Security Management

Hello guys. 

So straight to the point, if you someone can help us with small problem we have. It seems we can’t figure it out.
Few week ago we bought juniper ssg550m , we connected it works perfectly with trust/untrust etc policies and so on.

Probably the procedure have to be done through the Juniper ssg550m, previous firewall we had "untangle" wasn't blocking the public ip's or ports which were open on Piplink. 

Best Regards.

Actually from public ip , the only port that it's open by default it's "21" everything else just refuse to be opened.

I've never worked with a piplink loadbalancer and I assume you have that part understood so are asking about how to do port forwarding and destinination nat on the SSG firewall.  

It does sound like you have identified the right options.

MIP is for one-to-one mapping of the external to the internal ip address.  You use this if the public address is dedicated to a single server AND is also used by that server for ALL of it's outbound traffic.  You then need to use this MIP in a security policy to permit the traffic.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB10923

VIP is for port forwarding an external ip address with the possibility of hitting multiple internal addresses using different ports on the same public ip address.  This is inbound traffic only but the response traffic will use the same rule for the reverse.  But not other traffic from the host.  You then need to use this VIP object in a policy to permit the traffic.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB4740

Destination NAT is a second option for port forwarding that can be configured inside a security policy so with one pass you can do both the port forwarding and the security policy.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB7745