The Fritzbox 7340 is the only real available VDSL modem/router in the Netherlands. Too bad, since it has some bugs (but what piece of software hasn't???). Fortunately, the router works well, just as long as you use it as the only networking device in your (small) network.

In the last couple of days I've been busy to add the Juniper SRX100 branch firewall to my local home network. The idea was the following:

• The Fritzbox (FB) will remain the Internet router
• My web/mail/ssh server is placed behind the SRX100
• All the individual portforward rules in the Fritzbox are directed to the SRX100 by selecting the 'Exposed Host' in the FB.

The advantage of the 'Exposed Host' setting is that every packet is forwarded to the firewall, and this seemed to work. Seemed... because not everything worked as advertised.

Every connection which uses some sort of SSL/TLS encryption failed for some reason. I initially thought that it had something to do with the two NAT devices chained together, but I was wrong...

The 'Exposed Host' setting in the FB isn't working as it should. Adding explicit portforward rules in the FB to my SRX100 solved the problem. This lead me to do the following;

• Add the SSL/TLS portforward connections by hand in the FB
• Use the Exposed Host setting for all other protocols.

Fritzbox 'Exposed Host' setting bug (firmware: v99.04.88)This way I still have control (to some extend) over the rule base in the SRX100.

NOTE: There is a firmware update for the FB at this moment (99.04.89), but the release notes don't mention anything in regards to this 'feature'. So I will still file a bugreport @ AVN