SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Unable to access J-web on SRX550

    Posted 10-25-2016 02:07

    I am wanting to manage the Firewall from J-Web but am unable to, i get a 401 error in my browser.

     

    set system services web-management http interface vlan.999
    set system services web-management https system-generated-certificate
    set system services web-management https interface vlan.999

     

    Vlan 999 is our management interface and this firewall is doing the routing for all of the vlans.

     

    set interfaces vlan unit 999 family inet address 172.16.1.2/24 vrrp-group 99 virtual-address 172.16.1.1
    set interfaces vlan unit 999 family inet address 172.16.1.2/24 vrrp-group 99 priority 200
    set interfaces vlan unit 999 family inet address 172.16.1.2/24 vrrp-group 99 preempt
    set interfaces vlan unit 999 family inet address 172.16.1.2/24 vrrp-group 99 accept-data

     

    set vlans MGMT vlan-id 999
    set vlans MGMT l3-interface vlan.999

     

    set security zones security-zone MGMT host-inbound-traffic system-services all
    set security zones security-zone MGMT host-inbound-traffic protocols all
    set security zones security-zone MGMT interfaces vlan.999 host-inbound-traffic system-services https

     

    Any help would be appreciated, im guessin that its maybe because the MGMT address is on the firewall and its creating a loop somehow.

     

    If i have done something wrong then please let me know!



  • 2.  RE: Unable to access J-web on SRX550

    Posted 10-25-2016 16:28

    The only unusual thing I see here is that you have vrrp setup on the interface.  Which address are you connecting to for the Jweb the physical or floating one?

     

    does the address respond to ping from the workstation?

    Does a traceroute succeed?



  • 3.  RE: Unable to access J-web on SRX550

    Posted 10-26-2016 01:41

    Hi Steve,

     

    Thanks for taking the time to reply, i have tried pinging both of the IP's and get the same result on each.

     

    Here is the result of a ping and tracert, both are sucessful.

     

    ping tracert.PNG



  • 4.  RE: Unable to access J-web on SRX550
    Best Answer

    Posted 10-26-2016 09:20

    1- You can try adding management URL:

     

    set system services web-management management-url <path>

     

    Then browse to:

     

    http://x.x.x.x/admin
    or
    https://x.x.x.x/admin
    (Where x.x.x.x is the interface IP address.)

     

    2- You can try to restart httpd daemon by the command:

    restart web-management

     

    3- You can also view the "/var/log/httpd.log"

    start shell

    cat /var/log/httpd.log

    share it with us if possible

    also the var log messages

    show log messgaes

     

    4- You can also try to change the port for https using command

    #set system services web-management https port 8080

     



  • 5.  RE: Unable to access J-web on SRX550

    Posted 10-27-2016 01:23

    Hi, it looks like i have found the problem.

     

    It seems whatever vlan i was on from my client machine needed to be allowed to access the web management.

     

    httpd: 2: Error: "Unauthorized", code 401 for URI "/servererror.php", file "/html/servererror.php": Interface is not authorized for HTTP access.
    httpd: 0: checkInterface failed
    httpd: 2: GET /servererror.php?code=401 HTTP/1.1
    httpd: 0: GET IFNAME WORKED vlan.32
    httpd: 0: GET ALLOWED FAILED vlan.32

    So now it looks like this

     

    http {
    interface vlan.32;

     

    Thankyou very much A'bed



  • 6.  RE: Unable to access J-web on SRX550

    Posted 11-30-2016 05:37

    Had the same issue with a SRX220, this help me out a lot!

     

    thanks