?
Solved

VIP and Port forwarding on JUNIPER ssg-140

Posted on 2009-07-10
5
Medium Priority
?
2,390 Views
Last Modified: 2013-11-16
Well folks, up for grabs those delicious 500 points!

We have the following setup SSG140 with a range of external IP's, one of them i have to put on a VIP because i need port 443 pointing to my portal and i want to use this same IP to be my voip address.

The thing is, i need to forward the following ports:

UDP 10000-20000 - RTP (needed for SIP communications)
UDP 5004-5037 - SIP (needed for SIP communications)
UDP 5039-5082 - SIP (needed for SIP communications)
UDP 4569 - IAX2 (needed for IAX communications between Asterisk servers)

as far as i know SSG-140 on the  NETWORK > INTERFACES > VIP i have to do 1 forward at a time and dont know how to forward a range of ports.

After that i know i have to setup the POLICIES to allow traffic from the EXTERNAL NETWORK (UNTRUST) to the trust zone also.

THe main question is how to forward a range of ports from the external IP to an internal machine.

0
Comment
Question by:manolocruz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 1500 total points
ID: 24832158
The CLI to configure port range with VIP is [based on SOS 6.x]:

set interface <interface-name> vip <vip-ip> port-range <low-port>-<high-port> server-ip <internal-server-ip> port-range <low-port>-<high-port> [protocol tcp/udp]

Example:

set int e1/1 vip 1.1.1.2 port-range 2-200 server-ip 2.2.2.2 port-range 2-200
OR
set int e1/1 vip 1.1.1.2 port-range 2-200 server-ip 2.2.2.2 port-range 2-200 protocol TCP

Please let know if you need more details.

Thank you.
0
 
LVL 7

Expert Comment

by:willbaclimon
ID: 25055927
dpk_wal hit it right on target :)
0
 
LVL 18

Expert Comment

by:deimark
ID: 25092855
Might be worth checking the zone assignment here, as I don't think Juniper will like you calling this a Check Pint question, hehe.

And yup, dpk_wal is bang on :P
0
 

Author Closing Comment

by:manolocruz
ID: 31602265
Some people dont have access to the console.
some people use the WEB UI to do all mods.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 25685483
If you had updated; we could have given UI options too! ;)
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question