SRX Management

As mentioned previously I come from a heavy ScreenOS background, anyone who has worked with ScreenOS knows that the WebUI is fantastic and very rarely do you have to jump on to the CLI, unless you need to run debugs etc. That does not mean I don't like the CLI, in fact I believe you should use whatever interface suits the engineer and product.

The SRX WebUI is a lot better since the JUNOS release Q4 2010 however I still find the CLI a lot more intuitive and will give you a better understanding of how JUNOS works.

So far in this blog I have been consoling into the SRX however now we have addressing set-up we can look at enabling SSH and HTTPs.

The default config of an SRX has a system generated certificate so all that you need to do is assign an interface to the web management. For the purpose of this I am using the Trust_Zone interface fe-0/0/1.0

root@host# set system services web-management https interface fe-0/0/1.0

In addition to this you will also need to allow the system services on the security zone, for this example it will be the Trust_Zone

root@host# set security zones security-zone Trust_Zone host-inbound-traffic system-services https
root@host# set security zones security-zone Trust_Zone host-inbound-traffic system-services ssh

Additionally you may want to enable ping to confirm connectivity

root@host# set security zones security-zone Trust_Zone host-inbound-traffic system-services ping