Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


web-management (System Services)



Hierarchy Level

Release Information

Statement introduced in Junos OS Release 9.0.

Support for https introduced for SRX5400, SRX5600, and SRX5800 devices starting from Junos OS Release 12.1X44-D10 and on vSRX, SRX300, SRX320, SRX340, SRX345, SRX550M, and SRX1500 devices starting from Junos OS Release 15.1X49-D40.


Configure settings for HTTP or HTTPS access. HTTP access allows management of the device using the J-Web interface. HTTPS access allows secure management of the device using the J-Web interface. With HTTPS access, communication is encrypted between your browser and the webserver for your device.


On SRX340 and SRX345 devices, the factory-default configuration has a generic HTTP configuration. To use ge and fxp0 ports as management ports, you must use the set system services web-management http command. The Web management HTTP and HTTPS interfaces are changed to fxp0.0 and from ge-0/0/1.0 through ge-0/0/7.0.


controlDisable the SBC process.
  • max-threads—Maximum simultaneous threads to handle requests.

    Range: 0 through 16

httpConfigure HTTP.
  • interface [value]—Interface value that accepts HTTP access.

  • port number—TCP port for incoming HTTP connections.

    Range: 1 through 65,535

httpsConfigure HTTPS.
  • interface [value]—Interface value that accept HTTP access.

  • port number—TCP port for incoming HTTP connections.

    Range: 1 through 65,535

  • local-certificate—X.509 certificate to use from the configuration.

  • pki-local-certificate—X.509 certificate to use from the PKI local store.

  • system-generated-certificate—X.509 certificate generated automatically by the system.

management url management urlURL path for Web management access.
sessionConfigure the Web-management session.
  • idle-timout minutes—Default timeout of Web-management sessions in minutes.

  • session-limit number—Maximum number of Web-management sessions to allow.

traceoptionsSet the trace options.
  • file—Configure the trace file information.

    • filename—Name of the file to receive the output of the tracing operation. Enclose the name in quotation marks. All files are placed in the directory /var/log. By default, the name of the file is the name of the process being traced.

    • files number— Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1, and so on, until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

      If you specify a maximum number of files, you also must specify a maximum file size with the size maximum file-size option.

      Range: 2 through 1000 files

      Default: 10 files

  • match regular-expression—Refine the output to include lines that contain the regular expression.

  • size maximum-file-size—Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB).

    Range: 10 KB through 1 GB

    Default: 128 KB

    If you specify a maximum file size, you also must specify a maximum number of trace files with the files number option.

  • (world-readable | no-world-readable)— By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

  • flag flag—Specify which tracing operation to perform. To specify more than one tracing operation, include multiple flag statements. You can include the following flags.

    • all—Trace all areas.

    • configuration—Trace configuration.

    • dynamic-vpn—Trace dynamic VPN events.

    • init—Trace the daemon init process.

    • mgd—Trace MGD requests.

    • webauth—Trace Web authentication requests.

  • level level —Specify the level of debugging output.

    • all—Match all levels.

    • error—Match error conditions.

    • info—Match informational messages.

    • notice—Match conditions that should be handled specially.

    • verbose—Match verbose messages.

    • warning—Match warning messages.

  • no-remote-trace—Disable remote tracing.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.