Hello community
I would like to query some data from a SRX345 via REST API, but can't get it to run and am getting desperate. I tried all possible variations under system services rest (also https).
# show system services rest | display set
set system services rest http port 3080
set system services rest http addresses 10.109.255.1
set system services rest control allowed-sources 10.130.161.197
set system services rest control allowed-sources 10.130.60.89
set system services rest control connection-limit 16
set system services rest enable-explorer
# run show system processes | grep light
2019 ?? S 0:00.47 /usr/sbin/web-api -D -f /var/etc/lighttpd.conf
87985 ?? S 0:00.15 /usr/sbin/lighttpd -D -f /var/etc/lighttpd.conf -m /u
% netstat -an | grep 3080
tcp6 0 0 *.3080 *.* LISTEN
tcp4 0 0 *.3080 *.* LISTEN
This is the only thing that confuses me a bit, because web-api is not enabled, only rest-api.
% cd /var/chroot/rest-api/
% pwd
/web-api
From the machine itself, the API is working... from a directly connected host: timeout.
% curl 10.109.255.1:3080
<!--
- $Id$
-
- Copyright (c) 2014, Juniper Networks, Inc.
- All rights reserved.
-->
<!DOCTYPE html>
<html>
<head>
<title>REST-API explorer</title>
# show security zones security-zone MPLS host-inbound-traffic | display set
set security zones security-zone MPLS host-inbound-traffic system-services all
set security zones security-zone MPLS host-inbound-traffic protocols all
# show security zones security-zone MPLS interfaces | display set
set security zones security-zone MPLS interfaces lo0.0
set security zones security-zone MPLS interfaces ae0.882
# show security policies from-zone MPLS to-zone MPLS | display set
set security policies from-zone MPLS to-zone MPLS policy allow-all match source-address any
set security policies from-zone MPLS to-zone MPLS policy allow-all match destination-address any
set security policies from-zone MPLS to-zone MPLS policy allow-all match application any
set security policies from-zone MPLS to-zone MPLS policy allow-all then permit
# show interfaces lo0 | display set
set interfaces lo0 unit 0 family inet address 10.109.255.1/32 primary
set interfaces lo0 unit 0 family inet address 10.109.255.1/32 preferred
set interfaces lo0 unit 0 family inet address 10.109.248.1/32
# show interfaces ae0 unit 882 | display set
set interfaces ae0 unit 882 vlan-id 882
set interfaces ae0 unit 882 family inet mtu 1500
set interfaces ae0 unit 882 family inet address 10.250.0.49/29
set interfaces ae0 unit 882 family mpls mtu 9000
set interfaces ae0 unit 882 family mpls filter input packet-mode-mpls
I can reach the machine via SSH and J-Web, but not the API....
Policy is permit-all for testing purposes, no filters on the interface.
Used Example: Configuring the REST API | Junos OS | Juniper Networks as guide.
Thank you very much in advance for any tips.
Many greetings from Germany,
Dennis
------------------------------
DENNIS BOEHM
------------------------------