Shulou(Shulou.com)05/31 Report--

Juniper SSG firewall can not log in through web or telnet solutions, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain in detail for you, people with this need can come to learn, I hope you can gain something.

Some users will react that the Juniper SSG firewall can not log in through web or telnet. Here is a simple analysis.

1. Check whether the equipment is turned on.

If the Juniper SSG firewall is not turned on, you will not be able to connect by any means.

2, whether there is a panic phenomenon, of course, this situation is very rare. The Juniper SSG firewall device is still very stable, and there will be no panic problem if it is booted for a long time. If a crash occurs, just restart it.

3. Whether the network connection is normal. Whether the network cable is loose, or the quality of the network cable is not good. Check to see if the interface indicator light is normal, and the network card light is the same, a light is evergreen, a waiting flash indicates that there is data transmission.

4. The IP cannot be logged in through the public network. Check whether the connection of the public network and ADSL is normal. If the ADSL fails, you need to contact the line provider for support.

5, both internal and external networks are normal, and all can access the equipment of ping. It is possible that the WEBUI and telnet management functions of the Juniper SSG firewall interface are not enabled. By default, the trust port is enabled, and the untrust port needs to be enabled. If the WEBUI and telnet management functions of the trust are turned off, the firewall needs to be set up and enabled through the console port.

Juniper SSG firewall will take a console first, one end is the head of rj45 connected to the console port of the firewall, and the other com interface is connected to the serial port of notebook or desktop computer, using hyperterminal to connect to the firewall.

SSG140- > get int (check the interface status)

A-Active, I-Inactive, U-Up, D-Down, R-Ready

Interfaces in vsys Root:

Name IP Address Zone MAC VLAN State VSD

Eth0/0 192.168.1.1 Compact 24 Trust 001d.b50c.6480-U-

Eth0/1 0.0.0.0max 0 DMZ 001d.b50c.6485-D-

Eth0/2 116.228.xx.xx/30 Untrust 001d.b50c.6486-U-

Eth0/3 0.0.0.0max 0 Null 001d.b50c.6487-D-

Eth0/4 0.0.0.0max 0 Null 001d.b50c.6488-D-

Eth0/5 0.0.0.0max 0 Null 001d.b50c.6489-D-

Eth0/6 0.0.0.0max 0 Null 001d.b50c.648a-D-

Eth0/7 0.0.0.0max 0 Null 001d.b50c.648b-D-

Eth0/8 0.0.0.0max 0 Null 001d.b50c.648c-D-

Eth0/9 0.0.0.0max 0 Null 001d.b50c.648d-D-

Vlan1 0.0.0.0max 0 VLAN 001d.b50c.648f 1 D-

Null 0.0.0.0 Null A-U 0

SSG140- >

You can see that eth0/0 is in a normal state and eth0/2 is in a normal state, where U indicates that the UP interface is in a connected state.

SSG140- > get int e0amp 2

Interface ethernet0/2:

Description ethernet0/2

Number 6, if_info 4848, if_index 0, mode route

Link up, phy-link up/full-duplex

Vsys Root, zone Untrust, vr trust-vr

Dhcp client disabled

PPPoE disabled

Admin mtu 0, operating mtu 1500, default mtu 1500

* ip 116.228.xx.xx/30 mac 001d.b50c.6486

* manage ip 116.228.xx.xx, mac 001d.b50c.64xx management IP address

Route-deny disable

Pmtu-v4 disabled

Ping enabled, telnet enabled, SSH disabled, SNMP disabled

Web enabled, ident-reset disabled, SSL enabled (the activated management features are listed here)

DNS Proxy disabled, webauth disabled, webauth-ip 0.0.0.0

OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled

PIM: not configured IGMP not configured

Bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]

Configured ingress mbw 0kbps, current bw 1036kbps

Total allocated gbw 0kbps

DHCP-Relay disabled

DHCP-server disabled

Number of SW session: 47073, hw sess err cnt 0

SSG140- >

SSG140- > set interface e0Compact 2 manage web (enable the management function of webui)

SSG140- > set interface e0Compact 2 manage telnet (enable the management function of telnet)

Add:

Since neither telnet nor http can log in, the device can only be connected through the console line.

First check the status of the interface through the command "get int". The status of several interfaces is "U" connection status, and the IP of the interface is normal.

SSG140- > get int eth0/0

Interface ethernet0/0:

Description ethernet0/0

Number 0, if_info 0, if_index 0, mode nat

Link up, phy-link up/full-duplex

Vsys Root, zone Trust, vr trust-vr

Dhcp client disabled

PPPoE disabled

Admin mtu 0, operating mtu 1500, default mtu 1500

* ip 192.168.10.1 Compact 24 mac 001d.b50c.c300

* manage ip 192.168.10.1, mac 001d.b50c.c300

Route-deny disable

Pmtu-v4 disabled

Ping enabled, telnet enabled, SSH enabled, SNMP enabled

Web enabled, ident-reset disabled, SSL enabled

DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0

OSPF disabled BGP disabled RIP disabled RIPng disabled mtrace disabled

PIM: not configured IGMP not configured

NHRP disabled

Bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]

Configured ingress mbw 0kbps, current bw 1kbps

Total allocated gbw 0kbps

DHCP-Relay disabled at interface level

DHCP-server disabled

From the above command, you can see that the management IP is enabled, and the telnet and http functions are also enabled.

Check to see if there are restrictions on logging in to IP.

SSG140- > get admin manager-ip

Manager IP enforced: False

Manager IPs: 0

Address Mask Vsys

SSG140- >

There is no ip limit.

Let's take a look at several port numbers for managing login.

SSG140- > get admin

HTTP Port: 80, HTTPS Port: 443

TELNET Port: 23, SSH Port: 22

Manager IP enforced: False

Manager IPs: 0

Address Mask Vsys

Mail Alert: Off, Mail Server:

E-Mail Address:

E-Mail Traffic Log: Off

Configuration Format: DOS

Device Reset: Enabled

Hardware Reset: Enabled

Admin privilege: read-only (Remote admin has read-only privileges)

Max Failed Admin login attempts: 3

HTTP redirect: false

All use the default port, no problem.

Through some of the above commands, we can see that there is no problem with the setting of the firewall.

There is no choice but to be a doctor. Modify the login port number "set admin port 8000", set the login port number to port 8000, try http//192.168.10.1:8000, and find that you can log in through web, and then change the port number back to 80, and the problem is solved.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.