Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2542 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue accessing a Web GUI based device

David venner

I'm using the XG free home edition in a virtual lab environment just to simulate basic firewall protection between a LAN\DMZ\External configuration.

I have created a simple rule to begin with that allows all traffic to pass from the LAN to the DMZ, I have a test Citrix Netscaler sat in the DMZ.

I can ping the Netscaler ok but when trying to access the web gui I keep getting page cannot be displayed and within the log viewer I can see the traffic is being denied with message of "Invalid TCP State" and "Invalid Packet" and don't understand why I'm seeing this behavior.

Can anyone help me with this issue I have tried using the GUI packet capture but cannot see anything which can help me?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Thanks for the reply.

    Tried increasing the timeout which didn't help and then proceeded to take a capture and look at it in wireshark.

    Not that I'm an expert with it but think it's related to invalid packet sequences (This frame is a (suspected) out-of-order segment - from wireshark) but could be wrong and don't understand why it is treating the traffic in this way.

    Would upload the file but this errors when selecting the file.

  • 0 in reply to David venner

    Can you share Screenshots of this connection attempt in Wireshark? 

    https://wiki.wireshark.org/TCP_3_way_handshaking

    You should look for the Handshake. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    OK, really strange as I'm not seeing the 3 way handshake in the capture results:

    (hope image is good enough)

    Used this command to capture the info from the XG:

    tcpdump host 192.168.255.1 and 192.168.1.50 -b -w /tmp/dump.pcap

    (I believe this gets all traffic from first IP to second?)

    Just for info I do have a virtual router that I use to use to be able to connect between test LAN\DMZ\External and have had no issues connecting to the Netscaler GUI.

     

  • 0 in reply to David venner

    So most likely those packets are unanswered by the Destination.

    Try to use this command without -b -w and take a look, if XG is sending / using the correct interface outbound.

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi

    Thanks for your help and info on this.

    I managed to track down the issue to a config setting on the Netscaler.

    I'm now able to access the GUI console.

    Regards

Cookie Information Banner