Port Forwarding not working always with Juniper SSG140

Dear Experts,

I am diagnosing one issue and looking for your help. The traffic from
outside is reaching fine to the internal server from ISP1 but having
troubles sometimes from ISP2.

ADSL connections are terminated to two separate (Cisco Routers). Juniper
SSG140 Firewall is connected to both ISPs routers over the Ethernet.

From both ISPs the public IP addresses are mapped (Port-Forwarding) to
internal same server having (HTTP, HTTPS, POP3 and SMTP). The traffic from
ISP1 is reaching to the server while from ISP2 is reaching sometimes but
often not.

I have used the following methods to trace the issue.

 1. I have checked using the online port scanner on the IP Address of
ISP2 and got the results that the port shows sometimes reachable and
sometimes not.

2. In the syslog message from SSG140 shows that the service=pop3
proto=6 src zone=Untrust dst zone=Trust action=Permit sent=78 *rcvd=0*

 3. One remote PC I used wireshark and noticed that the remote host sent
the SYN message and waiting for the acknowledgment.

Can be this issue with the ISP router if that one is blocked SYN packets
sometimes.

*For Juniper Experts. *

Both interfaces of ISPs are in the Untrust zone and having same type of
Firewall polices.

Regards,

Shahid

Kuwait

Blogs and organic groups at http://www.ccie.net
Received on Tue Jan 25 2011 - 15:05:22 ART