ScreenOS Firewalls (NOT SRX)
Reply
Visitor
rblack
Posts: 9
Registered: ‎12-10-2007
0

trouble accessing WebUI when not on local subnet

I have a number of SSG firewalls (mostly SSG5's and SSG140's) that I can connect to the WebUI no problem when I am on the local subnet of one of the interfaces.  When I try to connect through the Internet however I can't get the login page to load.  The title bar changes to Login however the page never loads.  I am using Internet Explorer 7, however have tried IE6 as well with the same result.  I don't have any personal firewalls running.  Others in the office can connect no problem, which eliminates the local firewall causing issues.
 
This leads me to believe it might be something in the Internet Explorer settings however I can't seem to figure out what setting could be causing this issue.  Also very odd that it only occurs when I connect through the Internet.  I have tried both HTTP and HTTPS, as well as using custom ports over HTTP, all with the same result.
 
Any ideas?
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: trouble accessing WebUI when not on local subnet

Try disabling TLS on your browser. For IE, this is under Internet Options, Advanced tab. Uncheck the "Use TLS 1.0" box. See if that works. Also what ScreenOS version are you running?
Visitor
rblack
Posts: 9
Registered: ‎12-10-2007
0

Re: trouble accessing WebUI when not on local subnet

I tried your suggestion of disabling TLS 1.0 but get the same issue.  I also get the same thing when using HTTP, both using standard port 80 and using a custom port.
 
The two that I need to connect to the most are:
 
SSG5 running version 5.4.0r3a
SSG140 running version 6.0.0r2.0
 
I have customers with different versions and always run into the same thing
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: trouble accessing WebUI when not on local subnet

This may be a silly question, but is HTTP and HTTPS enabled on your Internet interface? Check by running command "get interface <interface name>". Check to see if both web and ssl are enabled. If web is enabled and ssl is not, then also check to see if http redirect is also enabled. If that is the case then you may need to also enable ssl on the Internet interface. Finally check to see if any manager-ip ranges are configured "set admin manager-ip <ip-address>". If so then be sure that your IP address is included in the list of manager-ips.
Contributor
r0mm3L
Posts: 77
Registered: ‎05-11-2008
0

Re: trouble accessing WebUI when not on local subnet

i wonder if this issue can be solve by firmware upgrade?
Juniper Employee
oldmanriver
Posts: 5
Registered: ‎06-24-2008
0

Re: trouble accessing WebUI when not on local subnet

Another question, which version of IE are you running?  And a suggestion, try using another browser from the same location.

Visitor
rblack
Posts: 9
Registered: ‎12-10-2007
0

Re: trouble accessing WebUI when not on local subnet

I am running IE Version 7, but also tried it with IE6.  I just installed Firefox as per your suggestion and that doesn't work either.  I have determined it must be something else on my machine as I got a new laptop with a base install of WindowsXP and I could connect.  I then installed all my apps ect and now I have the same problem on the new laptop.  Obviously this must have something to do with some software I have installed, however it does still seem odd.  I'm not sure what might be confilicting, I have a couple VPN clients (Netscreen Remote, Cisco VPN, Juniper Network Connect) so I am wondering if they could be a problem.  I have disabled the services for these to see if that helped but no luck.

 

All I now know is that this isn't and IE problem but it seems to be a software conflict.

Visitor
pricers
Posts: 1
Registered: ‎07-20-2010
0

Re: trouble accessing WebUI when not on local subnet

It has happened two times this error, with the same firmware 6.1.0r4 but with different hardware, ssg550M was solved in hours of submission of the error (this time it was getting a snoop), but the problem continues in the ISG1000, the only thing was done in the ISG1000 was to make a session get and send it to a tftp server.

This may be the cause? I did everything suggested in the post above, but nothing


I would appreciate your valuable help

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.