I have a serious query to get helped out. I am using dynamic vpn on my SRX210 firewall. For this purpose I had to open https service on public interface which allowed web management of the device from public interface.
In Junos 10.2 and later you are supposed to be able to do this, but it doesn't work properly. See the 10.2 release notes for how to configure it. When I tested it on 10.2r2 it still allowed you to login to Jweb on the external interface when you added /login to the url, but no longer showed the Jweb login by default. I haven't tested it on 10.2r3 yet.
In Junos 10.2 and later you are supposed to be able to do this, but it doesn't work properly. See the 10.2 release notes for how to configure it. When I tested it on 10.2r2 it still allowed you to login to Jweb on the external interface when you added /login to the url, but no longer showed the Jweb login by default. I haven't tested it on 10.2r3 yet.
10.2R3 behaves the same way.
keithr wrote:
It's all-or-nothing. When you enable Dynamic VPN, web management is also enabled on the same interface.
This was a serious oversight by the team who implemented this feature.
If you have a UTM license you can create a web filtering rule to block management access.
How exactly is this done assuming that the traffic is HTTPS and unable to be scanned by the web filter? I just tried as a test and it didn't work.
