none
The WEB page of firewall can not be reached from Internet.
The configuration of security zone is checked, and the management address can be pinged. The type of browsers is not related with this issue. Check the session on the firewall, it is found that there is no record of related HTTPS session.
#
interface GigabitEthernet1/0/3
port link-mode route
ip address x.24.70.130 255.255.255.248
#
object-policy ip untrust_to_local
rule 1000 pass service ping
rule 2000 pass service ssh
rule 3000 pass service https
rule 4000 pass service http
#
zone-pair security source Untrust destination Local
object-policy apply ip untrust_to_local
#
security-zone name Untrust
import interface GigabitEthernet1/0/3
#
ip https port 2000
ip https enable
Further checking the configuration, it is found that in the object policy, only the HTTPS service is permitted, which is equivalent to port 443, but the HTTPS port is modified to 2000 by customer, and 2000 is not permitted in object policy. Therefore, when the HTTPS access with port 2000 comes up, it will be discarded by the policy, resulting in the access failure.
In case of such issues, check the device configuration first as follows:
1. Whether the interface is bound to VPN instance;
2. Is http / HTTPS access control list configured? Command: IP HTTPS ACL XXXX ;
3. Whether the interface imported to the security zone and whether the address can be pinged;
4. Whether the HTTPS port has been modified, whether the modified port has been permitted in the security policy, and whether the port mapping has been configured on the interface which is conflicted with the HTTPS port.
No comments
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作