SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  HTTP/HTTPS Access

    Posted 12-06-2013 08:26

    I've followed the example of enabling http/https access on an interface on this page:  http://kb.juniper.net/InfoCenter/index?page=content&id=KB16647 but http access still doesn't work for the interface.  Any ideas if I'm missing anything?  

     

    Config below:

     

    Interface - 

    ge-0/0/6.0 up up inet 192.168.15.3/24

    Configuration - 

    services {
    ssh;
    telnet;
    xnm-clear-text;
    web-management {
    http {
    interface [ vlan.0 ge-0/0/6.0 ];
    }
    https {
    system-generated-certificate;
    interface [ vlan.0 ge-0/0/6.0 ];
    }

     

    When I try http://192.168.15.3 or https://192.168.15.3 I get 

    Access Error: 401 -- Unauthorized

    Interface is not authorized for HTTP access

     

    Any guidance in the right direction would be appreciated.

     

     

     


    #SRX240H
    #httpaccess
    #httpsaccess


  • 2.  RE: HTTP/HTTPS Access
    Best Answer

    Posted 12-06-2013 09:45

    user@host# show security zones security-zone <zone>| display set 
    set security zones security-zone <zone> host-inbound-traffic system-services all
    set security zones security-zone <zone> host-inbound-traffic protocols all
    set security zones security-zone <zone> interfaces vlan.0

     

    Whatever <zone> you have both interfaces in, verify that https and http is allowed if not allowing all.



  • 3.  RE: HTTP/HTTPS Access

    Posted 12-07-2013 04:15

    The interface I wanted to allow https access from is in the untrust zone and I didn't want to allow https access from every untrust interface (including the internet) - so like you said, I just enabled https access on the specific tunnel interface itself and it worked!

     

    Thanks for your guidance.