Hi Andy, Yes, that's what all the documentation seems to indicate unfortunately, it isn't working. I have even reset back to the factory settings, completed only the basic configuration, and enabled scs...
Admin-Settings-enable SCS Interface-Untrusted-Edit-check off SCS ...to no avail. It still refuses access on the external interface while allowing it from the trusted side. Further, through the cli, the "get interface" command shows the trust ip address as the IP address and the Manage IP. However, the untrust interface lists the proper IP Address and 0.0.0.0 under Manage IP. If I attempt to set the Manage IP to the Untrust Interface address and error message specifies that it is not allowed. Very frustrating! Thanks for your input anyway. Ken -----Original Message----- From: Andy Condliffe [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 12, 2002 5:28 PM To: FW-List Subject: Re: NetScreen 5xp configuration Hi, You shouldn't need to specify another address, if you tick the "Web-UI" on the untrusted interface page through the gui then it will allow management via the outsside interface. This is all done in clear test (unless you have configured ssl). A better option is to use ssh if you must access from the outside and configure it from the command line. Again you will need to either tick the SCS box or issue the command from the command line (set interface untrust manage scs). As far as inbound services go, you will need to define services before you can use them if they are non-standard, though I have done much of this. Hope this helps. Andy FW-List wrote: > > Hi All, > > > > I have a new Netscreen 5xp and could use a little configuration guidance > > while waiting for a response to my online registration - I haven't been > > able to find anything definitive in the Installer's guide, through google > > searches nor on the Netscreen web site. > > > > When installed, the fw will have a static address for the untrusted > > interface but, only one (that's all the ISP provides). My first problem > > is how to enable remote administration? With the software version > > installed - 2.6.0r1.4 - the interface demands that the manage ip on the > > untrusted interface be different than the Static IP (of course I only have > > the one). I have verified that using a different address for that value > > will allow remote management but, is there no way to access that feature > > with a single external IP? > > > > I can upgrade the OS and access Netscreen technical support tomorrow, > > unfortunately that is when the system is supposed to be installed. If > > anyone has a suggestion on how this can be done, I would be very > > appreciative. > > > > Also, any tips on port forwarding non-standard services (i.e. SMTP works > > but, port 3200 doesn't) to an internal IP address would be helpful. > > However, as long as I can get remote access, the other configuration > > issues can be worked through with Netscreen tech support. > > > > Thanks in advance > > > > Ken Rode > > [EMAIL PROTECTED] > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
