Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Verifying the Web API Connection from an SRX Series Device

Before you begin, you need the following information:

  • The HTTPS port number (default value is 8443) or HTTP port number (default value is 8080) on the SRX Series device

  • The username and password that the HTTPS or HTTP server on the SRX Series device uses to authenticate incoming connections

To verify that the Web API connection and data communications between an SRX Series device and Juniper Identity Management Service are working properly:

  1. Verify that users are in the Valid state by checking the user authentication tables on the SRX Series device:

    These commands display the entire ClearPass authentication table contents. In this scenario, the ClearPass authentication table’s user entries include authentication and identity information that the SRX Series device obtains from Juniper Identity Management Service.

  2. If there are no entries in the authentication table and the status of the Web API connection on Juniper Identity Management Service is Connect Failed, do the following:
    • Check if traffic is allowed between Juniper Identity Management Service and the SRX Series device on the configured ports (by default, HTTPS port 8443 and HTTP port 8080).

    • Check the configured user credentials.

    • Perform a packet capture on Juniper Identity Management Server.

    • Switch to the HTTP protocol to view cleartext messages.

  3. If the status of the Web API connection on the JIMS server is Connected, enable debugging by using the following commands:

    The SRX Series device creates a new log named api_log under /var/log. Check for an XML post similar to the following:

    This is the HTTPS POST message from Juniper Identity Management Service to the SRX Series device. Following this post is the parsing of XML data by the SRX Series device. Look for any error messages in the data.

  4. When you are done, disable debug logging.