ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Access Problem to HTTP Server in DMZ on SSG320M

06.04.08   |  
‎06-04-2008 04:50 AM

Hello;

 

I can't access to  HTTP Server installed in DMZ_vr from Trust_vr

I open a "Any policy" in the two direction but I still have the same problem.
When i bypass the Fierwall (Access directly to the Http Server) it's working fine !!

 

all the other protocols (ssh, ftp) work fine!!

 

As it's the first time we deploy SSG320M, I guess that there is a specific configuration for HTTP trafic or anything else ?

 

Please, did you have any idea regarding this case.

thanks

6 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Access Problem to HTTP Server in DMZ on SSG320M

06.04.08   |  
‎06-04-2008 05:18 AM

Hi Faycal,

 

Did you set a route beetween your DMZ VR and trust VR ? I suppose yes because everything working for ssh and ftp :-/

Are you using Policy base routing ? It could have a link with your issue ...

 

 

Sylvain

ScreenOS Firewalls (NOT SRX)

Re: Access Problem to HTTP Server in DMZ on SSG320M

06.04.08   |  
‎06-04-2008 07:23 AM

Hi Sylvain;

 

All the route exist between the Trust-vr and Dmz_vr, and we can SSH and FTP to it without any problem.

it concerns only the HTTP traffic !!

it seems like the FW block the HTTP trafic.

 

Is there any specific option which must be checked on the SSG320M?

ScreenOS Firewalls (NOT SRX)

Re: Access Problem to HTTP Server in DMZ on SSG320M

06.04.08   |  
‎06-04-2008 03:00 PM

Did you set  PBR on this device ? HTTP does not require a "Special" config !

 

Sylvain 

ScreenOS Firewalls (NOT SRX)

Re: Access Problem to HTTP Server in DMZ on SSG320M

06.05.08   |  
‎06-05-2008 02:07 AM

Hi;

 

The problem was fixed by changing the value of MTU on the interface of the Web Server (from 1500 to 1200). 
ScreenOS Firewalls (NOT SRX)

Re: Access Problem to HTTP Server in DMZ on SSG320M

06.10.08   |  
‎06-10-2008 08:45 AM

what verions of ScrenOS are you running, I had a similar problem and the resolution was to get a a patched version from JTAC. this is a know issue

 

 

Frank Dias
ScreenOS Firewalls (NOT SRX)

Re: Access Problem to HTTP Server in DMZ on SSG320M

06.10.08   |  
‎06-10-2008 08:50 AM

Hi Frank;

i have an SSG320M with SreenOS 6.0.0r4.0

 

is this the version of ScreenOS you used ?

thanks