Without SSL encryption, communication between your services gateway and the browser
is sent in the open and can be intercepted. We recommend that you enable HTTPS access
on your WAN interfaces.
On services gateways, HTTP access is enabled by default on the built-in management
interfaces. By default, HTTPS access is supported on any interface with an SSL server
certificate.
You can use the J-Web interface or the CLI to configure secure Web access.
Before you configure secure Web access for the first time, you must completethe following
tasks:
•
Establish basic connectivity.
•
Obtain an SSL certificate from a trusted signing authority.
For more details about configuring secure web access on your services gateway, see the
Initial Configuration for Security Devices.
Related
Documentation
SRX650 Services Gateway Software Configuration Overview on page 97•
• Performing Initial Software Configuration on the SRX650 Services Gateway Using the
Setup Wizard
• Configuring Basic Settings for the SRX650 Services Gateway with the CLI or the J-Web
Interface on page 113
SRX650 Services Gateway Secure CLI Access Overview
Telnet allows you to connect to the SRX650 Services Gateway and access the CLI to
execute commands from a remote system. Telnet connections are not encrypted and
therefore can be intercepted.
NOTE: Telnet access to the root account is prohibited. You must use more
secure methods, such as SSH, to log in as root.
SSH provides the following features:
•
Allows you to connect to the services gateway and to access the CLI to execute
commands from a remote system
•
Unlike Telnet, encrypts traffic so that it cannot be intercepted
•
Can be configured so that connections are authenticated by a digital certificate
•
Uses public–private key technology for both connection and authentication
The SSH client software must be installed on the machine where the client application
runs. If the SSH private key is encrypted (for greater security), the SSH client must be
able to access the passphrase used to decrypt the key.
103Copyright © 2018, Juniper Networks, Inc.
Chapter 19: Performing Initial Configuration
To Next Page
Loading...
Need help?
General
