I have a small dilemma in understanding what ports are open to what servers in my Destination NAT setup.
I am trying to lock it down to only one port open per server.
Is this showing port http open for Web?
set security policies from-zone PUBLIC to-zone PRIVATE policy PUBLIC-TO-PRIVATE match destination-address WEB
set security policies from-zone PUBLIC to-zone PRIVATE policy PUBLIC-TO-PRIVATE match application junos-http
Are both ports open to both servers in the following example?
set security policies from-zone PUBLIC to-zone PRIVATE policy PUBLIC-TO-PRIVATE match destination-address WEB
set security policies from-zone PUBLIC to-zone PRIVATE policy PUBLIC-TO-PRIVATE match destination-address MAIL
set security policies from-zone PUBLIC to-zone PRIVATE policy PUBLIC-TO-PRIVATE match application junos-http
set security policies from-zone PUBLIC to-zone PRIVATE policy PUBLIC-TO-PRIVATE match application junos-smtp
How to achieve that ONLY ONE PORT is OPEN to each server as follows (not both ports to both servers):
http -> open to WEB
smtp -> open to MAIL