6.x]:

set interface <interface-name> vip <vip-ip> port-range <low-port>-<high-port> server-ip <internal-server-ip> port-range <low-port>-<high-port> [protocol tcp/udp]

Example:

set int e1/1 vip 1.1.1.2 port-range 2-200 server-ip 2.2.2.2 port-range 2-200
OR
set int e1/1 vip 1.1.1.2 port-range 2-200 server-ip 2.2.2.2 port-range 2-200 protocol TCP

Please let know if you need more details.

Thank you.
0
 
LVL 7

Expert Comment

by:willbaclimon
ID: 25055927
dpk_wal hit it right on target :)
0
 
LVL 18

Expert Comment

by:deimark
ID: 25092855
Might be worth checking the zone assignment here, as I don't think Juniper will like you calling this a Check Pint question, hehe.

And yup, dpk_wal is bang on :P
0
 

Author Closing Comment

by:manolocruz
ID: 31602265
Some people dont have access to the console.
some people use the WEB UI to do all mods.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25685483
If you had updated; we could have given UI options too! ;)
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
IP Phones with SonicWall 6 79
suspending the anti virus 6 140
Questions on windows ports 13 81
How to access multiple local hosts from phone on network 5 93
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question