Solved

VIP and Port forwarding on JUNIPER ssg-140

Posted on 2009-07-10
5
2,381 Views
Last Modified: 2013-11-16
Well folks, up for grabs those delicious 500 points!

We have the following setup SSG140 with a range of external IP's, one of them i have to put on a VIP because i need port 443 pointing to my portal and i want to use this same IP to be my voip address.

The thing is, i need to forward the following ports:

UDP 10000-20000 - RTP (needed for SIP communications)
UDP 5004-5037 - SIP (needed for SIP communications)
UDP 5039-5082 - SIP (needed for SIP communications)
UDP 4569 - IAX2 (needed for IAX communications between Asterisk servers)

as far as i know SSG-140 on the  NETWORK > INTERFACES > VIP i have to do 1 forward at a time and dont know how to forward a range of ports.

After that i know i have to setup the POLICIES to allow traffic from the EXTERNAL NETWORK (UNTRUST) to the trust zone also.

THe main question is how to forward a range of ports from the external IP to an internal machine.

0
Comment
Question by:manolocruz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 24832158
The CLI to configure port range with VIP is [based on SOS 6.x]:

set interface <interface-name> vip <vip-ip> port-range <low-port>-<high-port> server-ip <internal-server-ip> port-range <low-port>-<high-port> [protocol tcp/udp]

Example:

set int e1/1 vip 1.1.1.2 port-range 2-200 server-ip 2.2.2.2 port-range 2-200
OR
set int e1/1 vip 1.1.1.2 port-range 2-200 server-ip 2.2.2.2 port-range 2-200 protocol TCP

Please let know if you need more details.

Thank you.
0
 
LVL 7

Expert Comment

by:willbaclimon
ID: 25055927
dpk_wal hit it right on target :)
0
 
LVL 18

Expert Comment

by:deimark
ID: 25092855
Might be worth checking the zone assignment here, as I don't think Juniper will like you calling this a Check Pint question, hehe.

And yup, dpk_wal is bang on :P
0
 

Author Closing Comment

by:manolocruz
ID: 31602265
Some people dont have access to the console.
some people use the WEB UI to do all mods.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25685483
If you had updated; we could have given UI options too! ;)
0

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question