Hello,
I have 2 servers behind a netscreen 5gt firewall, they are (DMZ)
192.168.100.2 and (Trusted) 192.168.200.2I need to be able to do snmp queries on BOTH servers so I need to do port redirection. I also need to do snmp queries on the netscreen itself.
I setup a VIP for port 60161 to be forwarded to 161 on 192.168.100.2 but it is not working.
The netscreen has a class A ip address on the untrusted side.
Did I miss a step?
thanks
jeff
Did you "set vip multi-port" (save & reboot)? For the device itself you need to enable on the interface (e.g. Network > Interface > Trust > Edit - and check the box). Know debug?
alan
yes, we "set vip multi-port" and rebooted the firewall many times.
We have this setup and working for RDP for both servers on two different ports for RDP. 8085 and 8086. We modeled the snmp forwarding the same way.
I have checked the policies log and snmp activity isnt in the log. however, the system that I am using to test is nagios and is testing ports 8443 and that is in the log.
Am Fri, 25 Apr 2008 11:51:19 -0700 schrieb Niles Ferrier:
[..]You can observer the traffic better with:
set ffilter dst-ip x.x.x.x debug flow basic get db stream or set the snoop filter
So you can see if ther comes traffic and what happens with those packets.
regards
,
I ended up changing the snmp port on the servers and the redirection works fine. I was thinking that maybe it had to do with the fact that we want to monitor the netscreen itself over 161.
Thanks agian.
jeff
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.