Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

DMZ

SOLVED
Go to solution
Sabbyman_
New Contributor
‎11-12-2008 06:07:AM
‎11-12-2008 06:07:AM

DMZ

hi guys,

New to to forum but not new to juniper products.

I've recently accquired a SA700 for SSL VPN, cool product btw, but i would like to know the best way of implementing this in a DMZ. I know how to configure it already its just this last part before add into my network.

Any help is appreciated Smiley Happy

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Jickfoo_
Super Contributor
‎11-13-2008 05:29:AM
‎11-13-2008 05:29:AM

Re: DMZ

Yep,

We put the external interface in a DMZ, NAT the address in the firewall, and put the internal port into a Internal VLAN. Once upon a time we put the internal interface into a DMZ as well but you end up opening all the traffic from that internal interface to your internal network anyway. We protect that internal interface with an IPS. It works well.

How do you like the 700 ? What are you doing with it ? NetConnect ?

Justin

View solution in original post

0 Kudos
6 REPLIES 6
kronbladh_
Not applicable
‎11-12-2008 11:48:PM
‎11-12-2008 11:48:PM

Re: DMZ

hey,

Don't really know what you would like to get recommendations on, but I ususally put the external interface in a DMZ and connect the internal interface to a zone representing "authenticated remote traffic". When working with Netscreen FW's, I typically also use the same "remote" zone for terminating IPSEC VPN traffic. From this zone I then create specific FW policies for access to internal resources (e.g. the trust zone).

/mk

0 Kudos
Jickfoo_
Super Contributor
‎11-13-2008 05:29:AM
‎11-13-2008 05:29:AM

Re: DMZ

Yep,

We put the external interface in a DMZ, NAT the address in the firewall, and put the internal port into a Internal VLAN. Once upon a time we put the internal interface into a DMZ as well but you end up opening all the traffic from that internal interface to your internal network anyway. We protect that internal interface with an IPS. It works well.

How do you like the 700 ? What are you doing with it ? NetConnect ?

Justin

0 Kudos
willj_
Occasional Contributor
‎11-27-2008 06:40:AM
‎11-27-2008 06:40:AM

Re: DMZ

doesnt anyone just use one interface only? (in the dmz)

the only devices we allow to have interfaces in external and internal networks are our firewalls.

0 Kudos
Sabbyman_
New Contributor
‎11-27-2008 11:07:AM
‎11-27-2008 11:07:AM

Re: DMZ

Thanks for everything guys. Got it working on the Internal port only. Works the same way as using both Smiley Happy Smiley Happy
0 Kudos
warlord6_
Not applicable
‎03-31-2009 11:18:AM
‎03-31-2009 11:18:AM

Re: DMZ

Hi there, I too am playing with an SSL VPN. I am going to put the "outside" port on the DMZ. I plan on MIP(NAT)ing the address to a public once.

Do I even need to bother with a separate "Inside" port? Also, in my Untrust to DMZ policy, what ports should I open the the SSL box? HTTPS ony?

0 Kudos
Jickfoo_
Super Contributor
‎03-31-2009 11:24:AM
‎03-31-2009 11:24:AM

Re: DMZ

I've done it both ways but am happier with the internal port on the internal network but behind our IPS.

You need to open TCP 443 and UDP 4500.

Justin

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.