Can't access web management through WAN or LAN
dpdave
Newbie ✭
Hello,
I have a TZ500 that won't allow me to connect to the web interface on the WAN or LAN side. The only way I can connect to it currently is using the command line interface using the serial console.
When attempting to connect using the IP at https://192.168.1.1 or https://192.168.1.1:8443 it just says "Connetion refused". I have a case open with support but they haven't been too helpful so far. They had me factory reset (Which allowed me access to the web mgmt again) but as soon as I uploaded the saved configuration, I could not access it again. They also had me install the latest firmware, which didn't help either.
The firewall is otherwise working fine and passing traffic, I just can't login to the web management! I know it has to be something in the config, and I provided all the details I could to tech support. When monitoring traffic, I can see it dropping my attempt. Here is the snippet of the log showing it dropped my attempt to access mgmt:
The X0:V100 interface is for VOIP traffic but not sure why it's using that as the destination interface.
Any ideas?
Thanks!
Answers
@DPDAVE please check the following while on CLI
Commit the changes if you had to do any and you should be golden.
Word of advice, don't open management on WAN. If you really need it try to limit the WAN-to-WAN rules for management to known source addresses.
—Michael@BWC
If all else fails flatten and start again, there's something in the config you are uploading.
check the config on X0
show interface X0
management https
management ping
management snmp
management ssh
check the https port
show administration
https-port XXXX - matches your 8443
Thanks you both for your reply!
Here's what it shows, I tried to connect using 8443 but it's a no go. SSH doesn't work either.
Here's output on X0
Just weird it's not working. I really don't want to flatten and start over as there's a lot of rules on this thing. I recently took over this Sonicwall so I don't have the complete history on it but I know the previous admin said this just happened suddenly and didn't know why.
@dpdave some more thoughts what you could try:
Otherwise I believe the support should address this.
—Michael@BWC
Yes it's showing the correct address and I am connecting from the 192.168.1.x subnet. I like your idea of trying a different port. I do have a case open with support but they haven't been much help so far so I thought I'd "Cast a wider net".
If I come to solution I'll post it back here.
I appreciate you both taking the time to try and help.
good luck , BWC's idea of ruling out some potentially bodged or nobbled management port NAT sounds like an idea.
Just leaving an update on this. Got it working again by configuring one of the unused interfaces (X7) with custom zone I created with a new subnet. I then enabled http and https management on this interface and was able to access using a laptop directly connected to the interface and configured with an IP in the same subnet.
I then found the issue, there was a virtual interface created (X0:V100) which for some reason was assigned to the WAN zone. I could see in the logs that whenever I attempted to access the HTTP or HTTPS management it would set the destination to X0:V100 and block my attempt.
I found this virtual interface was not being used at all so I just deleted it. After that, everything immediately started working again. Weird issue, but just glad it's working.