Manage Netscreen 10 from internet

[speedingwolf]

Greetings,

I can't seem to figure out how to connect to the untrust/outside interface of my netscreen firewall for testing. I can manage it inside but can not connect to it from the public ip address. I checked the untrusted interface with web, ping, scs, etc.

Please advice.

Thanks,

 

[MarkhP]

Using the WEB UI got to Network/Interfaces Edit the untrust interface and enable HTTP management service.

I don't enable it here and don't recommend it either, as it is creating a weakness in security by giving access from the Web. If you want external management, maybe look at using a VPN solution and then manage it through the trusted port?

 

[MarkhP]

Oops, just re-read your post sorry. Are you saying that you cannot ping the untrusted interface from outside of your network?. Do you know if your ISPs router/modem is setup to use transparent mode or NAT?

 

[speedingwolf]

Hi Mark,

Thanks for your respond. I just found out last night that I can configure the NS so that I can manage it from the internet.

In manage IP, just give it the IP address of the location where you will connect to the outside, untrusted interface. Of course, you will need to allow web configuration on the untrusted one.

Thanks for your respond.

 

[sikek]

If you are worry about some security issue with using HTTP for management on the untrust interface. You can change the port number.Also use SSH v2 or HTTPS which needs to be enable also.

http://5gt.support.juniper.safeharbor.com/knowbase/root/public/nskb5658.htm?

http://5gt.support.juniper.safeharbor.com/knowbase/root/public/ns10562.htm?