Netscreen WebUI remote admin access fails

Netscreen won't allow WebUI read-write admin to make changes yet same user can do them using telnet
murphymailAsked:
Who is Participating?
 
ccreamer_22Connect With a Mentor Commented:
Change the following

set admin privilege read-write
to

set admin privilege "all"
0
 
rsivanandanCommented:
1. What model of the firewall?

2. Can you post the configuration here ? (After removing passwords and first octect of your public ip)

Cheers,
Rajesh
0
 
dpmcmullCommented:
My Netscreen has one "read-only" IP address and one "admin" address.  My admin address is one higher than the read-only address (ie - read-only is 192.168.1.1 and admin is 192.168.1.2).  Try adding one to the current way of accessing this.  I believe this is the way it is set up out of the box, but I also believe that these can be changed.  Did you set it up or did someone else?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
murphymailAuthor Commented:
The problem is via www the SSG 140 for some reason doesn't show all the links (ie, where there should be a link to change "edit" interface it come sup with dashes). I also get doesn't have the privilege message yet i'm using admin signon
Config below---
set clock timezone -4
set vrouter trust-vr sharable
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset auto-route-export
exit
unset alg h323 enable
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set auth radius accounting port 1646
set admin name "netscreen"
set admin password "nKVUM2rwMUzPcrkG5sWIHdCtqkAibn"
set admin user "mike" password "nEZRCmrUEQmMcLrDAstG77Nt5OFHKn" privilege "all"
set admin auth timeout 10
set admin auth server "Local"
set admin auth remote primary
set admin auth remote root
set admin privilege read-write
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "DMZ" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
unset zone "VLAN" tcp-rst
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src set zone "V1-Untrust" screen land set interface "ethernet0/0" zone "Trust"
set interface "ethernet0/1" zone "DMZ"
set interface "ethernet0/2" zone "Untrust"
set interface "ethernet0/3" zone "Untrust"
set interface "ethernet0/7" zone "Untrust"
set interface "tunnel.1" zone "Untrust"
set interface ethernet0/0 ip x.x.26.81/24
set interface ethernet0/0 nat unset interface vlan1 ip
set interface ethernet0/7 ip x.x.198.150/27
set interface ethernet0/7 route
set interface tunnel.1 ip unnumbered interface ethernet0/7
set interface ethernet0/7 gateway x.x.198.129
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet0/7 manage-ip x.x.198.151
set interface ethernet0/0 ip manageable
unset interface ethernet0/7 ip manageable
set interface ethernet0/7 manage ping
set interface ethernet0/7 manage telnet
set interface ethernet0/7 manage web unset flow no-tcp-seq-check
set flow tcp-syn-check
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set address "Trust" "0.0.0.0/0" 0.0.0.0 0.0.0.0
set vpn "VPN for Any" monitor
set url protocol websense
exit
set policy id 1 from "Untrust" to "Trust"  "Any" "0.0.0.0/0" "ANY" permit set policy id 1 disable set policy id 1 exit set policy id 2 name "VPNphones" from "Untrust" to "Trust"  "Dial-Up VPN" "Any"
"ANY" tunnel vpn "VPN for Any" id 2 pair-policy 3 log set policy id 2 exit set policy id 3 name "VPNphones" from "Trust" to "Untrust"  "Any" "Dial-Up VPN"
"ANY" tunnel vpn "VPN for Any" id 2 pair-policy 2 log set policy id 3 exit set monitor cpu 100 set firewall log-self set nsmgmt bulkcli reboot-timeout 60 set ssh version v2 set config lock timeout 5 set snmp port listen 161 set snmp port trap 162 set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 gateway x.x.198.129 set route x.x.198.0/24 gateway x.x.198.129 set route 10.0.0.0/8 gateway x.x.26.1 set route 172.90.90.0/24 vrouter "untrust-vr" preference 20 metric 1 exit set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
0
 
rsivanandanCommented:
I'll look into it later today, by the way can you also post what version of SOS is running on this one?

Cheers,
Rajesh
0
 
dpmcmullCommented:
Yes, you're using the admin signon, but not the admin IP.  See http://kb.juniper.net/KB3907.
Or the IP management is turned off (http://kb.juniper.net/KB6422).  
Or the management is restricted to a specific IP on your subnet.  
You can use this page (http://kb.juniper.net/KB3918) to determine what IP is allowed to manage the device.  
Set management IP address - http://kb.juniper.net/KB4035.

You can find more of these by searching the Netscreen KB (http://kb.juniper.net/) for "management IP" (no quotes).
0
All Courses

From novice to tech pro — start learning today.