Configuring Access to the C-Web Interface Through Secure HTTP

Before you configure access to the C-Web interface through HTTPS, obtain a digital security certificate on the system.

See Digital Certificates Overview.

To make the C-Web interface accessible to remote users through HTTPS:

1. From configuration mode, access the hierarchy level for Web-management HTTPS.
   [edit]user@host# edit system services web-management https
2. Specify which TCP port is to receive incoming connection requests for the C-Web interface.
   [edit system services web-management https]user@host# set port port

   The default port for HTTPS is 443.

3. Specify the interface to be used for Web browser connections to the C-Web interface.
   [edit system services web-management https]user@host# set interface interface

   On a C Series Controller, use eth0; you can use eth2 or eth3 if installed.

   On C Series Controllers, specifying an interface is important if your C Series Controller has eth2 and eth3 interfaces and you want to restrict C-Web interface access to one or both of these interfaces.

4. Specify the name of the certificate on the local system.
   [edit system services web-management https]user@host# set local-certificate local-certificate
5. Configure logging for the C-Web interface.

   See Logging for SRC Components Overview.

6. (Optional) Configure user accounts to allow specified users to log in to the C-Web interface.

   Users who have privileges to log in to the SRC CLI also have privileges to log in to the C-Web interface.

   Note: Like access to the SRC CLI, we recommend that you not use root access. If you do use root access, it must be through a secure terminal on a C Series Controller.

   See SRC User Accounts Overview.

Configuring Access to the C-Web Interface Through HTTP

Although you can configure access to the C-Web interface through HTTP rather than HTTPS, be aware of the following restrictions:

• An HTTP connection is not secure. At login, the password is sent in clear text across the network and could be intercepted.
• If you use the redirect server, you must change the port that the C-Web interface uses from the default port, 80. If the redirect server is enabled, and the C-Web interface is configured to use HTTP on port 80, the redirect server will intercept traffic destined for the C-Web interface.

To make the C-Web interface accessible to remote users through HTTP:

1. From configuration mode, access the hierarchy level for Web-management HTTP.
   [edit]user@host# edit system services web-management http
2. (Required if you use redirect server) Specify which TCP port is to receive incoming connection requests for the C-Web interface.
   [edit system services web-management https]user@host# set port port

   The default port for HTTP is 80. Use another port if you use the redirect server.

3. (Optional) Specify the interface to be used for Web browser connections to the C-Web interface.
   [edit system services web-management https]user@host# set interface interface

   On the C Series Controller, use eth0; you can use eth2 or eth3 if installed.

   On C Series Controllers, specifying an interface is important if your C Series Controller has eth2 and eth3 interfaces and you want to restrict C-Web interface access to one or both of these interfaces.

4. Configure logging for the C-Web interface.

   See Configuring an SRC Component to Store Log Messages in a File (SRC CLI) or Configuring System Logging (SRC CLI).

5. (Optional) Configure user accounts to allow specified users to log in to the C-Web interface.

   Users who have privileges to log in to the SRC CLI also have privileges to log in to the C-Web interface.

   Note: Like access to the SRC CLI, we recommend that you not use root access. If you do use root access, it must be through a secure terminal on a C Series Controller.