cancel
Showing results for 
Search instead for 
Did you mean: 

Setting up a Juniper SA-2500 behind an SSG-140 help!

Highlighted
Not applicable

Setting up a Juniper SA-2500 behind an SSG-140 help!

We currently have an SSG-140 and are in the process of installing an SA-2500. I am trying to find information on what I need to do to the SSG-140 to install the Juniper in 2-arm mode within the DMZ

So here's the setup I'm trying to achieve. (The two-arm external DMZ)

http://kb.pulsesecure.net/KB10162

Can anyone point me towards relevant documentation?

2 REPLIES 2
Highlighted
Valued Contributor

Re: Setting up a Juniper SA-2500 behind an SSG-140 help!

What exactly are you looking for in terms of help? In this scenario the external interface is of course only accessable through the FW. So you will need to create a source NAT for the inbound traffic to reach the SSL box. You will need to allow 443, - also port 80 if you want http access and UDP4500 is good for Network Connect to use NCP as a transport mechanism which is more efficent than SSL.

As the internal interface is going to sit on your inside network you have nothing to do there.

On the SSG140 you could simply define a MIP that would map the Public IP to the private IP assiged to the external IF of the SSL. Then do a policy (typically untrust / any to trust MIP - allowing the specific ports.

Hope that answers your question.

Highlighted
Contributor

Re: Setting up a Juniper SA-2500 behind an SSG-140 help!

We have a similar config, works well, no issues, the KB article pretty much goes through it. Did you have a specific question?