Netscreen-10 DMZ

Morning Guys & Girls

I hope someone can answer me a quick question.

I am wanting to use the DMZ to test a new 2mb internet connection in my office. I can't use the trusted port as this is already been used to supply the office with the current internet connection and mail.

I have configured the DMZ to the settings of the new router and setup a profile for HTTP Access from my machine to the DMZ.

Problem is it doesn't seem to do anything.

Now maybe I've got the completely wrong end of the stick about the DMZ so excuse me I have, but I thought you could set it up as an additional access to the Web / Mail server etc.

The only time I get a entry in the log is if I try to access the Routers IP address from Internet Explorer....any other traffic I.E. HTTP does not register and it doesn't even look like it routes towards the DMZ.....no orange data light on the DMZ on the Netscreen.

Could anybody please point me in the right direction (apart from the door, lol) on how I can test this New connection with the Netscreens DMZ.

Many Thanks and sorry for the longwinded post.

Dave :)

Basically what you're trying to do is a policy route, in other words, to send only http traffic out a different interface than it would normally route out to. You can't do this with the version 3 firmware on your NS10.

All you can do is route out to specific IP's. So, if you know of a particular destination server, you can add a static route for that IP to the NS10's routing table and have it exit out the DMZ interface. Then, traffic destined for that IP will be routed to that interface. Then, you need a policy from trust -->DMZ source dest service HTTP to permit the traffic.

As it is, you didn't mention a route, but it looks like you're not routing anything to that interface. The traffic bound for the othere router's IP works because that IP is in the subnet of the IP of the DMZ interface, which is a connected route automatically placed in the routing table.

-Russ.