SRX Services Gateway
SRX Services Gateway

how to configure SSH or web management to connected my Srx from outside ?

10.13.10   |  
‎10-13-2010 12:28 AM

-hi-

 

 

I have configure my srx240, I cannot remote from outside using SSH or Web management. I can access with SSH,Telnet and web management from inside only.   could any one help me to solve this configuration?  this is my srx configuration. thk for help.  -urgently-

 

 

Attachments

18 REPLIES
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

10.13.10   |  
‎10-13-2010 03:55 AM

Hi

 

 

Regarding your configuration (specially your zones), what do you mean with inside and outside ?

 

 

SRX Services Gateway
Solution
Accepted by topic author suwandy
‎08-26-2015 01:27 AM

Re: how to configure SSH or web management to connected my Srx from outside ?

10.13.10   |  
‎10-13-2010 07:55 AM

Which zone are you coming in from?  If you are coming in from the untrust zone, then based on your configuration, you will not be able to manage from untrust.  You don't have host-inbound-traffic system services set for http.  Add http to your host-inbound-traffic system-services for the untrust zone, or whichever zone you are coming in from, then try it again.

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

10.13.10   |  
‎10-13-2010 10:34 AM

If by "outside" you mean "untrust", then to echo and add on to what oldtimer said:

 

 

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic ssh
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic http
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic https

 

 

You'll also need to add the ge-0/0/0.0 interface to the system services:

 

 

set system services web-management http interface ge-0/0/0.0
set system services web-management https interface ge-0/0/0.0

 

-kr

 

 

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

10.13.10   |  
‎10-13-2010 08:10 PM

-hi-

 

 

the inside and outside which I mean is trusted and untrusted.  Thanks.

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

10.13.10   |  
‎10-13-2010 08:12 PM

-hi-

 

 

thank you for your helping solution.  Now, I can solving my problem. 

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

10.13.10   |  
‎10-13-2010 08:14 PM

-hi-

 

 

 

specially thank for keithr, your configuration is helpfull  for me to solving my problem. 

Highlighted
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.20.11   |  
‎07-20-2011 08:32 PM

Does this command work only on specific versions of JUNOS? I recently received an SRX and am trying to configure the same for allowing remote SSH access. When I use the guide below, I receive a syntax error on ssh.

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.21.11   |  
‎07-21-2011 05:58 AM

The commands are just missing the bolded part:


set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services http

set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services https

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.21.11   |  
‎07-21-2011 02:54 PM

Yeah, I'm not sure how that got left out of my snippets since I copied/pasted from a live configuration file.

 

Weird...

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.21.11   |  
‎07-21-2011 08:30 PM

Hmm...thank you for the response.

I made the changes, no error, and did a commit; it still is not working.

Should there be anything else needed or should that work as-is?

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.21.11   |  
‎07-21-2011 11:16 PM

zanyterp,

 

If you post your config we can take a look and see what might be missing.

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.22.11   |  
‎07-22-2011 06:18 AM

How do I get that? Is that described in a doc somewhere (that can't be found/easily locatable...or is it there if you know what you are looking for and since the outline of docs is so different from what i am used to [SA] it is so-easy-it's-hard)?

I really apologize; i know this should be basic stuff, but i can't find any useful documentation to figure stuff out like this (how to get the config or do any type of configuration or explanation of what the options are).

 

I know how to get the config to display on my screen over SSH locally, but not sure how to export it/get it off the device (through JWEB or SSH).

 

Thanks keithr!

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

[ Edited ]
07.22.11   |  
‎07-22-2011 06:39 AM

Think most are just copy pasting off their ssh-client, while you can ftp/scp the config as a whole it just takes more time imo.

The spots to look at for this particular issue would be [edit system services], [edit security zones].


Either way, if you head to [edit] and run save nameforconfig it will create a textfile in the directory of the user you're logged in with. It also takes a path as argument if you'd like to save it for instance to /var/tmp: save /var/tmp/nameforconfig.

 

Here's a great thread for config locations:

http://forums.juniper.net/t5/Junos/What-are-the-config-files-and-where-are-they-located-on-a-JUNOS/t...
 

Also, the sticked SRX Getting Started KB should help

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.22.11   |  
‎07-22-2011 07:03 AM

cool, thank you.

i will check out those links when i have access to my srx tonight at home......

I may have outsmarted myself.

 

I just tried from work and i can login successfully while i couldn't last night connecting to the same name (at home on the same link). is it possible that there is a rule somewhere that is denying that connection (local -> inet -> ge-0/0/0.0) so testing remote access against the external name & ip is invalid?

Attachments

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.22.11   |  
‎07-22-2011 12:57 PM

If you're connecting from inside your LAN, you must connect to the internal IP / (DNS name, if you have one internally) of the SRX.

 

If you try to connect from your LAN to the external SRX IP, the traffic is going to be coming into the device on an interface other than what the SRX is expecting.  Given that this is a security device, it's going to toss out the traffic that it thinks is odd.

 

So, if you want to SSH/HTTPS to your SRX from your LAN, you need to connect to 192.186.1.1, your vlan.0 interface.

 

If you want to SSH/HTTPS to your SRX from the WAN (via the Internat), you need to connect to whatever the IP is of your ge-0/0/0.0 interface which you get via DHCP.  Are you running any kind of dynamic DNS service to map your DHCP address to a public hostname?

 

Does that clear it up?

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.22.11   |  
‎07-22-2011 01:02 PM

that does clear it up, thank you....sorry for not realizing that until i was typing this morning and tested.

when i tested from work i was wondering if it might be that.

i do have dyndns-based updates being done from a computer on the trust-side of the SRX (doesn't look like I can have the SRX do it).

 

local ssh has worked from the moment i set it up; however, i wanted remote so i could try and make changes externally for testing purposes.

SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.22.11   |  
‎07-22-2011 03:06 PM

zanyterp wrote:

i do have dyndns-based updates being done from a computer on the trust-side of the SRX (doesn't look like I can have the SRX do it).


Native Junos support is supposedly coming back (it used to be there...) but I haven't seen a real ETA for when to expect that.

 

In the meantime...  depending on how froggy you're feeling... 

 

http://forums.juniper.net/t5/Junos-Automation-Scripting/Script-for-DDNS/td-p/56004

 

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
SRX Services Gateway

Re: how to configure SSH or web management to connected my Srx from outside ?

07.22.11   |  
‎07-22-2011 09:37 PM

Thank you for the dyndns tip...i'll take a look and decide how brave i'm feeling. Smiley Happy

 

is there a log that would/should show me why the access was dropped when trying to connect as if external but from internal? i would expect there its, but i dont see a place for logs.