MP70 IP Passthrough remote management

Greetings. I have a test MP70 and we will have a Juniper SRX firewall directly connected on the inside. We need the SRX to have the WAN IP address and all VPN functionality handled by the SRX, so I’m putting the MP70 in IP Passthrough. No problem with that. Can I still manage my MP70 remotely? In my tests, I have a laptop directly connected (to be replaced by the SRX). I can still reach the ACEmanager via 192.168.13.31 address from the inside, but cannot reach my WAN address, which makes sense since my laptop now owns it. What is the best way to accomplish remote management in IP Passthrough? Is there a knob I possibly haven’t turned, or would I have the SRX configured (not by me) to turn the traffic back around to the MP70?
Edit: I have remote ACEmanager access http/https port 9191/9443 enabled. I have port filtering inbound and outbound and trusted IP inbound and outbound all disabled.
Thanks in advance.

Hi sdencar,

Which firmware version MP70 are you using? If you are not in the latest firmware (4.13.0.017), please download the latest one and retry.

To remote access to MP70 over Cellular, Please make sure that your MP70 has public IP from your mobile service provider. You then can use ping.eu to check that IP is really work.

• Enable DMZ and select “Automatic”
• Set IP Passthrough to “Ethernet” and “First Host” on the selected port
• IP Passthrough Ethernet Port: Port 4, but regardless of the port that is used, the other ports will be disabled
• Once the MP70 has been rebooted, verify that the DMZ is set to Automatic and that the reported “DMZ Host IP in use” is the radio IP address
• Configure your PC to connect to Port 4 and obtain an address from the MP70 via DHCP

If IP Passthrough is enabled, but DMZ is not set to “Auto”, traffic will not be passed to the host PC.

If you want to remote access to MP70 over WAN ethernet, a public IP is also needed. Or you can NAT your local IP to your router.
To config WAN Ethernet, go to ACEManager:
• LAN -> Ethernet -> Port mode =WAN
• WAN -> select priority of cellular/ethernet ( if you use cellular, select First for Cellular…)
• Enable remote access , Services->ACEManager -> Remote access
• Enable DMZ in Security tab, setup Host IP
• Apply all changes and reboot.

Please make sure that VPN tunnel is turned off. You also need to check the settings for firewall, proxy in browser or your PC.
Now you can remote access to your MP70.

Please help to mark “Solution” if your question is answered. So the community could easily find the solution for their problems.

Many thanks. I spoke with an engineer before I saw your helpful post and he stated that the MP70 will recognize traffic bound for whatever port we designate for remote management (9443, etc.) and will redirect that traffic to the device and not our firewall. Thanks for the detailed response. I appreciate it.