Screen OS

Hi

I have a pair of ISG1000's setup in transparent mode. I've given VLAN1 an ip address and have a default route pointing to the VLAN address hosted by my switch. I've made sure the firewall interface has management enabled on it, and that there are no static manager-ip's configured.

Traffic is flowing through the firewall as expected.

My two problems are :

1. accessing the VLAN1 address on either box

2. the VLAN interface on the backup box in the cluster is in down mode and comes up only when that member becomes master. This is not a real issue, and might be a feature rather than a bug.

I've run out of ideas to get management access.

I've even tried using the mgt interface, by numbering this interface and changing routing on the cluster. With this setup, I can then ping the box from any where, but cannot connect to the interface on ssh or ssl.

Any further ideas will be gladly welcomed

Thanks

Jude

Hi Jude, 

Can you post a snip from the config?

Kind Regards

Tim

Tim

Thanks for responding.

Unfortunately, I donot have access to the firewall for another week. The firewall's off-site, and I don't have a console server at that site 😕

I'll post that when I get the config next.

Ta

J

Hi

The relevant bits of the config are :

set zone "VLAN" vrouter "trust-vr"

set interface vlan1 ip xxx.xxx.161.81/27
set interface "vlan1" pmtu ipv4
set interface vlan1 vlan trunk
set interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface vlan1 ip manageable
set interface vlan1 manage ident-reset
set interface vlan1 manage mtrace
set interface vlan1 g-arp

set route xxx.xxx.0.0/16 interface vlan1 gateway xxx.xxx.161.65

Any help would be greatly approciated.

Ta

Jude

I've now moved the mgmt address to the mgt interface, added a rule to the firewall and can  now manage them.