A customer is using a NetScreen-25 firewall. By default it has a web interface on port 80 and 443. I've changed the port for the HTTPS web interface to some other number that is not being used and disabled the checkbox that normally enabled the HTTPS web interface.
I've then added a policy to forward incoming tcp requests on port 443 to 192.168.2.2:443 like I would add any other NAPT policy. However the policy is never hit (even though it's at the top of the list) so data never gets forwarded to the internal server.
We want to expose the internal site via HTTPS to the internet (without the user having to specify a port other than 443 of course).
Has anybody got an idea what might be wrong? Might this be a bug in the device given that it normally reserves 443 for it's web interface even when you change the port and disable it?
Thank you
And if you put the sever in the DMZ? It should bypass the firewall then. Does that work?
// Allowing Outbound Traffic By default, the NetScreen-25 device does not allow inbound or outbound traffic, nor does it allow traffic to or from the DMZ. You need to create access policies to permit specified kinds of traffic in the directions you want. (You can also create access policies to deny and tunnel traffic.) The following access policy permits all kinds of outbound traffic from any point on the Trust network to any point on the Untrust network. set policy outgoing “inside any” “outside any” any permit save You can also use the Outgoing Policy Wizard in the WebUI management application to create access policies for outbound traffic. See “Accessing the Device With the WebUI” on page 18 for information on accessing the WebUI application. //