Re: External management on a netscreen-5
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: External management on a netscreen-5

From: AM <arj.mahal@askarj.com>
Date: Fri May 27 2005 - 10:26:22 CEST



If you have one external address,, externally, you can only manage the


firewall on the same IP address as the external interface.  Set the


Manage-IP address to be 0.0.0.0 - (it defaults to the same IP as the


untrust interface).  Then enable ssh and web etc.  Note however, that


web and telnet are clear text so the admin login userid password and


configuration changes are not encrypted, so not really meant for


external connections.  You should use ssh or ssl communications for the


encrypted equivalent.



Also have a look under admin, management and permitted IPs list.  This


allows you to restrict by source IP who can connect to manage the


firewall in the first place.  Remember to firstly add your internal


IP/range othewise you may lock yourself out.



Hope this is helpful.



AM


http://www.askarj.com


Received on Thu Sep 29 19:53:04 2005