ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

trouble accessing WebUI when not on local subnet

12.10.07   |  
‎12-10-2007 08:45 AM
I have a number of SSG firewalls (mostly SSG5's and SSG140's) that I can connect to the WebUI no problem when I am on the local subnet of one of the interfaces.  When I try to connect through the Internet however I can't get the login page to load.  The title bar changes to Login however the page never loads.  I am using Internet Explorer 7, however have tried IE6 as well with the same result.  I don't have any personal firewalls running.  Others in the office can connect no problem, which eliminates the local firewall causing issues.
 
This leads me to believe it might be something in the Internet Explorer settings however I can't seem to figure out what setting could be causing this issue.  Also very odd that it only occurs when I connect through the Internet.  I have tried both HTTP and HTTPS, as well as using custom ports over HTTP, all with the same result.
 
Any ideas?
7 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: trouble accessing WebUI when not on local subnet

12.10.07   |  
‎12-10-2007 09:13 AM
Try disabling TLS on your browser. For IE, this is under Internet Options, Advanced tab. Uncheck the "Use TLS 1.0" box. See if that works. Also what ScreenOS version are you running?
ScreenOS Firewalls (NOT SRX)

Re: trouble accessing WebUI when not on local subnet

12.10.07   |  
‎12-10-2007 10:00 AM
I tried your suggestion of disabling TLS 1.0 but get the same issue.  I also get the same thing when using HTTP, both using standard port 80 and using a custom port.
 
The two that I need to connect to the most are:
 
SSG5 running version 5.4.0r3a
SSG140 running version 6.0.0r2.0
 
I have customers with different versions and always run into the same thing
ScreenOS Firewalls (NOT SRX)

Re: trouble accessing WebUI when not on local subnet

12.10.07   |  
‎12-10-2007 11:20 AM
This may be a silly question, but is HTTP and HTTPS enabled on your Internet interface? Check by running command "get interface <interface name>". Check to see if both web and ssl are enabled. If web is enabled and ssl is not, then also check to see if http redirect is also enabled. If that is the case then you may need to also enable ssl on the Internet interface. Finally check to see if any manager-ip ranges are configured "set admin manager-ip <ip-address>". If so then be sure that your IP address is included in the list of manager-ips.
ScreenOS Firewalls (NOT SRX)

Re: trouble accessing WebUI when not on local subnet

05.16.08   |  
‎05-16-2008 02:33 AM
i wonder if this issue can be solve by firmware upgrade?
ScreenOS Firewalls (NOT SRX)

Re: trouble accessing WebUI when not on local subnet

06.24.08   |  
‎06-24-2008 09:33 AM

Another question, which version of IE are you running?  And a suggestion, try using another browser from the same location.

ScreenOS Firewalls (NOT SRX)

Re: trouble accessing WebUI when not on local subnet

06.24.08   |  
‎06-24-2008 10:13 AM

I am running IE Version 7, but also tried it with IE6.  I just installed Firefox as per your suggestion and that doesn't work either.  I have determined it must be something else on my machine as I got a new laptop with a base install of WindowsXP and I could connect.  I then installed all my apps ect and now I have the same problem on the new laptop.  Obviously this must have something to do with some software I have installed, however it does still seem odd.  I'm not sure what might be confilicting, I have a couple VPN clients (Netscreen Remote, Cisco VPN, Juniper Network Connect) so I am wondering if they could be a problem.  I have disabled the services for these to see if that helped but no luck.

 

All I now know is that this isn't and IE problem but it seems to be a software conflict.

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: trouble accessing WebUI when not on local subnet

07.20.10   |  
‎07-20-2010 08:50 AM

It has happened two times this error, with the same firmware 6.1.0r4 but with different hardware, ssg550M was solved in hours of submission of the error (this time it was getting a snoop), but the problem continues in the ISG1000, the only thing was done in the ISG1000 was to make a session get and send it to a tftp server.

This may be the cause? I did everything suggested in the post above, but nothing


I would appreciate your valuable help

Attachments