Shulou(Shulou.com)06/01 Report--

Resolve the problem that Juniper Firewall cannot log in:

Juniper firewall, no matter internal network or external network, no matter http or telnet, can not log in. When encountered such a problem how to solve, here is a description of the process of solving the problem.

Since neither telnet nor http can log in, the device can only be connected through the console line.

First check the status of the interface through the command "get int". The status of several interfaces is "U" connection status, and the IP of the interface is normal.

SSG140- > get int eth0/0

Interface ethernet0/0:

Description ethernet0/0

Number 0, if_info 0, if_index 0, mode nat

Link up, phy-link up/full-duplex

Vsys Root, zone Trust, vr trust-vr

Dhcp client disabled

PPPoE disabled

Admin mtu 0, operating mtu 1500, default mtu 1500

* ip 192.168.10.1 Compact 24 mac 001d.b50c.c300

* manage ip 192.168.10.1, mac 001d.b50c.c300

Route-deny disable

Pmtu-v4 disabled

Ping enabled, telnet enabled, SSH enabled, SNMP enabled

Web enabled, ident-reset disabled, SSL enabled

DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0

OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled

PIM: not configured IGMP not configured

NHRP disabled

Bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]

Configured ingress mbw 0kbps, current bw 1kbps

Total allocated gbw 0kbps

DHCP-Relay disabled at interface level

DHCP-server disabled

From the above command, you can see that the management IP is enabled, and the telnet and http functions are also enabled.

Check to see if there are restrictions on logging in to IP.

SSG140- > get admin manager-ip

Manager IP enforced: False

Manager IPs: 0

Address Mask Vsys

SSG140- >

There is no ip limit.

Let's take a look at several port numbers for managing login.

SSG140- > get admin

HTTP Port: 80, HTTPS Port: 443

TELNET Port: 23, SSH Port: 22

Manager IP enforced: False

Manager IPs: 0

Address Mask Vsys

Mail Alert: Off, Mail Server:

E-Mail Address:

E-Mail Traffic Log: Off

Configuration Format: DOS

Device Reset: Enabled

Hardware Reset: Enabled

Admin privilege: read-only (Remote admin has read-only privileges)

Max Failed Admin login attempts: 3

HTTP redirect: false

All use the default port, no problem.

Through some of the above commands, we can see that there is no problem with the setting of the firewall.

There is no choice but to be a doctor. Modify the login port number "set admin port 8000", set the login port number to port 8000, try http//192.168.10.1:8000, and find that you can log in through web, and then change the port number back to 80, and the problem is solved.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.