Automation

Expand all | Collapse all

vSRX - REST API

Jump to Best Answer
  • 1.  vSRX - REST API

    Posted 02-18-2018 11:57

    Anyone know why I cannot access the REST API on the vSRX? I tried setting it up on both these versions:

    • 15.1X49-D120.3
    • 17.3R2.10

    Config (system services):

    services {
        ssh;
        netconf {
            ssh;
        }
        rest {
            http;
            traceoptions {
                flag all;
            }
            enable-explorer;
        }
        web-management {
            http;
            https {
                system-generated-certificate;
            }

        }

    }

     

    ssh and web-management work just fine.

     

    Relevant security policies config:

    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }

     

    Relevant security zone config:

    zones {

        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                ge-0/0/0.2;
            }
        }

     

    I restarted the rest-api several times and you can see within the log that it is started.

    wking@vSRX-02> file show /var/chroot/rest-api/var/log/lighttpd 

    ...

    ...

    2018-02-18 01:55:59: (../../../../../../src/dist/lighttpd/src/server.c.1552) server stopped
    2018-02-18 01:59:51: (../../../../../../src/dist/lighttpd/src/log.c.166) server started

    2018-02-18 02:00:02: (../../../../../../src/dist/lighttpd/src/server.c.1552) server stopped
    2018-02-18 02:00:07: (../../../../../../src/dist/lighttpd/src/log.c.166) server started

     

    I can even see the process running.

    wking@vSRX-02> show system processes

    ...

    3415 ?? S 0:00.00 /usr/sbin/web-api -D -f /var/etc/lighttpd.conf
    3448 ?? S 0:00.06 /usr/sbin/lighttpd -D -f /var/etc/lighttpd.conf -m /u

     

    Finally, I can see that the vSRX is listing on TCP port 3000:

    wking@vSRX-02> show system connections | match 3000

    tcp4 0 0 *.3000 *.* LISTEN



  • 2.  RE: vSRX - REST API
    Best Answer

     
    Posted 02-18-2018 19:18

    Please try to configure “any-service” under system-services hierarchy.

    “all” means to enable all pre-defined system services

    “any-service” means to enable entire port range

     

    security-zone trust host-inbound-traffic system-services any-service

     

    Regards,

    Rahul



  • 3.  RE: vSRX - REST API

    Posted 02-18-2018 21:14

    That was it. Thank you very much!!