Firewall – Can’t get into Juniper Networks Netscreen Web interface

firewallgraphical-user-interfacejunipernetscreennetworking

Have a Netscreen that appears to be functioning correctly (it's in production and has been for several years), but yet is not allowing me into the Web interface on port 80 or 443 (also tried 8080). Tried telneting to 22 and 23 as well. Any attempt to connect times out.
I've nmap'ed the IP on the internal interface and all ports show as being filtered, but as far as I recall, it was listening on 80. Also tried the external interface as it was setup for remote management, but can't connect that way either.

It was working last time I tried getting into it (last fall, I think).

I've cycled the power on it twice (pulled the adapter, waited 30 seconds, plugged it back in), but no dice.

Best Answer

Console into the firewall as kageeslin suggested, then do a 'get interface ' and look for something like this:

Interface ethernet0/0(VSI):
  description ethernet0/0
  link up, phy-link up/full-duplex
  vsys Root, zone Untrust, vr trust-vr, vsd 0
  *ip 192.168.1.1/24   mac abcd.abcd.abcd
  manage ip 192.168.1.2, mac abcd.abcd.abcd
  ping enabled, telnet enabled, SSH enabled, SNMP enabled
  web enabled, ident-reset disabled, SSL enabled

Make sure you are trying to connect to one of your manageable interfaces and also make sure that it has a route back to you (get route). Can the firewall ping your PC?

[edited for additional testing steps]

Once you have console access:

Check the admin ports that the web server is listening on:

get conf | inc admin

Try setting a filter for your connection and debug. 

clear dbuf
set ffilter src-ip <your ip address>
debug flow basic
[try the connection again]
sh db str
Related Topic