-----> pictured guide from the manufacturer - much better than on this site!

Juniper Netscreen 5GT Howto guide on port forwarding

                    by genevaroth on juniperforum.com extened and edited by Esko
                    « on: February 02, 2006, 01:22:34 pm »

After struggling with this and finding no info on the net I called juniper to get port forwarding straight and now I am sharing with you.

My setup is very straight forward and simple, I have a "Juniper Netscreen 5GT" and my eMule and Torrent apps are running on and the 5GT is and it is running in trust-untrust mode.

login to your netscreen

go to:  Objects > Services > Custom

Click new

And create custom service and list all ports you will have to use for bit torrent

Name this: bit torrent OR take a other descriptive name

TCP src port: 1-65535, dst port: 56969-56969
TCP src port: 1-65535, dst port: 56881-56881
UDP src port: 1-65535, dst port: 56881-56881
TCP src port: 1-65535, dst port: 6885-6892
UDP src port: 1-65535, dst port: 6885-6892

Hit OK

then go to network > interfaces > and then edit adsl1

then VIP > press "new VIP service"

virtual ip; (your outside ip that is assigned automatically by your ISP, this should be filled in automatically)

map to service; ( pick the custom service that you just made, bit torrent)

map to IP; (the box that you are running your service on, mine is

hit OK

then go to

wizards > policy

untrust to trust then next

Destination Address:

pick VIP(untrust) under address book



pick the service that you defined in the custom section

action permit


enable nat- don’t do anything here just click next

enable logging check that off and Enable count of traffic passed via the policy (this is so you can check to see the traffic- turn this off after you are happy with everything and it is all working)


Authentication Options

click none






** The next step must be done. Whitout this forwarding will not work! **

You have to telnet into the netscreen:

in windows go to start > run > then type in:
telnet (Where is the address of YOUR 5gt)

then enter in the user name and password

and then type this command:

set vip multi-port

then it will return you to:


then type:


then type:


and again:


In reset ...

close the black box.

and you are good to go, in a couple of minutes! It will take 3-5 minutes for everything to start working. Fire up the apps and then log in to the 5gt and go reports > policies > and click on the grid thing to see the traffic. If this is not working after 10-15 mins try the telnet commands again and if still not working update firmware and clear all policies, VIP’s, and custom services.