Thinking he means under Network, Interfaces, Untrust, VIP , and create the actual port forward to go with the policy that allows the port forward.
Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' -----Original Message----- From: Jim Majorowicz [mailto:jmajorow...@gmail.com] Sent: Monday, February 21, 2011 4:45 PM To: NT System Admin Issues Subject: Re: Help with a Juniper Netscreen firewall This is all I see under VIP of the untrust policy: VIP VIP Services IP Address Configure Virtual Port Service(port) Server IP Status Configure 70.103.231.202 Edit Remove 443 HTTPS(443) 192.168.18.2 OK Edit Remove 25 MAIL(25) 192.168.18.2 OK Edit Remove On Mon, Feb 21, 2011 at 11:38 AM, Kramer, Jack <jack.kra...@ur.msu.edu> wrote: > The port forward is done as a VIP - the policy enables that VIP to > actually forward the traffic. You need both for it to work. The custom > service looks okay. It's "in use" because it's listed in a policy/VIP - > the in use prevents it from being deleted. Check your VIP settings for > your WAN interface. > > ---- > Jack Kramer > Computer Systems Specialist > University Relations, Michigan State University > w: 517-884-1231 / c: 248-635-4955 > > > > > On 2/21/11 2:35 PM, "Jim Majorowicz" <jmajorow...@gmail.com> wrote: > >>I've got a client with Juniper NetScreen NS5XP and I need help setting >>up a port forward apparently. The HTTPS and SMTP forward work fine, >>but I need to setup Port 987 as well. >> >>Under Policies they look like this: > >From Untrust To Global, total policy: 3 >>ID Source Destination Service Action Options Configure Enable Move >>11 Any VIP::1 MAIL Edit Clone Remove >>10 Any VIP::1 HTTPS Edit Clone Remove >>12 Any VIP::1 SharePoint Edit Clone Remove >> >>The Custom Service Object looks like this: >>Service Name Transport Src Port Dst Port Configure >>SharePoint TCP 1-65535 987-987 Edit In Use >> >>What am I doing wrong? >> >>~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>--- >>To manage subscriptions click here: >>http://lyris.sunbelt-software.com/read/my_forums/ >>or send an email to listmana...@lyris.sunbeltsoftware.com >>with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
