Screen OS

Hi,

I'm trying to access FIPS enabled device over webui. Reference note says that management via webui or telnet is

available only through a VPN using 256-bit AES encryption.

So, I've  configured a VPN but I can only ping managment interface. Webui, and telnet doesn't work.

Anyone has any ideas what could be the problem? 

this is my "get ike cookies" and "get sa":

Cluster:SSG(M)-> get ike coo

IKEv1 SA -- Active: 1, Dead: 0, Total 1

1097182f/0006, 87.252.130.90:500->223.172.125.20:500, PRESHR/grp5/AES256/SHA, xchg(4) (vpngateway1/grp-1/usr1)

resent-tmr 322 lifetime 28800 lt-recv 0 nxt_rekey 28790 cert-expire 0

responder, err cnt 0, send dir 1, cond 0x30

nat-traversal map not available

ike heartbeat              : disabled

ike heartbeat last rcv time: 0

ike heartbeat last snd time: 0

XAUTH status: 0

DPD seq local 0, peer 0

IKEv2 SA -- Active: 0, Dead: 0, Total 0 

Cluster:SSG(M)-> get sa

total configured sa: 1

HEX ID    Gateway         Port Algorithm     SPI      Life:sec kb Sta   PID vsys

00000001<   87.252.130.90  500 esp:a256/sha1 0296fc54  3589 unlim A/U    10 0

00000001>   87.252.130.90  500 esp:a256/sha1 44600fc0  3589 unlim A/U    -1 0

Cluster:SSG(M)-> 

Hi,

I would check to make sure HTTPS and SSH are enabled and HTTP and telnet is disabled.

get int x

set int x manage ssl

set int x manage ssh

I hope this helps.

-John

Hi,

I've solved this "problem". I was trying to access my interface IP instead of manage IP, since my device is in NSRP cluster.

Kliker,

Were you able to manage your firewall with both WebUI & Telnet?  When I have the VPN from my workstation to the firewall, I can manage the firewall with Telnet, but not WebUI.  Also, which version of ScreenOS were you using?

Thanks,

Keith