ScreenOS Firewalls (NOT SRX)
Reply
Visitor
klwong326
Posts: 3
Registered: ‎11-17-2009
0

VIP Port 80 not working on SSG5

Should be a very simple configuration but I have problem make it happen !!

 

- we got ONE public IP address (203.206.x.y)

- change the management port to 9090

- config a VIP on untrust interface to redirect 203.206.x.y to our internal IP 192.100.107.x

- config a policy ANY to VIP with ANY service permitted

- our internet IP 192.100.107.x has default gateway point back to the Juniper SSG5 firewall

 

Try accessing 203.206.x.y and 192.100.107.x do not seem to respond.

 

Any suggestions ??

 

 

Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: VIP Port 80 not working on SSG5

Hi,

 

Try this:

- config a policy ANY to VIP with HTTP service permitted (not ANY).

 

Kind regards,
Edouard
Visitor
klwong326
Posts: 3
Registered: ‎11-17-2009
0

Re: VIP Port 80 not working on SSG5

I tried this as well. I am not sure if this might be related as well. Before I configure the VIP and change the management port to 9090, I actually has problem accessing the management console via port 80. Once I change it to port 9090, then I can access the console. So could be port 80 traffic been routed to somewhere else ??
Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: VIP Port 80 not working on SSG5

Hi,

 

This is only possible if another mgt service (eg telnet) is configured with the port 80. Have you checked the self log? If logging to self is disabled enable it with set firewall log-self (this is namely a default option). If FW is listening at the port 80 in its Self zone you will see the log entries.

Kind regards,
Edouard
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.