ScreenOS Firewalls (NOT SRX)
Reply
Contributor
wgerrish
Posts: 10
Registered: ‎04-21-2009
0
Accepted Solution

cannot connect via WebUI

 

hi there,

im having trouble connecting to the WebUI of my netscreen 25 and im wondering if you can help me.  below is the config of interface1 which is where i usually manage the firewall from, it looks like webui is enabled but webauth is disbaled - is this what could be stopping me connect??. what is the command through the console to enable this if it is?

 

thanks for your help 

 

 lonns25-> get int eth1

Interface ethernet1:

  description ethernet1

  number 0, if_info 0, if_index 0, mode nat

  link up, phy-link up/full-duplex

  vsys Root, zone Trust, vr trust-vr

  dhcp client disabled

  PPPoE disabled

  admin mtu 0, operating mtu 1500, default mtu 1500

  *ip 172.16.23.10/23   mac 0010.db19.5730

  *manage ip 172.16.23.10, mac 0010.db19.5730

  route-deny disable

  pmtu-v4 disabled

  ping enabled, telnet enabled, SSH enabled, SNMP enabled

  web enabled, ident-reset disabled, SSL enabled

  DNS Proxy disabled, webauth disabled, webauth-ip 0.0.0.0

  OSPF disabled  BGP disabled  RIP disabled  RIPng disabled  mtrace disabled

  PIM: not configured  IGMP not configured

  bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]

             configured ingress mbw 0kbps, current bw 331kbps

             total allocated gbw 0kbps

  DHCP-Relay disabled

  DHCP-server disabled

Number of SW session: 31780, hw sess err cnt 0

lonns25-> get admin

HTTP Port: 80, HTTPS Port: 443

TELNET Port: 23, SSH Port: 22

Mng Host IP: 206.186.240.190/255.255.255.255

Mail Alert: On, Mail Server: exch01.domain.com

E-Mail Address: will.gerrish@domain.com

E-Mail Traffic Log: Off

Configuration Format: DOS

Device Reset: Enabled

Hardware Reset: Enabled

Admin privilege: read-write (Remote admin has read-write privileges)

Max Failed Admin login attempts: 3

HTTP redirect: false

 

 

Contributor
wgerrish
Posts: 10
Registered: ‎04-21-2009
0

Re: cannot connect via WebUI

Hi everyone,

 

just give a few more bits of information...

i can ping the manageable IP address of 172.16.23.10, all clients connecting to the firewall can still get out on to the internet and none of the site to site VPNs are affect.  it just seems like its the manageable side of things.

 

i have tried running the set int xx ip manageable on  interface that is usually managed.

 

any ideas?

thanks 

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: cannot connect via WebUI

Hi

 

Need your answer

1. can you telnet the box ?

2. does the login page appears ?

3. do get socket and see that the buffer filled up?

4. what screenOS version do u use ?

 

 

Thanks


EL 

Contributor
wgerrish
Posts: 10
Registered: ‎04-21-2009
0

Re: cannot connect via WebUI

Hi There,

 

 1. can you telnet the box ? No

2. does the login page appears ? NO

3. do get socket and see that the buffer filled up?  how do i check this??

4. what screenOS version do u use ? how do you get this from the console???

 

thanks again. 

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: cannot connect via WebUI

Hi

 

 

3. do get socket and see that the buffer filled up?  how do i check this??

 => get socket

 

4. what screenOS version do u use ? how do you get this from the console???

=> get system

 

 

=> get config | i manager

 

 

THanks

 

EL

Contributor
wgerrish
Posts: 10
Registered: ‎04-21-2009
0

Re: cannot connect via WebUI

Hi EL,

 

thanks for getting back to me.

 

this is what i get back from the get socket command 

 

Lonns25-> get socket

 Socket  Type   State      Remote IP         Port    Local IP         Port

      0  tcp4/6  listen     ::                   0    ::                 80

      1  tcp4/6  listen     ::                   0    ::                443

      2  tcp4/6  listen     ::                   0    ::                 23

      3  tcp4/6  listen     ::                   0    ::                 22

     52  tcp     close      0.0.0.0              0    0.0.0.0             0

    256  udp     open       0.0.0.0              0    0.0.0.0             0

    257  udp     open       0.0.0.0              0    0.0.0.0             0

    258  udp     open       0.0.0.0              0    0.0.0.0             0

    259  udp4/6  open       ::                   0    ::                500

    260  udp4/6  open       ::                   0    ::               4500

    261  udp4/6  open       ::                   0    ::                500

    262  udp4/6  open       ::                   0    ::               4500

    263  udp     open       0.0.0.0              0    0.0.0.0           161

    264  udp     open       0.0.0.0              0    0.0.0.0             0

    265  udp     open       0.0.0.0              0    0.0.0.0             0

    266  udp     open       0.0.0.0              0    0.0.0.0             0

 

Raw IP sockets:

 Socket  Type   Remote IP         Local IP         Protocol

    512  raw     0.0.0.0           0.0.0.0          01h

    514  raw     0.0.0.0           0.0.0.0          01h

    515  raw     0.0.0.0           0.0.0.0          02h

    516  raw     0.0.0.0           0.0.0.0          02h

 

Raw packet sockets:

 Socket  Type   Remote Mac    Local Mac    Protocol

    513  eth     000000000000  000000000000 0806h 

 

and the OS version is  5.4.0r6.0

 

again thanks - im not a firewall guy so im very greatful for your help.

 

Will 

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: cannot connect via WebUI

Hi

 

I think u set manager-ip on that firewall. please check it. u limit only certain user with specific ip that can manage firewall  

 

 

thanks

 

EL

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: cannot connect via WebUI

Hi Just FYI u only can manage firewall from user that use this ip 206.186.240.190

 

Thanks

 

EL

Contributor
wgerrish
Posts: 10
Registered: ‎04-21-2009
0

Re: cannot connect via WebUI

Hmm strange, as we have no ip address ranges on that range.

 

Is there a way via the console to set it to your internal ip subnet? 

 

thanks again El.

 

Will 

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: cannot connect via WebUI

 yes u can unset that . btw what screenOS version do u use and box type

 

 

Thanks

 

EL

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.