running configuration

Security Gateway Discussions
Post Reply
wahiba
Posts: 11
Joined: 14 May 2019, 11:48

running configuration

Post by wahiba » 16 May 2019, 13:43

hey
i work on an already configured SG clavister E7, and i don't know any information about the configuration running, is there any moyen to excract running configuration in order to analyse it and find the way to access the SG?
assuming that even when i type '' ifstat'' and ''show adresse ...'' i can't access the SG through the given IP adresse

Peter
Posts: 659
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: running configuration

Post by Peter » 16 May 2019, 14:26

Hello.

The rule(s) that control the access to the Firewall is called "RemoteManagement". Use the following CLI command to get information about how they are configured:

show RemoteManagement

Then you can use this CLI command to get even more details about a specific remote management rule (example):

show RemoteManagement RemoteMgmtHTTP HTTP_If1

Where HTTP_If1 is the name of one of my management rules.

Best regards
/Peter

wahiba
Posts: 11
Joined: 14 May 2019, 11:48

Re: running configuration

Post by wahiba » 16 May 2019, 14:56

ok, so i typed the command show RemoteManagement and got HTTP_MGMT interface If1, so i think it's about ethernet 1 interface?
so i typed show ipaddress ... If1 to look for it's ip @ and got the ip adress but style can't ping on my SG neither access via browser
is there any missunderstanding from my side to the procedure?
thank for you concer i really appreciate.

Peter
Posts: 659
Joined: 10 Apr 2008, 14:14
Location: Clavister HQ - Örnsköldsvik

Re: running configuration

Post by Peter » 17 May 2019, 11:36

Hello.

The remote management rule(s) can look like this:
VSG-24:/> show RemoteManagement

RemoteMgmtHTTP

Name      Interface  Network
--------  ---------  --------
HTTP_If1  if1        if1net
This is interpreted like this:

In order to gain access to the management WebUI, you need to arrive with packets on the if1 interface with an IP address in the if1net IP range. So lets say that "if1net" is 192.168.1.0/24 it means you must be within this network range when you connect to the Firewall from the If1 interface in order to gain access to the WebUI login page.

So if you have the unit in a lab, you can simply connect e.g. a laptop directly to the if1 interface, then give the laptop an IP in that range such as 192.168.1.50, as long as it does not conflict with the firewall's own IP which you can see with the "ifstat" command.

The remote management rules is a set of instructions to the Firewall on which interface and network (and port if you have changed the default one in advanced settings) it should accept incoming packets from.

Best regards
/Peter

Post Reply