Configuring Management Access

To configure device access options, such as HTTPS and certificates, select Configure>System Properties>Management Access in the J-Web user interface.

This section includes the following instructions:

• Configuring Device Addresses
• Enabling Access Services
• Adding, Editing, and Deleting Certificates on the Device

Configuring Device Addresses

You can use the Management tab to configure IPv4 and loopback addresses on the device.

To configure IPv4 and loopback addresses:

1. In the J-Web user interface, select Configure>System Properties>Management Access.
2. Click Edit. The Edit Management Access dialog box appears.
3. Select the Management tab.
4. If you want to enable a loopback address for the device, enter an address and corresponding subnet mask in the Loopback address section.
5. If you want to enable an IPv4 address for the device, select IPv4 address and enter a corresponding management port, subnet mask, and default gateway.
6. Click OK to save the configuration or Cancel to clear it.

Enabling Access Services

You can use the Services tab to specify the type of connections that users can make to the device. For instance, you can enable secure HTTPS sessions to the device or enable access to the Junos XML protocol XML scripting API.

To enable access services:

1. In the J-Web user interface, select Configure>System Properties>Management Access.
2. Click Edit. The Edit Management Access dialog box appears.
3. Select the Services tab.
4. If you want to enable users to create secure Telnet or secure SSH connections to the device, select Enable Telnet or Enable SSH.
5. If you want to enable access to the Junos XML protocol XML scripting API, select Enable Junos XML protocol over clear text or Enable Junos XML protocol over SSL. If you enable Junos XML protocol over SSL, select the certificate you want to use for encryption from the Junos XML protocol certificate drop-down list.
6. Select Enable HTTP if you want users to connect to device interfaces over an HTTP connection. Then specify the interfaces that should use the HTTP connection:
   • Enable on all interfaces—Select this option if you want to enable HTTP on all device interfaces.
   • Selected interfaces—Use the arrow buttons to populate this list with individual interfaces if you want to enable HTTP on only some of the device interfaces.
7. If you want users to connect to device interfaces over a secure HTTPS connection, select Enable HTTPS. Then select which certificate you want to use to secure the connection from the HTTPS certificates list and specify the interfaces that should use the HTTPS connection:
   • Enable on all interfaces—Select this option if you want to enable HTTPS on all device interfaces.
   • Selected interfaces—Use the arrow buttons to populate this list with individual interfaces if you want to enable HTTPS on only some of the device interfaces.
8. Click OK to save the configuration or Cancel to clear it.

To verify that Web access is enabled correctly, connect to the device using one of the following methods:

• For HTTP access—In your Web browser, type http://URL or http://IP address.
• For HTTPS access—In your Web browser, type https://URL or https://IP address.
• For SSL Junos XML protocol access—A Junos XML protocol client such as Junos Scope is required. For information about how to log in to Junos Scope, see the Junos Scope Software User Guide.

Adding, Editing, and Deleting Certificates on the Device

You can use the Certificates tab to upload SSL certificates to the device, edit existing certificates on the device, or delete certificates from the device. You can use the certificates to secure HTTPS and Junos XML protocol sessions. (For information about how to generate an SSL certificate to upload to the device, see Generating SSL Certificates.)

To add, edit, or delete a certificate:

1. In the J-Web user interface, select Configure>System Properties>Management Access.
2. Click Edit. The Edit Management Access dialog box appears.
3. Select the Certificates tab.
4. Choose one of the following options:
   • If you want to add a new certificate, click Add. The Add Certificate section is expanded.
   • If you want to edit the information for an existing certificate, select it and click Edit. The Edit Certificate section is expanded.
   • If you want to delete an existing certificate, select it and click Delete. (You can skip the remaining steps in this section.)
5. In the Certificate Name box, type a name—for example, new.
6. In the Certificate content box, paste the generated certificate and RSA private key.
7. Click Save.
8. Click OK to save the configuration or Cancel to clear it.