SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 6
Registered: ‎10-13-2010
0 Kudos
Accepted Solution

how to configure SSH or web management to connected my Srx from outside ?

-hi-

 

 

I have configure my srx240, I cannot remote from outside using SSH or Web management. I can access with SSH,Telnet and web management from inside only.   could any one help me to solve this configuration?  this is my srx configuration. thk for help.  -urgently-

 

 

Contributor
Posts: 50
Registered: ‎10-11-2010
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

Hi

 

 

Regarding your configuration (specially your zones), what do you mean with inside and outside ?

 

 

Super Contributor
Posts: 244
Registered: ‎11-06-2007
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

Which zone are you coming in from?  If you are coming in from the untrust zone, then based on your configuration, you will not be able to manage from untrust.  You don't have host-inbound-traffic system services set for http.  Add http to your host-inbound-traffic system-services for the untrust zone, or whichever zone you are coming in from, then try it again.

Distinguished Expert
Posts: 979
Registered: ‎09-10-2009
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

If by "outside" you mean "untrust", then to echo and add on to what oldtimer said:

 

 

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic http
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic https

 

 

You'll also need to add the ge-0/0/0.0 interface to the system services:

 

 

set system services web-management http interface ge-0/0/0.0
set system services web-management https interface ge-0/0/0.0

 

-kr

 

 

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Visitor
Posts: 6
Registered: ‎10-13-2010
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

-hi-

 

 

the inside and outside which I mean is trusted and untrusted.  Thanks.

Visitor
Posts: 6
Registered: ‎10-13-2010
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

-hi-

 

 

thank you for your helping solution.  Now, I can solving my problem. 

Highlighted
Visitor
Posts: 6
Registered: ‎10-13-2010
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

-hi-

 

 

 

specially thank for keithr, your configuration is helpfull  for me to solving my problem. 

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

Does this command work only on specific versions of JUNOS? I recently received an SRX and am trying to configure the same for allowing remote SSH access. When I use the guide below, I receive a syntax error on ssh.

Super Contributor
Posts: 168
Registered: ‎08-02-2010
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

The commands are just missing the bolded part:


set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services http

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Distinguished Expert
Posts: 979
Registered: ‎09-10-2009
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

Yeah, I'm not sure how that got left out of my snippets since I copied/pasted from a live configuration file.

 

Weird...

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

Hmm...thank you for the response.

I made the changes, no error, and did a commit; it still is not working.

Should there be anything else needed or should that work as-is?

Distinguished Expert
Posts: 979
Registered: ‎09-10-2009
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

zanyterp,

 

If you post your config we can take a look and see what might be missing.

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

How do I get that? Is that described in a doc somewhere (that can't be found/easily locatable...or is it there if you know what you are looking for and since the outline of docs is so different from what i am used to [SA] it is so-easy-it's-hard)?

I really apologize; i know this should be basic stuff, but i can't find any useful documentation to figure stuff out like this (how to get the config or do any type of configuration or explanation of what the options are).

 

I know how to get the config to display on my screen over SSH locally, but not sure how to export it/get it off the device (through JWEB or SSH).

 

Thanks keithr!

Super Contributor
Posts: 168
Registered: ‎08-02-2010
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

[ Edited ]

Think most are just copy pasting off their ssh-client, while you can ftp/scp the config as a whole it just takes more time imo.

The spots to look at for this particular issue would be [edit system services], [edit security zones].


Either way, if you head to [edit] and run save nameforconfig it will create a textfile in the directory of the user you're logged in with. It also takes a path as argument if you'd like to save it for instance to /var/tmp: save /var/tmp/nameforconfig.

 

Here's a great thread for config locations:

http://forums.juniper.net/t5/Junos/What-are-the-config-files-and-where-are-they-located-on-a-JUNOS/t...
 

Also, the sticked SRX Getting Started KB should help

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

cool, thank you.

i will check out those links when i have access to my srx tonight at home......

I may have outsmarted myself.

 

I just tried from work and i can login successfully while i couldn't last night connecting to the same name (at home on the same link). is it possible that there is a rule somewhere that is denying that connection (local -> inet -> ge-0/0/0.0) so testing remote access against the external name & ip is invalid?

Distinguished Expert
Posts: 979
Registered: ‎09-10-2009

Re: how to configure SSH or web management to connected my Srx from outside ?

If you're connecting from inside your LAN, you must connect to the internal IP / (DNS name, if you have one internally) of the SRX.

 

If you try to connect from your LAN to the external SRX IP, the traffic is going to be coming into the device on an interface other than what the SRX is expecting.  Given that this is a security device, it's going to toss out the traffic that it thinks is odd.

 

So, if you want to SSH/HTTPS to your SRX from your LAN, you need to connect to 192.186.1.1, your vlan.0 interface.

 

If you want to SSH/HTTPS to your SRX from the WAN (via the Internat), you need to connect to whatever the IP is of your ge-0/0/0.0 interface which you get via DHCP.  Are you running any kind of dynamic DNS service to map your DHCP address to a public hostname?

 

Does that clear it up?

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

that does clear it up, thank you....sorry for not realizing that until i was typing this morning and tested.

when i tested from work i was wondering if it might be that.

i do have dyndns-based updates being done from a computer on the trust-side of the SRX (doesn't look like I can have the SRX do it).

 

local ssh has worked from the moment i set it up; however, i wanted remote so i could try and make changes externally for testing purposes.

Distinguished Expert
Posts: 979
Registered: ‎09-10-2009
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?


zanyterp wrote:

i do have dyndns-based updates being done from a computer on the trust-side of the SRX (doesn't look like I can have the SRX do it).


Native Junos support is supposedly coming back (it used to be there...) but I haven't seen a real ETA for when to expect that.

 

In the meantime...  depending on how froggy you're feeling... 

 

http://forums.juniper.net/t5/Junos-Automation-Scripting/Script-for-DDNS/td-p/56004

 

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: how to configure SSH or web management to connected my Srx from outside ?

Thank you for the dyndns tip...i'll take a look and decide how brave i'm feeling. Smiley Happy

 

is there a log that would/should show me why the access was dropped when trying to connect as if external but from internal? i would expect there its, but i dont see a place for logs.