Hi there
I guess you want to access the SA box via HTTPS right, here are the CLI commands to to create a VIP to access the Server from the Internet:
(1) set ssl port 5050 (Relocate the SSL port as this service is part of the VIP, you dont need this if you are doing HTTP)
(2) set interface ethernet0/0 vip 172.24.28.168 + 443 "HTTPS" 172.16.50.20
(3) set policy top from "Untrust" to "Trust" "Any" "VIP(ethernet0/0)" "HTTPS" permit
I guess one of the problems you may have had is that the VIP does not get configured for the 443 port if you have not reallocated the managment port (if you are using the interface IP of the FW as part of the VIP configuration.
No (2) essentially gives the interface IP address to the VIP. You should be able to access the server via the interface IP address of the FW on port 443 or any other port you prefer.
Lokks like you may not have added the VIP to the policy?
Hope this helps
Message Edited by WL on 01-14-2009 03:36 PM