Comware Based
1839240 Members
2699 Online
110137 Solutions
New Discussion

Re: 5920 WebGUI not working through Firewall

 
Linkk
Frequent Advisor

5920 WebGUI not working through Firewall

Hello,

I currently have a problem with the WebGUI (HTTP) of a 5920 IRF. It is working fine if I access it from the same VLAN but it doesn't respond at all if I try to access it on the other interface. 

Currently my PC is in VLAN 2, the Switch interfaces are in VLAN 8. For testing purposes, I gave my PC "any" port access to the whole VLAN 8 and VLAN 8 any port to me on the firewall (Sophos UTM). 

Then I gave the switch one VlanInterface in 2 and one in 8.

Now the SSH access works fine on both interfaces but the WebGUI only works on the Vlan2 interface. The Firewall Log shows that it forwards the traffic correctly. 

Telnet on port 80 times out in VLAN 8. Other switches in that VLAN respond correctly.

Is there a command that only enables the WebGUI on certain Interfaces? 

 

I can't put the whole config here but I checked the default gateway, there is no asynchronous routing or something. And since I can login through the other interface I don't think there is a problem with authorization.

 

Thanks!,

 

EDIT:

We are running version 7.1.045, Release 2432P01 

EDIT2:

I just tested it on a routed VlanInterface (VLAN22) and it works fine on that interface, too. I'm loosing ideas where to look...

2 REPLIES 2
frmeunier
Occasional Collector

Re: 5920 WebGUI not working through Firewall

Hi

You say that you can access the switch on SSH through the FW but not with the GUI ?

No NAT active ? Only the FW filtering on a set of subnets ?

Linkk
Frequent Advisor

Re: 5920 WebGUI not working through Firewall

Thanks for the reply, it turned out to be a policy based route on the Sophos that directed HTTP/S traffic to the wrong interface. I added an exception to this route, which routed traffic to the correct interface.

 

So (of cause) no Comware problem ;)