Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sa2500 and ssg320 connection

fredm2654_
Not applicable
‎01-30-2012 09:55:AM
‎01-30-2012 09:55:AM

sa2500 and ssg320 connection

Hi, new user here - and sorry if the answers are claer somewhere else, but I searched on several terms an came up empty.

We installed an sa2500 where the external interface was in our untrust zone, and the internal into trust - completely bypassing the ssg320! duh.

I've seen a diagram of recommended configurations (oddly, this was one of them) and have since wanted to make the internal side come into the firewall from our dmz zone. While working this through, it appeared we needed to permit the entire DHCP VPN range to a million ports into the trust zone, without somehow having assurances at the ssg320 firewall level the IP addresses have not been spoofed.

Can anyone assit on best practice, highly secure install?

0 Kudos
1 REPLY 1
firewall72_
Frequent Contributor
‎05-04-2008 05:09:PM
‎05-04-2008 05:09:PM

Re: sa2500 and ssg320 connection

Hi,

I would recommend dropping your external interface in your DMZ and your internal interface in your trust.  Your policy from Untrust to DMZ would permit HTTPS to the SA (that's it).  The SA, along with best practices around SA security, will handle the rest.  I also prefer to lock down the admin realm to prevent unauthorized users from trying to brute force the login.  Hope this helps.





John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.