SRX

Hi all,

I have problem with accessing to the SRX345 via http, https. The device was zeroized, after that was configured with some basics: network settings, http, generated and added pki certificate. The resulting config you can see in attach.
After that device was accessible via https port 4433, http port 10888, as configured. But several hours later it is not accessible anymore, and according to dump on the interface, it just resets all the TCP syn's from the web-browser:
monitor traffic interface ge-0/0/0 matching "tcp port 4433"
20:15:59.086787  In IP 192.168.1.32.63365 > 192.168.1.3.4433: S 1368298770:1368298770(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086888 Out IP 192.168.1.3.4433 > 192.168.1.32.63365: R 0:0(0) ack 1368298771 win 0
20:15:59.086954  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086991 Out IP 192.168.1.3.4433 > 192.168.1.32.63366: R 0:0(0) ack 436409826 win 0
20:15:59.335401  In IP 192.168.1.32.63367 > 192.168.1.3.4433: S 4084411704:4084411704(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.335501 Out IP 192.168.1.3.4433 > 192.168.1.32.63367: R 0:0(0) ack 4084411705 win 0
20:15:59.589882  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

Same with http

monitor traffic interface ge-0/0/0 matching "tcp port 10888"
20:27:53.935116  In IP 192.168.1.32.63498 > 192.168.1.3.10888: S 2732267258:2732267258(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.935216 Out IP 192.168.1.3.10888 > 192.168.1.32.63498: R 0:0(0) ack 2732267259 win 0
20:27:53.935998  In IP 192.168.1.32.63499 > 192.168.1.3.10888: S 2692278661:2692278661(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.936083 Out IP 192.168.1.3.10888 > 192.168.1.32.63499: R 0:0(0) ack 2692278662 win 0
20:27:54.191464  In IP 192.168.1.32.63500 > 192.168.1.3.10888: S 1076008572:1076008572(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

At the same time it is still accessible via SSH.

Why is it happening?

Hello,

You can try two things. 

1. restart http daemon ie >  restart web-management
2. try with local system generated certificate. 

Regards

Hi all,

I have problem with accessing to the SRX345 via http, https. The device was zeroized, after that was configured with some basics: network settings, http, generated and added pki certificate. The resulting config you can see in attach.
After that device was accessible via https port 4433, http port 10888, as configured. But several hours later it is not accessible anymore, and according to dump on the interface, it just resets all the TCP syn's from the web-browser:
monitor traffic interface ge-0/0/0 matching "tcp port 4433"
20:15:59.086787  In IP 192.168.1.32.63365 > 192.168.1.3.4433: S 1368298770:1368298770(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086888 Out IP 192.168.1.3.4433 > 192.168.1.32.63365: R 0:0(0) ack 1368298771 win 0
20:15:59.086954  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086991 Out IP 192.168.1.3.4433 > 192.168.1.32.63366: R 0:0(0) ack 436409826 win 0
20:15:59.335401  In IP 192.168.1.32.63367 > 192.168.1.3.4433: S 4084411704:4084411704(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.335501 Out IP 192.168.1.3.4433 > 192.168.1.32.63367: R 0:0(0) ack 4084411705 win 0
20:15:59.589882  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

Same with http

monitor traffic interface ge-0/0/0 matching "tcp port 10888"
20:27:53.935116  In IP 192.168.1.32.63498 > 192.168.1.3.10888: S 2732267258:2732267258(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.935216 Out IP 192.168.1.3.10888 > 192.168.1.32.63498: R 0:0(0) ack 2732267259 win 0
20:27:53.935998  In IP 192.168.1.32.63499 > 192.168.1.3.10888: S 2692278661:2692278661(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.936083 Out IP 192.168.1.3.10888 > 192.168.1.32.63499: R 0:0(0) ack 2692278662 win 0
20:27:54.191464  In IP 192.168.1.32.63500 > 192.168.1.3.10888: S 1076008572:1076008572(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

At the same time it is still accessible via SSH.

Why is it happening?

Hi all,

I have problem with accessing to the SRX345 via http, https. The device was zeroized, after that was configured with some basics: network settings, http, generated and added pki certificate. The resulting config you can see in attach.
After that device was accessible via https port 4433, http port 10888, as configured. But several hours later it is not accessible anymore, and according to dump on the interface, it just resets all the TCP syn's from the web-browser:
monitor traffic interface ge-0/0/0 matching "tcp port 4433"
20:15:59.086787  In IP 192.168.1.32.63365 > 192.168.1.3.4433: S 1368298770:1368298770(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086888 Out IP 192.168.1.3.4433 > 192.168.1.32.63365: R 0:0(0) ack 1368298771 win 0
20:15:59.086954  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086991 Out IP 192.168.1.3.4433 > 192.168.1.32.63366: R 0:0(0) ack 436409826 win 0
20:15:59.335401  In IP 192.168.1.32.63367 > 192.168.1.3.4433: S 4084411704:4084411704(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.335501 Out IP 192.168.1.3.4433 > 192.168.1.32.63367: R 0:0(0) ack 4084411705 win 0
20:15:59.589882  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

Same with http

monitor traffic interface ge-0/0/0 matching "tcp port 10888"
20:27:53.935116  In IP 192.168.1.32.63498 > 192.168.1.3.10888: S 2732267258:2732267258(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.935216 Out IP 192.168.1.3.10888 > 192.168.1.32.63498: R 0:0(0) ack 2732267259 win 0
20:27:53.935998  In IP 192.168.1.32.63499 > 192.168.1.3.10888: S 2692278661:2692278661(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.936083 Out IP 192.168.1.3.10888 > 192.168.1.32.63499: R 0:0(0) ack 2692278662 win 0
20:27:54.191464  In IP 192.168.1.32.63500 > 192.168.1.3.10888: S 1076008572:1076008572(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

At the same time it is still accessible via SSH.

Why is it happening?

Update 1

If I deactivate these categories:
secur ipsec 
secur remote-acc
secur tcp-enc
secur ike
and restart web-mgmt - https and http access starts to work.

Why? And how keep VPN configuration with web-mgmt access?

Hi all,

I have problem with accessing to the SRX345 via http, https. The device was zeroized, after that was configured with some basics: network settings, http, generated and added pki certificate. The resulting config you can see in attach.
After that device was accessible via https port 4433, http port 10888, as configured. But several hours later it is not accessible anymore, and according to dump on the interface, it just resets all the TCP syn's from the web-browser:
monitor traffic interface ge-0/0/0 matching "tcp port 4433"
20:15:59.086787  In IP 192.168.1.32.63365 > 192.168.1.3.4433: S 1368298770:1368298770(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086888 Out IP 192.168.1.3.4433 > 192.168.1.32.63365: R 0:0(0) ack 1368298771 win 0
20:15:59.086954  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.086991 Out IP 192.168.1.3.4433 > 192.168.1.32.63366: R 0:0(0) ack 436409826 win 0
20:15:59.335401  In IP 192.168.1.32.63367 > 192.168.1.3.4433: S 4084411704:4084411704(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:15:59.335501 Out IP 192.168.1.3.4433 > 192.168.1.32.63367: R 0:0(0) ack 4084411705 win 0
20:15:59.589882  In IP 192.168.1.32.63366 > 192.168.1.3.4433: S 436409825:436409825(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

Same with http

monitor traffic interface ge-0/0/0 matching "tcp port 10888"
20:27:53.935116  In IP 192.168.1.32.63498 > 192.168.1.3.10888: S 2732267258:2732267258(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.935216 Out IP 192.168.1.3.10888 > 192.168.1.32.63498: R 0:0(0) ack 2732267259 win 0
20:27:53.935998  In IP 192.168.1.32.63499 > 192.168.1.3.10888: S 2692278661:2692278661(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>
20:27:53.936083 Out IP 192.168.1.3.10888 > 192.168.1.32.63499: R 0:0(0) ack 2692278662 win 0
20:27:54.191464  In IP 192.168.1.32.63500 > 192.168.1.3.10888: S 1076008572:1076008572(0) win 64240 <mss 1460,nop,wscale 8,nop,nop,sackOK>

At the same time it is still accessible via SSH.

Why is it happening?