Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


SRX650 Services Gateway Secure Web Access Overview


You can manage a services gateway remotely through the J-Web interface. To communicate with the services gateway, the J-Web interface uses Hypertext Transfer Protocol (HTTP). HTTP allows easy Web access but does not include encryption. The data transmitted between the client and the services gateway by means of HTTP is vulnerable to interception and attack. To enable secure Web access, a services gateway supports HTTP over Secure Sockets Layer (HTTPS). You can enable HTTP or HTTPS access on specific interfaces and ports as needed.

The services gateway uses the SSL protocol to provide secure management of services gateways through the J-Web interface. SSL uses public-private key technology, which requires a paired private key and an authentication certificate to provide the SSL service. SSL encrypts communication between your device and the Web browser with a session key negotiated by the SSL server certificate.

An SSL certificate includes identifying information such as a public key and a signature made by a certificate authority (CA). When you access the services gateway through HTTPS, an SSL handshake authenticates the server and the client and begins a secure session. If the information does not match or if the certificate has expired, your access to the services gateway through HTTPS is restricted.

Without SSL encryption, communication between your services gateway and the browser is sent in the open and can be intercepted. We recommend that you enable HTTPS access on your WAN interfaces.

On services gateways, HTTP access is enabled by default on the built-in management interfaces. By default, HTTPS access is supported on any interface with an SSL server certificate.

You can use the J-Web interface or the CLI to configure secure Web access.

Before you configure secure Web access for the first time, you must complete the following tasks:

  • Establish basic connectivity.

  • Obtain an SSL certificate from a trusted signing authority.

For more details about configuring secure web access on your services gateway, see the Initial Configuration for Security Devices.