No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The Firewall Web Management Interface is Inaccessible to the Extranet

Publication Date:  2012-07-23 Views:  55 Downloads:  0
Issue Description
The Web management is enabled on the firewall, and a user can normally access the Web management page and can manage the device on the page.
When the user logs in to the firewall Web management page from the extranet (untrust zone), the browser prompts the user that the page cannot be opened.
Alarm Information
None.
Handling Process
Because the previously mentioned NAT server configuration item is not useful for the customer, delete the configuration item to allow a remote PC to access the firewall management page using the firewall extranet IP address.
Root Cause
  1. The untrust-to-local permit policy is disabled on the firewall. The check result indicates that the untrust-to-local interzone rule is permit.
  2. The Ping command is executed on the remote PC to ping the firewall public IP address. The IP address can be pinged through.
  3. The Telnet service is enabled on the firewall. The same IP address is used to access the Web management page from the remote PC over Telnet. The page still cannot be opened.
  4. The problem may originate from the firewall NAT problem. A careful check finds that the configuration item nat server 0 global 123.45.67.89 inside 10.20.30.41 exists on the firewall. However, the previously accessed firewall public IP address is also 123.45.67.89. When a user accesses the IP address from a remote PC, he/she actually accesses the host at 10.20.30.41 rather than the firewall due to the mapping.
Suggestions
When you encounter the failure of access from the extranet to the firewall, check whether the NAT server egress IP address configured on the firewall is the same as the access destination IP address besides check whether packet filtering is enabled.

END