Hi, We have three network connections segmented out via Juniper SSG140 firewall into zones, A) Company LAN (internal network) B) DMZ and C) External Internet. Internal IP range: 192.168.x.x/24 DMZ IP range: 172.x.x.x/16 We have a requirement to connect from one of our internal servers to a Web server in the DMZ to backup files daily. We need to be able to browse to the HDD of the Server via Windows Explorer. Currently I cannot connect or Ping the specific IP Address in the DMZ from any of our internal machines. My Question is: - What ports would need to be open on the firewall to allow access through Windows Explorer (I will use specific IP addresses) - What routing needs to be implemented on which server to forward all traffic for the IP address to the DMZ? ThanksDOHMAN2011

If these three segments are connected to the Juniper Firewall, and you have no other subnets, then all routing occurs on the juniper box. For example, you hosts on the 192.168.x.x subnet configure their default gateway to point to the juniper's 192.168.x.x address. When a packet is destined from 192.168.x.x to 172.x.x.x, packets are sent to the gateway (juniper box) and that box passes the traffic to the other interface (assuming your firewall rules are in place to allow this). With regard to ports, you'll definately need 445 to access the shares. However, why not just look at the firewall logs to see what is dropping. There are a lot of other ports needed for authentication, etc... if all of these boxes are on the same Windows domain. You should be seeing this traffic traversing your firewall zones. Guides and tutorials, visit ITGeared.com.