The Web management is enabled on the firewall, and a user can normally access the Web management page and can manage the device on the page.
When the user logs in to the firewall Web management page from the extranet (untrust zone), the browser prompts the user that the page cannot be opened.
Because the previously mentioned NAT server configuration item is not useful for the customer, delete the configuration item to allow a remote PC to access the firewall management page using the firewall extranet IP address.
The untrust-to-local permit policy is disabled on the firewall. The check result indicates that the untrust-to-local interzone rule is permit.
The Ping command is executed on the remote PC to ping the firewall public IP address. The IP address can be pinged through.
The Telnet service is enabled on the firewall. The same IP address is used to access the Web management page from the remote PC over Telnet. The page still cannot be opened.
The problem may originate from the firewall NAT problem. A careful check finds that the configuration item nat server 0 global X.X.67.89 inside 10.20.30.41 exists on the firewall. However, the previously accessed firewall public IP address is also X.X.67.89. When a user accesses the IP address from a remote PC, he/she actually accesses the host at 10.20.30.41 rather than the firewall due to the mapping.
When you encounter the failure of access from the extranet to the firewall, check whether the NAT server egress IP address configured on the firewall is the same as the access destination IP address besides check whether packet filtering is enabled.