Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Unable to access WebUI over UnTrust int

    Posted 04-17-2013 19:32

    Hey guys,

    I am new to netscreen so this question might sound a bit easy but for some reason whenever I move my e0/0 (public IP addr assigned, lets call it 1.1.1.1) to UnTrust, I cannot ping/get HTTP/telnet access. However, if I Move it to Trust, I can ping/telnet/Http, etc.

     

    What could I be missing here? Under the webUI I checked off HTTP, telnet, access for the e0/0 interface so not sure whats up.

     

    Name           IP Address                        Zone        MAC            VLAN State VSD
    serial0/0      0.0.0.0/0                         Null        N/A               -   U   -
    eth0/0         1.1.1.1/28                 Trust       0019.e2e7.0c00    -   U   -
    eth0/1         0.0.0.0/0                         DMZ         0019.e2e7.0c05    -   D   -
    eth0/6         0.0.0.0/0                         Null        0019.e2e7.0c0a    -   D   -
    bgroup0        192.168.1.1/24                    Trust       0019.e2e7.0c0b    -   D   -
      eth0/2       N/A                               N/A         N/A               -   D   -
      eth0/3       N/A                               N/A         N/A               -   D   -
      eth0/4       N/A                               N/A         N/A               -   D   -
      eth0/5       N/A                               N/A         N/A               -   D   -
    bgroup1        0.0.0.0/0                         Null        0019.e2e7.0c0c    -   D   -
    bgroup2        0.0.0.0/0                         Null        0019.e2e7.0c0d    -   D   -
    bgroup3        0.0.0.0/0                         Null        0019.e2e7.0c0e    -   D   -
    loopback.1     10.2.60.1/24                      Trust       N/A               -   U   -
    vlan1          0.0.0.0/0                         VLAN        0019.e2e7.0c0f    1   D   -
    null           0.0.0.0/0                         Null        N/A               -   U   0

     

    Thanks!!

    WZ



  • 2.  RE: Unable to access WebUI over UnTrust int
    Best Answer

    Posted 04-17-2013 23:05

    Hi,

     

    By default, management is disabled on untrust interface.

    You can enter below commands:

    set interface <name> manage
    set interface <name> ip manage

    Hope this helps.

     

    Thanks,
    Hardeep
    If this update is helpful, you may mark it as accepted solution for others to benefit from it.



  • 3.  RE: Unable to access WebUI over UnTrust int

    Posted 04-18-2013 05:33

    Sahota, thanks for the reply -- let me try that when I get into the office.

    Dont I also have to specify the list of allowed subnets to access it? Or does that only apply if I add one (i believe it turned off by default?)

     

    EDIT: Success!! thats what was missing thanks!!!!



  • 4.  RE: Unable to access WebUI over UnTrust int

    Posted 04-18-2013 18:19

    Hi,


    Good to know that it works now.

    The manager-ip needs to be added only if a subnet or host entry is added earlier.

    By default firewall will allow all subnets to access the firewall.

    Command: get admin, can give you details of the management configuration.


    Regards.

    Hardeep