Screen OS

hi there,

im having trouble connecting to the WebUI of my netscreen 25 and im wondering if you can help me.  below is the config of interface1 which is where i usually manage the firewall from, it looks like webui is enabled but webauth is disbaled - is this what could be stopping me connect??. what is the command through the console to enable this if it is?

thanks for your help 

 lonns25-> get int eth1

Interface ethernet1:

  description ethernet1

  number 0, if_info 0, if_index 0, mode nat

  link up, phy-link up/full-duplex

  vsys Root, zone Trust, vr trust-vr

  dhcp client disabled

  PPPoE disabled

  admin mtu 0, operating mtu 1500, default mtu 1500

  *ip 172.16.23.10/23   mac 0010.db19.5730

  *manage ip 172.16.23.10, mac 0010.db19.5730

  route-deny disable

  pmtu-v4 disabled

  ping enabled, telnet enabled, SSH enabled, SNMP enabled

  web enabled, ident-reset disabled, SSL enabled

  DNS Proxy disabled, webauth disabled, webauth-ip 0.0.0.0

  OSPF disabled  BGP disabled  RIP disabled  RIPng disabled  mtrace disabled

  PIM: not configured  IGMP not configured

  bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]

             configured ingress mbw 0kbps, current bw 331kbps

             total allocated gbw 0kbps

  DHCP-Relay disabled

  DHCP-server disabled

Number of SW session: 31780, hw sess err cnt 0

lonns25-> get admin

HTTP Port: 80, HTTPS Port: 443

TELNET Port: 23, SSH Port: 22

Mng Host IP: 206.186.240.190/255.255.255.255

Mail Alert: On, Mail Server: exch01.domain.com

E-Mail Address: will.gerrish@domain.com

E-Mail Traffic Log: Off

Configuration Format: DOS

Device Reset: Enabled

Hardware Reset: Enabled

Admin privilege: read-write (Remote admin has read-write privileges)

Max Failed Admin login attempts: 3

HTTP redirect: false

Hi everyone,

just give a few more bits of information...

i can ping the manageable IP address of 172.16.23.10, all clients connecting to the firewall can still get out on to the internet and none of the site to site VPNs are affect.  it just seems like its the manageable side of things.

i have tried running the set int xx ip manageable on  interface that is usually managed.

any ideas?

thanks 

Hi

Need your answer

1. can you telnet the box ?

2. does the login page appears ?

3. do get socket and see that the buffer filled up?

4. what screenOS version do u use ?

Thanks

EL 

Hi There,

 1. can you telnet the box ? No

2. does the login page appears ? NO

3. do get socket and see that the buffer filled up?  how do i check this??

4. what screenOS version do u use ? how do you get this from the console???

thanks again. 

Hi

3. do get socket and see that the buffer filled up?  how do i check this??

 => get socket

4. what screenOS version do u use ? how do you get this from the console???

=> get system

=> get config | i manager

THanks

EL

Hi EL,

thanks for getting back to me.

this is what i get back from the get socket command 

Lonns25-> get socket

 Socket  Type   State      Remote IP         Port    Local IP         Port

      0  tcp4/6  listen     ::                   0    ::                 80

      1  tcp4/6  listen     ::                   0    ::                443

      2  tcp4/6  listen     ::                   0    ::                 23

      3  tcp4/6  listen     ::                   0    ::                 22

     52  tcp     close      0.0.0.0              0    0.0.0.0             0

    256  udp     open       0.0.0.0              0    0.0.0.0             0

    257  udp     open       0.0.0.0              0    0.0.0.0             0

    258  udp     open       0.0.0.0              0    0.0.0.0             0

    259  udp4/6  open       ::                   0    ::                500

    260  udp4/6  open       ::                   0    ::               4500

    261  udp4/6  open       ::                   0    ::                500

    262  udp4/6  open       ::                   0    ::               4500

    263  udp     open       0.0.0.0              0    0.0.0.0           161

    264  udp     open       0.0.0.0              0    0.0.0.0             0

    265  udp     open       0.0.0.0              0    0.0.0.0             0

    266  udp     open       0.0.0.0              0    0.0.0.0             0

Raw IP sockets:

 Socket  Type   Remote IP         Local IP         Protocol

    512  raw     0.0.0.0           0.0.0.0          01h

    514  raw     0.0.0.0           0.0.0.0          01h

    515  raw     0.0.0.0           0.0.0.0          02h

    516  raw     0.0.0.0           0.0.0.0          02h

Raw packet sockets:

 Socket  Type   Remote Mac    Local Mac    Protocol

    513  eth     000000000000  000000000000 0806h 

and the OS version is  5.4.0r6.0

again thanks - im not a firewall guy so im very greatful for your help.

Will 

Hi

I think u set manager-ip on that firewall. please check it. u limit only certain user with specific ip that can manage firewall  

thanks

EL

Hi Just FYI u only can manage firewall from user that use this ip 206.186.240.190

Thanks

EL

Hmm strange, as we have no ip address ranges on that range.

Is there a way via the console to set it to your internal ip subnet? 

thanks again El.

Will 

 yes u can unset that . btw what screenOS version do u use and box type

Thanks

EL

the screen OS i use is 5.4.0r6.0

also what command is needed to change the Mng Host IP? cant seem to find it in any of the forums...

thanks again EL

Hi EL,

i found this command but it only seems to work in the earlier version of the OS

set admin sys-ip "0.0.0.0"

Set adm sys-ip has been obsoleted since 4.0

the OS im currently running is  5.4.0r6.0 

thanks again

Will 

Hi

Could you PM your config ?

thanks

EL

HI

U can do this command

unset admin manager-ip all

i hope this work for you

Thanks

EL

this worked.

thanks so much 

hi

Please review this command