The First thing you need to make sure of is that DNS is working. This is the first thing which I looked at, because the timeout could have been a DNS problem. Just configure your DNS in the nework overview page. Also put in a hostname of your appliance which can be resolved both internally and externally. Then, on your internal firewall, open up and NAT udp/tcp 53 for DNS. Then on your internal firewall, open up http and https from the juniper physical and virtual interfaces if you have a cluster setup. Make sure you open up http and https for all destinations. Next, from the box, make sure you can lookup hostnames. Goto the Troubleshooting/tools/commands section and run a ping to www.google.com or something. This should do an external lookup with the IP address. Dont worry about if the ping does not get back, so long as it does a DNS lookup with an external address, then this is working. If it does not do a dns lookup, then you have a dns problem, and I suggest why it is not looking up DNS. If it does a DNS lookup, and you just timeout on web pages, then its a firewall rule problem. Remember, the internal interface of the SA to a firewall will be treated like any other clien trying to get internet access to certain sites via a firewall. If you deny everything from the juniper box, to the internal network, apart from certain ip addresses, then your web sites are not going to work. You need to allow http/https - juniper internal interface > any.
... View more