I am trying to setup a Netscreen-25 with the following configuration:
Interface1: Trust (192.168.x.0/24) Interface2: DMZ (10.10.10.0/24) Interface3: Untrust (x.x.x.y/27) Interface4: Untrust2 (x.x.x.x/27)
For the purposes of explaining what I want to achieve, I have essentially set up the following policies:
- Trust->Untrust (allow approved protocols)
- Untrust->Trust (allow protocols via MIP/VIP)
- Untrust2->Trust (allow protocols via MIP/VIP)
- Untrust->DMZ (allow protocols via MIP/VIP)
- Untrust2->DMZ (allow protocols via MIP/VIP)
- Trust->DMZ (allow approved protocols)
I have setup default gateways for both of the Untrusted interfaces.
I can get policies 1 and 2 to work. I cannot get policy 3 to work. Because I cannot get policy 3 to work I have not tested policy 4,5 and
6 yet.I was wondering if what I am trying to do is impossible with an NS-25? I can't get traffic to forward from the Untrust2 interface to a node in the trusted LAN.
regards,
Gerard Dillon