SRX Services Gateway
Reply
Trusted Contributor
mawr
Posts: 236
Registered: ‎06-11-2010
0

Dissapointed with Dynamic VPN & J-Web updates

[ Edited ]

Greetings,

 

Today I experimented with the management-url changes in 10.2 and 10.3 and I'm frusterated with the results.  My expectation from the notes was that these changes would allow me to run J-Web and Dynamic VPN on separate URLs and/or disabled J-Web completely.  I discovered that even if the https interface is set to lo0 that the web management can still be access by https://wan.ipa.ddr.ess/login and, even worse, that simply clicking the About link on the Dynamic VPN login page can lead you to the /login web management page (IE8 issues security warning about self signed certificate, click Continue, session is invalidated and user is prompted to login again, web management login page is displayed).

 

What is the point of allowing URL separation and "disabling" of web management if it can still be accessed with non-advertised URLs and links off of the main Dynamic VPN page?

 

In my opinion allowing a management interface to face the internet is a dangerous thing which is unfortunate considering that it's a requirement for Dynamic VPN to function properly.  It's  also unfortunate that Juniper appears to be "hacking" something to a half way point without providing a real solution.

 

What is a real solution to me?  Either give us the ability to disable J-Web and/or Dynamic VPN *completely* and/or allow separation of these services to separate ports.

 

Otherwise I'm quite happy with the product and I'm looking forward to what is in store.

 

My 2c.

 

mawr

Visitor
brads
Posts: 3
Registered: ‎12-23-2009
0

Re: Dissapointed with Dynamic VPN & J-Web updates

Do you have system services web-management configured? If you dont need JWeb, they that needs to be disabled or deleted.

 

Thanks

Trusted Contributor
mawr
Posts: 236
Registered: ‎06-11-2010
0

Re: Dissapointed with Dynamic VPN & J-Web updates


brads wrote:

Do you have system services web-management configured? If you dont need JWeb, they that needs to be disabled or deleted.

 

Thanks


It appears as though web-management being enabled is a requirement for Dynamic VPN to work properly.  I just deactivated it as a test and was then unable to access the dynamic-vpn page.

 

mawr

Trusted Contributor
SapphireNET
Posts: 154
Registered: ‎03-27-2008
0

Re: Dissapointed with Dynamic VPN & J-Web updates

competely agree with you, I have been compaining about this as well.

 

 

JNCIS-M, JNCIS-SEC
Contributor
Prathi
Posts: 27
Registered: ‎07-15-2010
0

Re: Dissapointed with Dynamic VPN & J-Web updates

Greeting,

 

Can you share your configuration?

 

_Pra

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.