outbound-https
Syntax
outbound-https {
client client-id {
address {
port port;
trusted-cert trusted-cert;
}
device-id device-id;
reconnect-strategy (in-order | sticky);
secret password;
waittime seconds;
}
}
Hierarchy Level
[edit system services]
Description
Configure a Junos device that’s behind a firewall to initiate outbound HTTPS connections to
communicate with client management applications on the other side of the firewall.
The outbound-https configuration is consumed by the outbound HTTPS
extension service. You must configure this service at the [edit system
extensions extension-service application file nc_grpc_app.pyc]
hierarchy level in order to initiate the outbound HTTPS connections.
When you configure and start the outbound HTTPS extension service on supported Junos devices, the
extension service uses the outbound-https configuration to connect
to and authenticate each configured client, which corresponds to a gRPC server
running on a network management system. The device and gRPC server establish a
persistent HTTPS connection over a TLS-encrypted gRPC session. The device
authenticates the gRPC server using an X.509 digital certificate, and the gRPC
server uses the device-id and shared-secret values
to authenticate the Junos device. An outbound HTTPS client can establish multiple
NETCONF or shell sessions with the device.
You can configure multiple outbound HTTPS clients, and you can configure one or more backup gRPC servers for each client. The device connects to only one gRPC server in the client’s server list at any one time.
Options
| client client-id | Define a device-initiated outbound HTTPS connection. This value serves to uniquely identify the |
| address | Hostname or IPv4 address of the gRPC server running on the network management system. The hostname or IP address must match the value of the Common Name (CN) field or the SubjectAltName IP Address field, respectively, in that gRPC server's X.509 certificate. You can configure multiple backup gRPC servers, but the device connects to only one server in the list at any given time. You must configure the following connection parameters for each server:
|
| device-id device-id | Identifies the Junos device to the management application. Each time the device establishes an outbound HTTPS connection, it sends its device identifier and shared secret to the management application, and the management application uses the values to authenticate the device. |
| reconnect-strategy (in-order | sticky) | (Optional) Method used to reestablish a disconnected outbound HTTPS connection.
|
| secret password | Shared secret between the Junos device and the management application. Each time the device establishes an outbound HTTPS connection, it sends its device identifier and shared secret to the management application, and the management application uses the values to authenticate the device. |
| waittime seconds | Number of seconds that the device waits before attempting to connect or reconnect to the servers in the list if none of the servers are available. That is, if the device reaches the end of the configured server list and cannot establish a connection, it waits the specified number of seconds before again attempting to connect to each server in the list, starting from the top.
|
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 20.3R1.
Statement introduced in Junos OS Evolved Release 22.4R1.