Re: netcreen 25 dmz web servers

From: Somebody. (
Date: 10/31/05

  • Next message: Alan: ""
    Date: Sun, 30 Oct 2005 22:47:06 -0500

    <> wrote in message
    > Hi:
    > Atm i have running the trus t site of my company with internet accesss
    > with no problrms, but now i want to be able to access to internet with
    > my web servers in the Dmz zone, both web servers in the dmz have
    > 10.0.0.x ip and for now they cant go out, i ll would aprecciate some to
    > tips to be able to access to internet with this dmz servers and cant
    > reach them from outside. I read some stuff bout MIP but i cant make
    > this config run.
    > thx in advice

    Edit the untrust interface
    Click MIP
    Add the public IP that you're going to use (not the public IP of the NS25)
    and the 10.x it's going to, save the MIP.
    Create a policy from untrust -> trust from Any ip to the MIP. (NOT to the
    10.x IP, to the MIP)

    Now people can hit your web server from outside.

    For it to get out (ie, patch updates, etc) you need to

    Create an address book entry for the 10.x IP of the server
    Create a policy from DMZ -> Untrust for 10.x IP, enable NAT in the advanced


  • Next message: Alan: ""