VIP and Port forwarding on JUNIPER ssg-140

Well folks, up for grabs those delicious 500 points!

We have the following setup SSG140 with a range of external IP's, one of them i have to put on a VIP because i need port 443 pointing to my portal and i want to use this same IP to be my voip address.

The thing is, i need to forward the following ports:

UDP 10000-20000 - RTP (needed for SIP communications)
UDP 5004-5037 - SIP (needed for SIP communications)
UDP 5039-5082 - SIP (needed for SIP communications)
UDP 4569 - IAX2 (needed for IAX communications between Asterisk servers)

as far as i know SSG-140 on the  NETWORK > INTERFACES > VIP i have to do 1 forward at a time and dont know how to forward a range of ports.

After that i know i have to setup the POLICIES to allow traffic from the EXTERNAL NETWORK (UNTRUST) to the trust zone also.

THe main question is how to forward a range of ports from the external IP to an internal machine.

Who is Participating?
dpk_walConnect With a Mentor Commented:
The CLI to configure port range with VIP is [based on SOS 6.x]:

set interface <interface-name> vip <vip-ip> port-range <low-port>-<high-port> server-ip <internal-server-ip> port-range <low-port>-<high-port> [protocol tcp/udp]


set int e1/1 vip port-range 2-200 server-ip port-range 2-200
set int e1/1 vip port-range 2-200 server-ip port-range 2-200 protocol TCP

Please let know if you need more details.

Thank you.
dpk_wal hit it right on target :)
Might be worth checking the zone assignment here, as I don't think Juniper will like you calling this a Check Pint question, hehe.

And yup, dpk_wal is bang on :P
manolocruzAuthor Commented:
Some people dont have access to the console.
some people use the WEB UI to do all mods.
If you had updated; we could have given UI options too! ;)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.