10-13-2010 12:28 AM
I have configure my srx240, I cannot remote from outside using SSH or Web management. I can access with SSH,Telnet and web management from inside only. could any one help me to solve this configuration? this is my srx configuration. thk for help. -urgently-
Solved! Go to Solution.
10-13-2010 07:55 AM
Which zone are you coming in from? If you are coming in from the untrust zone, then based on your configuration, you will not be able to manage from untrust. You don't have host-inbound-traffic system services set for http. Add http to your host-inbound-traffic system-services for the untrust zone, or whichever zone you are coming in from, then try it again.
10-13-2010 10:34 AM
If by "outside" you mean "untrust", then to echo and add on to what oldtimer said:
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic ssh set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic http set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic https
You'll also need to add the ge-0/0/0.0 interface to the system services:
set system services web-management http interface ge-0/0/0.0 set system services web-management https interface ge-0/0/0.0
07-20-2011 08:32 PM
Does this command work only on specific versions of JUNOS? I recently received an SRX and am trying to configure the same for allowing remote SSH access. When I use the guide below, I receive a syntax error on ssh.
07-21-2011 05:58 AM
The commands are just missing the bolded part:
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services http
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https
07-21-2011 02:54 PM
Yeah, I'm not sure how that got left out of my snippets since I copied/pasted from a live configuration file.
07-21-2011 08:30 PM
Hmm...thank you for the response.
I made the changes, no error, and did a commit; it still is not working.
Should there be anything else needed or should that work as-is?
07-21-2011 11:16 PM
If you post your config we can take a look and see what might be missing.
07-22-2011 06:18 AM
How do I get that? Is that described in a doc somewhere (that can't be found/easily locatable...or is it there if you know what you are looking for and since the outline of docs is so different from what i am used to [SA] it is so-easy-it's-hard)?
I really apologize; i know this should be basic stuff, but i can't find any useful documentation to figure stuff out like this (how to get the config or do any type of configuration or explanation of what the options are).
I know how to get the config to display on my screen over SSH locally, but not sure how to export it/get it off the device (through JWEB or SSH).
07-22-2011 06:39 AM - edited 07-22-2011 07:01 AM
Think most are just copy pasting off their ssh-client, while you can ftp/scp the config as a whole it just takes more time imo.
The spots to look at for this particular issue would be [edit system services], [edit security zones].
Either way, if you head to  and run save nameforconfig it will create a textfile in the directory of the user you're logged in with. It also takes a path as argument if you'd like to save it for instance to /var/tmp: save /var/tmp/nameforconfig.
Here's a great thread for config locations:
Also, the sticked SRX Getting Started KB should help
07-22-2011 07:03 AM
cool, thank you.
i will check out those links when i have access to my srx tonight at home......
I may have outsmarted myself.
I just tried from work and i can login successfully while i couldn't last night connecting to the same name (at home on the same link). is it possible that there is a rule somewhere that is denying that connection (local -> inet -> ge-0/0/0.0) so testing remote access against the external name & ip is invalid?