Solved

Range Port Forwarding on Juniper SSG5

Posted on 2013-12-18
6
1,022 Views
Last Modified: 2014-03-19
Hi,

I'm trying to open ports 10000-20000 on a Juniper SSG 5.

I know how to do it for individual ports via VIP but is there a way to do more ports in one go?

Thanks
0
Comment
Question by:MattToner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 39727264
Just define a custom service using the port range. Then add that service in the VIP definition, and provide the first (!) port to map the VIP to (10000).
The according policy for that VIP will automatically allow traffic from those ports, so nothing to do there, if you already have a policy for the VIP.
0
 

Author Comment

by:MattToner
ID: 39727278
I have tried that, but it hits a limit of 64 ports.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 39727339
Possible. That's the way VIP works, it is not intended to have such a wide-spread port range, and unless you want to break it down to 64 ports packages, there is no way around.

You should consider using a MIP instead - if you've got more than one public IP, that is.

Or maybe you should explain why you would need to do that - there might be better options.
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:MattToner
ID: 39727414
its due to Voice Traffic, (RTP)

I will have a play with MIP instead

Thank you.
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 39727437
NAT with VoIP might be an issue in itself, but using a MIP is better than a VIP for that.
0
 

Author Comment

by:MattToner
ID: 39727490
done using MIP and working fine now...

Thanks for your help.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ASA 5520 problem with Failover in Active/Standby 8 159
How to choose hardware firewall 5 97
How to configure this in fortinet firewall 2 105
Internet link load balancer 6 117
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question