Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

web-management (System Services)

Syntax

Hierarchy Level

Description

CAUTION:

Enabling tracing can adversely impact scale and performance and may increase security risk. We strongly recommend using the trace, tracing, or traceoptions commands only under the guidance of a JTAC support engineer. After collecting the debug information, immediately disable tracing to minimize risk and restore normal system performance.

Configure settings for HTTP or HTTPS access. HTTP access allows management of the device using the browser-based J-Web graphical user interface. HTTPS access allows secure management of the device using the J-Web interface. With HTTPS access, communication between the device’s Web server and your browser is encrypted.

Note:

On SRX340, SRX345, and SRX380 devices, the factory-default configuration has a generic HTTP configuration. To use Gigabit Ethernet (ge) and fxp0 ports as management ports, you must use the set system services web-management http interface command to configure HTTP access for those interfaces. The Web management HTTP and HTTPS interfaces are changed to fxp0.0 and from ge-0/0/1.0 through ge-0/0/7.0.

vSRX Virtual Firewall 3.0 on Hyper-V does not support the web management https configuration.

Options

control max-threads max-threads

Configure the maximum number of simultaneous threads to handle access requests.

  • Range: 0 through 16
https

Configure the secure version of the HTTP service, HTTPS, which is encrypted.
management-url

Configure the URL path for Web management access.
traceoptions

Set the trace options.

  • file—Configure the trace file information.

    • filename—Name of the file to receive the output of the tracing operation. Enclose the name in quotation marks. All files are placed in the directory /var/log. By default, the name of the file is the name of the process being traced.

    • files number— Maximum number of trace files. When a trace file named trace-file reaches its maximum size, it is renamed trace-file.0, then trace-file.1, and so on, until the maximum number of trace files is reached. Then the oldest trace file is overwritten.

      If you specify a maximum number of files, you also must specify a maximum file size with the size maximum file-size option.

      Range: 2 through 1000 files

      Default: 10 files

  • match regular-expression—Refine the output to include lines that contain the regular expression.

  • size maximum-file-size—Maximum size of each trace file, in kilobytes (KB), megabytes (MB), or gigabytes (GB).

    Range: 10 KB through 1 GB

    Default: 128 KB

    If you specify a maximum file size, you also must specify a maximum number of trace files with the files number option.

  • (world-readable | no-world-readable)— By default, log files can be accessed only by the user who configures the tracing operation. The world-readable option enables any user to read the file. To explicitly set the default behavior, use the no-world-readable option.

  • flag flag—Specify which tracing operation to perform. To specify more than one tracing operation, include multiple flag statements. You can include the following flags.

    • all—Trace all areas.

    • configuration—Trace configuration.

    • dynamic-vpn—Trace dynamic VPN events.

    • init—Trace the daemon init process.

    • mgd—Trace MGD requests.

    • webauth—Trace Web authentication requests.

  • level level —Specify the level of debugging output.

    • all—Match all levels.

    • error—Match error conditions.

    • info—Match informational messages.

    • notice—Match conditions that should be handled specially.

    • verbose—Match verbose messages.

    • warning—Match warning messages.

  • no-remote-trace—Disable remote tracing.

The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced before Junos OS Release 7.4.

Support for https introduced for SRX5400, SRX5600, and SRX5800 devices starting from Junos OS Release 12.1X44-D10 and on vSRX Virtual Firewall, SRX300, SRX320, SRX340, SRX345, SRX380, SRX550M, and SRX1500 devices starting from Junos OS Release 15.1X49-D40.

virtual-domain statement is introduced in Junos OS Release 23.1R1

Related Documentation