Range Port Forwarding on Juniper SSG5


I'm trying to open ports 10000-20000 on a Juniper SSG 5.

I know how to do it for individual ports via VIP but is there a way to do more ports in one go?

Who is Participating?
QlemoConnect With a Mentor Batchelor and DeveloperCommented:
NAT with VoIP might be an issue in itself, but using a MIP is better than a VIP for that.
QlemoBatchelor and DeveloperCommented:
Just define a custom service using the port range. Then add that service in the VIP definition, and provide the first (!) port to map the VIP to (10000).
The according policy for that VIP will automatically allow traffic from those ports, so nothing to do there, if you already have a policy for the VIP.
MattTonerAuthor Commented:
I have tried that, but it hits a limit of 64 ports.
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

QlemoBatchelor and DeveloperCommented:
Possible. That's the way VIP works, it is not intended to have such a wide-spread port range, and unless you want to break it down to 64 ports packages, there is no way around.

You should consider using a MIP instead - if you've got more than one public IP, that is.

Or maybe you should explain why you would need to do that - there might be better options.
MattTonerAuthor Commented:
its due to Voice Traffic, (RTP)

I will have a play with MIP instead

Thank you.
MattTonerAuthor Commented:
done using MIP and working fine now...

Thanks for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.