ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

VIP Port 80 not working on SSG5

03.01.12   |  
‎03-01-2012 08:13 PM

Should be a very simple configuration but I have problem make it happen !!

 

- we got ONE public IP address (203.206.x.y)

- change the management port to 9090

- config a VIP on untrust interface to redirect 203.206.x.y to our internal IP 192.100.107.x

- config a policy ANY to VIP with ANY service permitted

- our internet IP 192.100.107.x has default gateway point back to the Juniper SSG5 firewall

 

Try accessing 203.206.x.y and 192.100.107.x do not seem to respond.

 

Any suggestions ??

 

 

3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: VIP Port 80 not working on SSG5

03.01.12   |  
‎03-01-2012 11:38 PM

Hi,

 

Try this:

- config a policy ANY to VIP with HTTP service permitted (not ANY).

 

Kind regards,
Edouard
ScreenOS Firewalls (NOT SRX)

Re: VIP Port 80 not working on SSG5

03.02.12   |  
‎03-02-2012 12:12 AM
I tried this as well. I am not sure if this might be related as well. Before I configure the VIP and change the management port to 9090, I actually has problem accessing the management console via port 80. Once I change it to port 9090, then I can access the console. So could be port 80 traffic been routed to somewhere else ??
ScreenOS Firewalls (NOT SRX)

Re: VIP Port 80 not working on SSG5

03.02.12   |  
‎03-02-2012 03:40 AM

Hi,

 

This is only possible if another mgt service (eg telnet) is configured with the port 80. Have you checked the self log? If logging to self is disabled enable it with set firewall log-self (this is namely a default option). If FW is listening at the port 80 in its Self zone you will see the log entries.

Kind regards,
Edouard