Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 7399 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WebAdmin access gone after Up2Date 9.4004.005

marcelbleeker

Hi all,

Curious problem that I can not solve via other posts:

After update our firewalls, I'm not able to access the Webadmin via the WAN ports.

And yes I added the access to the correct network (even checked it via the console)
And yes I checked if the user has access.

FW01 / FW02 / FW03: UTM9 appliance
FW04 : ASG220 appliance

This all worked fine for many years now, but after the update the situation is as on the drawing.

Please advise / help.

Greetz,

Marcel.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Marcel,

    Check if any DNAT rule is configured to map the incoming requests on WAN address. 

    Are you able to access Web Admin from internal network? Take SSH to UTM and execute /etc/init.d/httpd restart . Let us know if that helps.

    Thanks

  • 0 in reply to sachingurung

    Hi sachingurung,

    On one of the walls, we have the following:

    1 masquerading rule LAN -> WAN-side

    1 SNAT host1 -> message Queuing ports > host X on WAN side

    1 SNAT host2 -> message Queuing ports > host X on WAN side

    1 DNAT WAN -> Terminal Apps. -> LAN

    But these were also active before the issue occurred.

    Greetz,

    Marcel.

  • 0 in reply to marcelbleeker

    Hi Marcel,

    Did restarting the HTTPd services help? It can be hard to tell why the GUI services are stuck if it is not caused due to an incorrect DNAT or the GUI services responsible for it.

    Take tcpdump for the remote IP address and check if you receive the request packets on the UTM, alongside also capture *.log grepping the remote IP address, if UTM is dropping the connection then you will capture some information here.

    Thanks

  • 0 in reply to marcelbleeker

    Since you didn't correct my translation of the German error message, I'll guess that it's correct.  I'll guess that the client you're using to attempt to connect to the WAN port does not have an IP that's in 'Allowed Networks' for WebAdmin.  If it appears in WebAdmin that the IP should be allowed, temporarily add "Any" to test.    If that works, then restore a configuration backup from before the last Up2Date.

    If you still get no joy, check Allowed Networks from the command line:

    cc
    webadmin
    allowed_networks@
    exit

    Any luck with any of that?

    Cheers - Bob

Reply
  • 0 in reply to marcelbleeker

    Since you didn't correct my translation of the German error message, I'll guess that it's correct.  I'll guess that the client you're using to attempt to connect to the WAN port does not have an IP that's in 'Allowed Networks' for WebAdmin.  If it appears in WebAdmin that the IP should be allowed, temporarily add "Any" to test.    If that works, then restore a configuration backup from before the last Up2Date.

    If you still get no joy, check Allowed Networks from the command line:

    cc
    webadmin
    allowed_networks@
    exit

    Any luck with any of that?

    Cheers - Bob

Children
  • 0 in reply to BAlfson

    Hi Bob,

    Sadly to say that I did all of the above with no positive result.

    Though, it is strange that a fully fresh installed latest version image(from iso-usb boot) is working ok.

    So next thing for me is by hand adding all the rules one by one to see where it goes wrong.

    Keep you all posted.