SRX 210 Services Gateway Secure Web Access Overview
SRX 210 Services Gateway Secure Web Access Overview
SRX 210 Services Gateway Secure Web Access Overview
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>SRX</strong> <strong>210</strong> <strong>Services</strong> <strong>Gateway</strong> <strong>Secure</strong> <strong>Web</strong> <strong>Access</strong> <strong>Overview</strong>You can manage an <strong>SRX</strong> <strong>210</strong> services gateway remotely through the J-<strong>Web</strong> interface.To communicate with the services gateway, the J-<strong>Web</strong> interface uses HypertextTransfer Protocol (HTTP). HTTP allows easy <strong>Web</strong> access but no encryption. The datathat is transmitted between the <strong>Web</strong> browser and the services gateway by meansof HTTP is vulnerable to interception and attack. To enable secure <strong>Web</strong> access, aservices gateway supports HTTP over <strong>Secure</strong> Sockets Layer (HTTPS). You can enableHTTP or HTTPS access on specific interfaces and ports as needed.An <strong>SRX</strong> <strong>210</strong> services gateway uses the SSL protocol to provide secure managementof services gateways through the <strong>Web</strong> interface. SSL uses public-private key technologythat requires a paired private key and an authentication certificate for providing theSSL service. SSL encrypts communication between your device and the <strong>Web</strong> browserwith a session key negotiated by the SSL server certificate.An SSL certificate includes identifying information such as a public key and a signaturemade by a certificate authority (CA). When you access the services gateway throughHTTPS, an SSL handshake authenticates the server and the client and begins a securesession. If the information does not match or the certificate has expired, your accessto the services gateway through HTTPS is restricted.Without SSL encryption, communication between your services gateway and thebrowser is sent in the open and can be intercepted. We recommend that you enableHTTPS access on your WAN interfaces.On <strong>SRX</strong> <strong>210</strong> services gateways, HTTP access is enabled by default on the built-inmanagement interfaces. By default, HTTPS access is supported on any interface withan SSL server certificate.You can use J-<strong>Web</strong> Quick Configuration, the J-<strong>Web</strong> configuration editor, or the CLIconfiguration editor to configure secure <strong>Web</strong> access.Before you configure secure <strong>Web</strong> access for the first time, you must complete thefollowing tasks:■■Establish basic connectivity.Obtain an SSL certificate from a trusted signing authority.Related Topics ■ <strong>SRX</strong> <strong>210</strong> <strong>Services</strong> <strong>Gateway</strong> Basic Connectivity <strong>Overview</strong>■■Generating SSL Certificates for the <strong>SRX</strong> <strong>210</strong> <strong>Services</strong> <strong>Gateway</strong>Configuring <strong>Secure</strong> <strong>Access</strong> to the J-<strong>Web</strong> Interface for the <strong>SRX</strong> <strong>210</strong> <strong>Services</strong><strong>Gateway</strong><strong>SRX</strong> <strong>210</strong> <strong>Services</strong> <strong>Gateway</strong> <strong>Secure</strong> <strong>Web</strong> <strong>Access</strong> <strong>Overview</strong> ■ 1
2 ■ <strong>SRX</strong> <strong>210</strong> <strong>Services</strong> <strong>Gateway</strong> <strong>Secure</strong> <strong>Web</strong> <strong>Access</strong> <strong>Overview</strong>
Change language