Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Juniper SSG Questions

Juniper SSG Questions

Juniper SSG Questions


not familiar with these devices however have a couple of questions.

Have traffic between a trusted zone and untrusted zone flowing and at the bottom of the rule base these is an entry that states

Global Global any any   -  is this an ANY ANY rule for all traffic? not familiar with the global zone.

I wont go into why its setup this way, im also mythed however if I have a server with two nics,  one in zone1 and one in zone2.  The firewall has allow all traffic for all zones(so no rule base). if a user from Zone 3 pings the server in zone 1 but the server replies using its nic in zone 2(aync routing),  am im presuming correctly that the firewall will drop this(no session in its table?)

Thanks, Lee


RE: Juniper SSG Questions

ANY is any IP address, port, service, depending on field headings. GLOBAL is a defined address somewhere. What SSG and version? The policy you mention above is a default policy allowing whatever is defined for those fields as ANY.


Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close