ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
faycal
Contributor
faycal
Posts: 50
Registered: ‎11-26-2007
0

Access Problem to HTTP Server in DMZ on SSG320M

Options

‎06-04-2008 04:50 AM

Hello;

 

I can't access to  HTTP Server installed in DMZ_vr from Trust_vr

I open a "Any policy" in the two direction but I still have the same problem.
When i bypass the Fierwall (Access directly to the Http Server) it's working fine !!

 

all the other protocols (ssh, ftp) work fine!!

 

As it's the first time we deploy SSG320M, I guess that there is a specific configuration for HTTP trafic or anything else ?

 

Please, did you have any idea regarding this case.

thanks

Message 1 of 7 (6,995 Views)
 
Reply
Super Contributor
sylvain
Posts: 162
Registered: ‎12-20-2007
0

Re: Access Problem to HTTP Server in DMZ on SSG320M

Options

‎06-04-2008 05:18 AM

Hi Faycal,

 

Did you set a route beetween your DMZ VR and trust VR ? I suppose yes because everything working for ssh and ftp :-/

Are you using Policy base routing ? It could have a link with your issue ...

 

 

Sylvain

Message 2 of 7 (6,990 Views)
 
Reply
faycal
Contributor
faycal
Posts: 50
Registered: ‎11-26-2007
0

Re: Access Problem to HTTP Server in DMZ on SSG320M

Options

‎06-04-2008 07:23 AM

Hi Sylvain;

 

All the route exist between the Trust-vr and Dmz_vr, and we can SSH and FTP to it without any problem.

it concerns only the HTTP traffic !!

it seems like the FW block the HTTP trafic.

 

Is there any specific option which must be checked on the SSG320M?

Message 3 of 7 (6,980 Views)
 
Reply
Super Contributor
sylvain
Posts: 162
Registered: ‎12-20-2007
0

Re: Access Problem to HTTP Server in DMZ on SSG320M

Options

‎06-04-2008 03:00 PM

Did you set  PBR on this device ? HTTP does not require a "Special" config !

 

Sylvain 

Message 4 of 7 (6,958 Views)
 
Reply
faycal
Contributor
faycal
Posts: 50
Registered: ‎11-26-2007
0

Re: Access Problem to HTTP Server in DMZ on SSG320M

Options

‎06-05-2008 02:07 AM

Hi;

 

The problem was fixed by changing the value of MTU on the interface of the Web Server (from 1500 to 1200). 
Message 5 of 7 (6,927 Views)
 
Reply
frank3427
Contributor
frank3427
Posts: 16
Registered: ‎06-10-2008
0

Re: Access Problem to HTTP Server in DMZ on SSG320M

Options

‎06-10-2008 08:45 AM

what verions of ScrenOS are you running, I had a similar problem and the resolution was to get a a patched version from JTAC. this is a know issue

 

 

Frank Dias
Message 6 of 7 (6,853 Views)
 
Reply
faycal
Contributor
faycal
Posts: 50
Registered: ‎11-26-2007
0

Re: Access Problem to HTTP Server in DMZ on SSG320M

Options

‎06-10-2008 08:50 AM

Hi Frank;

i have an SSG320M with SreenOS 6.0.0r4.0

 

is this the version of ScreenOS you used ?

thanks

 

Message 7 of 7 (6,849 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.