I have never encountered an issue connecting to the Admin Console on a newly-installed appliance. As long as you are connecting to the correct interface (1-1 the Internal side) it should respond to Admin Console requests as soon as you have completed the initial configuration wizard process.
I can only suggest that you connect to the physical console (either over a serial connection or with a screen and keyboard connected directly to the appliance) and perform a couple of checks:-
netstat -na | grep 9003
This should confirm that the firewall is listening on the port number used by the admin console. If it isn't have you completed the initial configuration process? Otherwise try a fresh installation.
If you can identify that there is a listener running on this port number try running a TCP Dump:-
tcpdump -npi 1-1 port 9003
..and then attempt to connect using the admin console. If you don't see any traffic in the tcpdump output that would suggest that either:-
- The admin machine isn't connected to the correct interface on the Firewall.
- There is something else (either on the admin machine or on the network between the admin machine and the Firewall) preventing this traffic from arriving.
Hope that helps.
I see what you are trying to do. There was a bit of cofusion on my part because "Admin Console" is the name of the GUI, but I can see that you probably mean the machine itself.
It looks as though you are having problems sending the start-up configuration from the setup utility to the appliance. Personally, I have often encountered this problem and stopped using this method to perform this process. For a long time now, I have simply used a screen and keyboard connected directly to the appliance. Re-boot and a short while after it has finished booting up, a command line version of this process will start automatically. You will be asked the same questions and when the process is complete, the values you entered will be applied to the appliance.
I find it far simpler in the long run.
I already did it as well, using a USB configuration created by the quick start wizard, but same results. It´s imposible to connect to the appliance then, I tried to add the fw through the GUI and click connect and has been imposible until now.
What do you mean? Start the configuration process manually, no usb configuration generated by the management computer?
Thanks in advance.
1 of 1 people found this helpful
If the appliance has a VGA connector and USB port it is a matter of connecting an screen and a keyboard directly to the appliance and switching it on.
After the boot sequence has completed, there's a pause for about 30 seconds and then a message appears saying that you can press enter to start the configuration wizard process.
Forgive me for not being precise, I am typing this from memory.
This console-based process asks you exactly the same questions as the Windows-based quick start wizard - serial number, hostname, IP addresses, name & address, etc... When you get to the end of this process it will display a summary of the answers you have provided and you can re-edit any of them until you are happy that everthing is correct. Then you press the key to apply these settings and that is it!
If your S1104 appliance doesn't have a VGA port (I simply cannot remember if it does or not) you can do the same thing using a serial connection from a PC using something like PuTTY. There is an initial boot menu (F1, F2 or F3 options) and then when the secondary menu appears you enter the option to boot into the serial console (option 4?).
The only problem with this method (though it shouldn't affect this process) is that you cannot issue any F-keys over the serial link. So if you wanted to start again from scratch and you wanted to use the boot option to boot from the "Virtual CD" you still need to have a keyboard connected to one of the USB ports. When prompted you can press the appropriate F-key (F1?) on this keyboard to boot to virtual CD and then complete the rest of the process over the serial link.
As I said previously I have long since stopped using the quick start process and use the manual method instead - possibly because I have been working with this product since a time when it was the only way to apply the initial configuration. Yes, it is manual and old-fashioned, but it always works.
I have just found some images online and it would appear that the S1104 appliance does have a VGA connection on the front in addition to the USB ports, so you can connect a screen and keyboard directly to it.
Thank you for all your tips.
The issue trying to connect to the appliance through the Admin Console (GUI) was due the port used to connect the firewall to LAN was disable in the switch. After a lot of hours fighting with this, now I can access it without problem.
Now we are deploying some policies, and a new fight started!! We use a POP mail server and all the traffic is dropped ... we had a long long weekend trying to solve the connection to the appliance through the GUI and now getting crazy because the mail server is unreacheable ...
It is difficult for me to say conclusively because I am not there, but it does sound as though your issues may have more to do with your core network, or your internet connection than with the Firewall appliance.
In all the years I've worked with this solution I wouldn't expect to encounter any issues with anything as simple as POP mail access.
Assuming the POP mail server you speak of is on the Internet, it should be a simple matter of creating an outbound rule (from internal zone to external zone) for the "Application" called POP3.
If you are saying that your POP mail server is hosted on your LAN and you are having issues allowing external users to access it, the most common mistake when deploying this product for the first time is that the rule to allow this traffic would be external-to-internal. This will only work if you have publically routeable addresses on both sides of the appliance.
When using private subnets on the inside the rule to allow inbound access will actually be external-to-external. The destination enpoint value is the external IP address on the Firewall you want to use for this connection and you then specify the true/intenal IP address of your POP3 server as the "Redirect" value.
Thank you Phil!
Absolutely! We have been discovered a lot of issues in our core network, added with an unexperienced administrator so we are spending many time in this process.
We would like install the logon collector to integrate the authentication process with active directory 2012. Do you know any document to review with the steps to follow? If so, please share it.