FLEX100 Remote mgmt issue
Hello,
we have installed a new FLEX100 in an enterprise internet connection with fixed public IP configured on the wan port.
The ZyWALL is connected and the LAN has internet access.
The problem is that the ZyWALL doesn't allow the remote management via https. only via SSH or SSL. But it allow https via LAN.
All security features are disabled including the Security policy control.
We tried also via SSL, the SSL is connected correctly, we can ping the ZyWALL's LAN address but, again, we can't get the GUI.
Any ideas?
F/W rev 5.32(ABUH.0)
Thank you.
Best regards
we have installed a new FLEX100 in an enterprise internet connection with fixed public IP configured on the wan port.
The ZyWALL is connected and the LAN has internet access.
The problem is that the ZyWALL doesn't allow the remote management via https. only via SSH or SSL. But it allow https via LAN.
All security features are disabled including the Security policy control.
We tried also via SSL, the SSL is connected correctly, we can ping the ZyWALL's LAN address but, again, we can't get the GUI.
Any ideas?
F/W rev 5.32(ABUH.0)
Thank you.
Best regards
Best regards
0
All Replies
-
You just need a policy rule From WAN to Zywall HTTPS
0 -
@dpipro
Please check on the Policy Control "WAN_to_Device", and check if HTTPS is in the Service Group.
If not, please go to Configuration > Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" and put HTTPS to Member.
James
0 -
@PeterUK @Zyxel_James
Thank you for your answers but All security features are disabled including the Security policy control.
It seems to be an internal web service problem...Best regards0 -
@dpipro if via LAN works and via WAN won't, i highly doubt that's an internal web server problem.Since the revamp of the approach for security rules, now it's quite tough to reach HTTPS via WAN unless you're instructing the firewall to allow it.Due to your certification and the information currently available... triple check settings and logic.If the WAN port is configured with a private and not a public ip address, try also to put yourself in the same subnet of the WAN and try to reach HTTPS.Also... don't forget that at wizard, the device ask you to change your default HTTPS port for management. I don't assume that the redirection will work from both sides (LAN and WAN) after change the port.0
-
In WWW uncheck "Redirect HTTP to HTTPS" allow WAN to zywall login by port 80 HTTP
scan for port 80
GRC | Port Authority, for Internet Port 800 -
Hello @dpipro,Is there any log while accessing the USG FLEX 100 from WAN interface? Please collect the console logs by connecting to the console port too.And you may provide the configuration via private message, I would like to check the settings, thank you.James0
-
mMontana said:@dpipro if via LAN works and via WAN won't, i highly doubt that's an internal web server problem.Since the revamp of the approach for security rules, now it's quite tough to reach HTTPS via WAN unless you're instructing the firewall to allow it.Due to your certification and the information currently available... triple check settings and logic.If the WAN port is configured with a private and not a public ip address, try also to put yourself in the same subnet of the WAN and try to reach HTTPS.Also... don't forget that at wizard, the device ask you to change your default HTTPS port for management. I don't assume that the redirection will work from both sides (LAN and WAN) after change the port.
Best regards0 -
PeterUK said:In WWW uncheck "Redirect HTTP to HTTPS" allow WAN to zywall login by port 80 HTTP
scan for port 80
GRC | Port Authority, for Internet Port 80Best regards0 -
Zyxel_James said:Hello @dpipro,Is there any log while accessing the USG FLEX 100 from WAN interface? Please collect the console logs by connecting to the console port too.And you may provide the configuration via private message, I would like to check the settings, thank you.JamesBest regards0
-
Hello @dpipro,Thanks for the config file, I uploaded your config and found out you didn't add the service HTTP or HTTPS to the service group "Default_Allow_WAN_To_ZyWALL". Please refer to my previous response.
- Add HTTPS to the service group "Default_Allow_WAN_To_ZyWALL"
- Enable Policy Control
- Change to WAN interface IP address for lab test
>> I can access by WAN IP address successfully.@dpipro
Please check on the Policy Control "WAN_to_Device", and check if HTTPS is in the Service Group.
If not, please go to Configuration > Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" and put HTTPS to Member.
James
James0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight