I am having issues configuring a new Juniper SSG 140 Firewall.
I have two locations connected via an MPLS network - we are not using a VPN. The Hub location is using a D-LINK DFL-800 and has no issues. The Node location was using a D-LINK DFL-860 until the License file was corrupted and placed the unit into demonstration mode. To make a long story short, I purchased a Juniper SSG 140 to replace the D-LINK DFL-860 at the Remote Location.
I have been able to successfully install the Juniper into the Node location network and build the routes that are now allowing traffic to pass to Hub location. Just a quick overview of the Juniper connections:
0/0 - Trusted - connected to my switch stack
0/1 - DMZ - connected to my Voice VLAN
0/2 - Untrusted - connected to WAN port of my Adtran MPLS router
I have copied all of the old rules from our previous DLINK and created policies on the Juniper that are allowing traffic and pings to flow accross the MPLS both ways.
Now - on to the problem. My Outlook clients at the Node location cannot connect to the mail server by name located at the Hub; they display Cannot connect to Exchange. I can telnet to the mail server from the same client by DNS name from the Node location without any problems.
I also use an application that uses services on ports 3600 - 4000. With the Juniper in place, I am unable to telnet from the Hub location to the application on port 3661 across the MPLS, but I can ping it across the network.
I know this is probably not making sense to anyone who reads this, but as I type it - it makes sense to me. I will try to clarify the best I can if you have questions. I will also get a copy of the configuration as soon as possible and post it here so you can see the policies I have created. Most (if not all) of my policies currently use the ANY services group (which I thought included all ports).
Thanks for reading.