SSG 140 intra zone problem
jacky111 last edited by
There are 3 subnet in trust interface 172.1.1.x–----192.168.x.x(isp network)-------172.2.2.x.
I have a netscreen 25 which a gateway on 172.1.1.x and I try replace by 5gt and ssg 140
I rest 25,5gt and ssg 140 . I just add the trust interface IP , destination routing and permit any any in ntra-trust-policy.
The result is:
In netscreen 25 and 5 gt , it can success ping and telnet to mail server from 172.2.2.x to 172.1.1.x
In netscreen ssg 140, it just can ping form 172.2.2.x to 172.1.1.x. It cannot telnet to mail
Is it I missing some config in ssg 140 ?
If think you mis uset flow tcp-syn-check. ping doesn’t set a session, telnet and SMTP are both tcp protocols. Otherwise (and securitywise beter) avoid routing over a router/firewall on same subnet.