FLEX100 Remote mgmt issue
ZCNE Certified
Hello,
we have installed a new FLEX100 in an enterprise internet connection with fixed public IP configured on the wan port.
The ZyWALL is connected and the LAN has internet access.
The problem is that the ZyWALL doesn't allow the remote management via https. only via SSH or SSL. But it allow https via LAN.
All security features are disabled including the Security policy control.
We tried also via SSL, the SSL is connected correctly, we can ping the ZyWALL's LAN address but, again, we can't get the GUI.
Any ideas?
F/W rev 5.32(ABUH.0)
Thank you.
Best regards
we have installed a new FLEX100 in an enterprise internet connection with fixed public IP configured on the wan port.
The ZyWALL is connected and the LAN has internet access.
The problem is that the ZyWALL doesn't allow the remote management via https. only via SSH or SSL. But it allow https via LAN.
All security features are disabled including the Security policy control.
We tried also via SSL, the SSL is connected correctly, we can ping the ZyWALL's LAN address but, again, we can't get the GUI.
Any ideas?
F/W rev 5.32(ABUH.0)
Thank you.
Best regards
Best regards
0
All Replies
-
You just need a policy rule From WAN to Zywall HTTPS
0 -
@dpipro
Please check on the Policy Control "WAN_to_Device", and check if HTTPS is in the Service Group.
If not, please go to Configuration > Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" and put HTTPS to Member.
James
0 -
@PeterUK @Zyxel_James
Thank you for your answers but All security features are disabled including the Security policy control.
It seems to be an internal web service problem...Best regards0 -
@dpipro if via LAN works and via WAN won't, i highly doubt that's an internal web server problem.Since the revamp of the approach for security rules, now it's quite tough to reach HTTPS via WAN unless you're instructing the firewall to allow it.Due to your certification and the information currently available... triple check settings and logic.If the WAN port is configured with a private and not a public ip address, try also to put yourself in the same subnet of the WAN and try to reach HTTPS.Also... don't forget that at wizard, the device ask you to change your default HTTPS port for management. I don't assume that the redirection will work from both sides (LAN and WAN) after change the port.0
-
In WWW uncheck "Redirect HTTP to HTTPS" allow WAN to zywall login by port 80 HTTP
scan for port 80
GRC | Port Authority, for Internet Port 800 -
Hello @dpipro,Is there any log while accessing the USG FLEX 100 from WAN interface? Please collect the console logs by connecting to the console port too.And you may provide the configuration via private message, I would like to check the settings, thank you.James0
-
Thank you for your answer, the wan port has a public ip address. I've already configured different ports for https management but the issue remainsmMontana said:@dpipro if via LAN works and via WAN won't, i highly doubt that's an internal web server problem.Since the revamp of the approach for security rules, now it's quite tough to reach HTTPS via WAN unless you're instructing the firewall to allow it.Due to your certification and the information currently available... triple check settings and logic.If the WAN port is configured with a private and not a public ip address, try also to put yourself in the same subnet of the WAN and try to reach HTTPS.Also... don't forget that at wizard, the device ask you to change your default HTTPS port for management. I don't assume that the redirection will work from both sides (LAN and WAN) after change the port.
Best regards0 -
Dear PeterUK, thank you. I've already do it too. No luck... I've tried everythingPeterUK said:In WWW uncheck "Redirect HTTP to HTTPS" allow WAN to zywall login by port 80 HTTP
scan for port 80
GRC | Port Authority, for Internet Port 80Best regards0 -
Dear Zyxel_James, the appliance is installed on the customer premises at 300Km from here, I'm not sure if it's possible to have it connected by the console port... I'll send you the conf file. Thank youZyxel_James said:Hello @dpipro,Is there any log while accessing the USG FLEX 100 from WAN interface? Please collect the console logs by connecting to the console port too.And you may provide the configuration via private message, I would like to check the settings, thank you.JamesBest regards0 -
Hello @dpipro,Thanks for the config file, I uploaded your config and found out you didn't add the service HTTP or HTTPS to the service group "Default_Allow_WAN_To_ZyWALL". Please refer to my previous response.
- Add HTTPS to the service group "Default_Allow_WAN_To_ZyWALL"
- Enable Policy Control
- Change to WAN interface IP address for lab test
>> I can access by WAN IP address successfully.@dpipro
Please check on the Policy Control "WAN_to_Device", and check if HTTPS is in the Service Group.
If not, please go to Configuration > Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" and put HTTPS to Member.
James
James0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
