SSG 140 intra zone problem



  • There are 3 subnet in trust interface 172.1.1.x–----192.168.x.x(isp network)-------172.2.2.x.

    I have a netscreen 25 which a  gateway on 172.1.1.x and I try replace by 5gt and ssg 140

    I rest 25,5gt and ssg 140 . I just add the trust interface IP , destination routing and permit any any in ntra-trust-policy.
    The result is:

    In netscreen 25 and 5 gt , it can success ping and telnet to mail server from 172.2.2.x to 172.1.1.x

    In netscreen ssg 140, it just can ping form 172.2.2.x to 172.1.1.x. It cannot telnet to mail

    Is it I missing some config in ssg 140 ?


  • Global Moderator

    If think you mis uset flow tcp-syn-check. ping doesn’t set a session, telnet and SMTP are both tcp protocols. Otherwise (and securitywise beter) avoid routing over a router/firewall on same subnet.


 

38
Online

38.4k
Users

12.7k
Topics

44.5k
Posts