SRX Services Gateway
SRX Services Gateway

Dynamic VPN and Web Management on Public Interface

10.26.10   |  
‎10-26-2010 02:01 PM

 

Hi there,

 

I have a serious query to get helped out. I am using dynamic vpn on my SRX210 firewall. For this purpose I had to open https service on public interface which allowed web management of the device from public interface.

 

How can I stop web management from internet???

 

Please help me out.

 

Thank

 

Fahad Afzal

3 REPLIES
SRX Services Gateway

Re: Dynamic VPN and Web Management on Public Interface

10.26.10   |  
‎10-26-2010 03:33 PM

It's all-or-nothing.  When you enable Dynamic VPN, web management is also enabled on the same interface.

 

This was a serious oversight by the team who implemented this feature.

 

If you have a UTM license you can create a web filtering rule to block management access.

 

-kr

 

---

If this solves you problem, please mark this post as "Accepted Solution."

Kudos are always appreciated.

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
SRX Services Gateway

Re: Dynamic VPN and Web Management on Public Interface

10.27.10   |  
‎10-27-2010 06:36 AM

In Junos 10.2 and later you are supposed to be able to do this, but it doesn't work properly. See the 10.2 release notes for how to configure it. When I tested it on 10.2r2 it still allowed you to login to Jweb on the external interface when you added /login to the url, but no longer showed the Jweb login by default. I haven't tested it on 10.2r3 yet.

SRX Services Gateway

Re: Dynamic VPN and Web Management on Public Interface

11.05.10   |  
‎11-05-2010 05:00 PM

BenR wrote:

In Junos 10.2 and later you are supposed to be able to do this, but it doesn't work properly. See the 10.2 release notes for how to configure it. When I tested it on 10.2r2 it still allowed you to login to Jweb on the external interface when you added /login to the url, but no longer showed the Jweb login by default. I haven't tested it on 10.2r3 yet.

 


10.2R3 behaves the same way.

 


keithr wrote:

It's all-or-nothing.  When you enable Dynamic VPN, web management is also enabled on the same interface.

 

This was a serious oversight by the team who implemented this feature.

 

If you have a UTM license you can create a web filtering rule to block management access.

 


How exactly is this done assuming that the traffic is HTTPS and unable to be scanned by the web filter?  I just tried as a test and it didn't work.

 

mawr