SRX

Hi,

 

I am running SRX210H with 10.3.r2, trying to setup loopback.0 interface.

Here are the steps,

 

I added the ip address to loopback0 interace (192.168.2.1/32)

I added the loopback0 interface to trust security zone and inbound service

I added the loopback0 to https web manager interface

 

Now, when I tried to access the web interface via https, 192.168.1.1 or 192.168.2.1, the J-Web won't come up.  But ssh works on both addresses.  Please help,

 

Ernest

 

 

Before getting too deep into this, are you making sure to access J-Web using the custom URL?

 

https://<srx-ip>/my-jweb

 

If you're using that URL, are you getting any error messages or just timeouts?

If you remove all the interface statements under this: management-url my-jweb; https { system-generated-certificate; interface [ vlan.0 ge-0/0/1.0 lo0.0 ]; It should look like this: management-url my-jweb; https { system-generated-certificate;

 

---

@keithr wrote:

Before getting too deep into this, are you making sure to access J-Web using the custom URL?

 

https://<srx-ip>/my-jweb

 

If you're using that URL, are you getting any error messages or just timeouts?

---

 

Yes, I was trying to access it via /my-jweb but it timeout with no responds.   Also, I was trying to setup dynamic vpn as well.

 

E

OK, on my devices (10.2R3.10), J-web works on my loopback interface without having to specify the loopback interface in the system -> services -> web-management -> https context.

 

I set a few options to look more like your config for testing:

 

 

system {
  services {
    web-management {
      traceoptions {
        file jweb-trace;
        flag all;
      }
      management-url my-jweb;
      https {
        system-generated-certificate;
        interface ge-0/0/0.420;
      }
      session {
        session-limit 4;
      }
    }
  }
}

 

I can connect to J-web using the device loopback address.

 

I assume you're trying to connect to J-Web from inside the Trust zone?

 

You could try setting a traceoptions file and see if anything is logged.  You could also set a flow trace to see if the traffic is being dropped for some reason.

 

I see you've got IPv6 configured on this device, are you trying to access J-Web via IPv6?  I'm not sure if having IPv6 turned up would have any effect on your traffic, as I haven't set up any SRX devices with IPv6.

 

 

 

 

---

@keithr wrote:

OK, on my devices (10.2R3.10), J-web works on my loopback interface without having to specify the loopback interface in the system -> services -> web-management -> https context.

 

I set a few options to look more like your config for testing:

 

 

system {
  services {
    web-management {
      traceoptions {
        file jweb-trace;
        flag all;
      }
      management-url my-jweb;
      https {
        system-generated-certificate;
        interface ge-0/0/0.420;
      }
      session {
        session-limit 4;
      }
    }
  }
}

 

I can connect to J-web using the device loopback address.

 

I assume you're trying to connect to J-Web from inside the Trust zone?

 

You could try setting a traceoptions file and see if anything is logged.  You could also set a flow trace to see if the traffic is being dropped for some reason.

 

I see you've got IPv6 configured on this device, are you trying to access J-Web via IPv6?  I'm not sure if having IPv6 turned up would have any effect on your traffic, as I haven't set up any SRX devices with IPv6.

 

 

 

---

 

Thanks keithr!  as soon as I removed the lo0 from the set system services web-management https interface.  I am able to login via https.

 

Thanks,

 

Ernest