Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Mobile Traffic into SSG-5

Mobile Traffic into SSG-5

Mobile Traffic into SSG-5

Hey guys, I'm very new to the world of firewalls and such and I have a task given to me by my boss. He wants his cell phone to be able to access our server on port 21050. I've gone through about 50 or so tutorials on the Juniper SSG-5 and none of them cover what I'm specifically looking for.

I believe I've created the policy to open the port to traffic. But I'm not sure how to route that traffic to the server. I have access to the firewall configuration so that isn't a problem. Any help you guys can provide would be greatly appreciated.

Thanks in advance.

RE: Mobile Traffic into SSG-5

In your policy, where are you sending the traffic?


Source = untrust, destination ? allow defined service

from the command line type

get policy id <policy number>

post it up here (anonymize if required)

iMachiavellian - think dissident

RE: Mobile Traffic into SSG-5

get policy id 14
name: :Xchange Server: <id 14>, zone Untrust -> Trust, action Permit, status "enabled"
src "Any", dst "192.168.x.xxx/24", serv "Xchange Server"
Application" "HTTP"
Rules on this VPN policy: 0
nat dst map to 192.168.x.xxx port 21050, Web filtering disabled
vpn unknown vpn, policy flag 00000000, session backup: on, idle reset: on
traffic shaping off, scheduler n/a, serv flag 00
lon no, log count 0, alert no, counter no <0> byte rate <sec/min> 0/0
total octets 0, counter <session/packet/octet> 0/0/0
priority 7, diffserv marking off
tadapter: state off, gbw/mbw 0/0 policing <no>
No Authentication
No User, User Group or Group expression set

This is essentially the policy for HTTP cloned with a couple small edits that seemed right at the time. Again thanks for any help.

RE: Mobile Traffic into SSG-5

On side note. When changes are made using the WebUI are those changes saved upon hitting "OK"? Or is a reboot (reset) necessary? The documentation I've been reading has been a little from column A and a little from column B but no real definitive answer.

RE: Mobile Traffic into SSG-5

Changes are saved in the web interface when you click ok
Changes made connecting via ssh/telnet will require you to save them.

Can you turn on logging on the policy ?

iMachiavellian - think dissident

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close