Configuring Secure Web Access | Juniper Networks J4350, J6350

Chapter 8

Configuring Secure Web Access

You can manage a Services Router remotely through the J-Web interface. To communicate with the router, the J-Web interface uses Hypertext Transfer Protocol (HTTP). HTTP allows easy Web access but no encryption. The data that is transmitted between the Web browser and the router by means of HTTP is vulnerable to interception and attack. To enable secure Web access, a router supports Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS). You can enable HTTP or HTTPS access on specific interfaces and ports as needed.

You can use J-Web Quick Configuration, the J-Web configuration editor, or the CLI configuration editor to configure secure Web access.

This chapter contains the following topics. For more information about the J-Web interface, see the J-Web Interface User Guide.

■Secure Web Access Terms on page 153

■Secure Web Access Overview on page 154

■Before You Begin on page 154

■Configuring Secure Web Access on page 155

■Configuring Secure Web Access with a Configuration Editor on page 158

■Verifying Secure Web Access on page 159

Secure Web Access Terms

Before configuring secure Web access, become familiar with the terms defined in Table 64 on page 153.

Table 64: Secure Web Access Terms

Term	Definition
certificate authority (CA)	Third-party organization or company that issues digital certificates used to create
	digital signatures and public-private key pairs. The CA guarantees the identity of the
	individual or device that presents the digital certificate.
Hypertext Transfer	Protocol used to publish and receive information on the Web, such as text and graphics
Protocol (HTTP)	files.

Secure Web Access Terms ■ 153

Image 175

Juniper Networks J4350, J6350 manual Configuring Secure Web Access, Secure Web Access Terms

Contents

Getting Started Guide Software License End User License Agreement IiiPage Abbreviated Table of Contents Page Table of Contents Chapter PIM and VoIP Module Overview Viii Table of Contents 103 Part Installing a Services Router 131 117 171 Part Maintaining Services Router Hardware153 161 209 Xii Table of Contents213 223 Part Series Requirements and Specifications247 Part Xiv Table of Contents Objectives About This GuideObjectives Audience Series Tasks Location of Instruction How to Use This GuideXvi How to Use This Guide Location of J-series Information Text and Syntax Conventions Document Conventions Web GUI Conventions Related Juniper Networks Documentation Getting Started Guide for Your Router Series Guides and Related Junos Software PublicationsRelated Juniper Networks Documentation Chapter in a J-series Guide Series Services Router Administration GuideXx Related Juniper Networks Documentation Requesting Technical Support Documentation FeedbackDocumentation Feedback Xxii Requesting Technical Support Self-Help Online Tools and Resources Series Overview Series OverviewPage J2320 Services Router Overview Overview of Services RoutersJ2320 Services Router Overview J2350 Services Router Overview J2350 Services Router Overview Overview of Services Routers J4350 Services Router OverviewJ4350 Services Router Overview J6350 Services Router Overview J6350 Services Router Overview Series Software Features and Licenses Series Software Features and LicensesSummary of J-series Features and License Requirements Feature Category Series Feature Separate License Management RoutingMulticast IP Address Encapsulation Ethernet Traffic Analysis SecurityVoice Support High Availability Monitoring AdministrationPage J2320 and J2350 Chassis J2320 and J2350 Services Router Hardware FeaturesJ2320 and J2350 Services Router Hardware Features System Overview Front of J2320 Chassis 14 J2320 and J2350 Services Router Hardware Features Rear of J2320 Chassis Front of J2350 Chassis J2320 Hardware Components Rear of J2350 DC-Powered Chassis Description Value J2320 and J2350 Physical Specifications J2320 and J2350 Midplane 18 J2320 and J2350 Services Router Hardware FeaturesJ2320 and J2350 Routing Engine Hardware J2320 and J2350 Front Panel J2320 and J2350 Boot Devices 20 J2320 and J2350 Services Router Hardware Features Power Button and Power LEDPhysical Interface Modules PIMs J2320 and J2350 Status LED J2320 and J2350 Power LEDColor State Description J2320 and J2350 Alarm LED Reset Config Button22 J2320 and J2350 Services Router Hardware Features Gigabit Ethernet Port LEDs Built-In Gigabit Ethernet PortsConsole Port AUX Port J2320 and J2350 External Compact Flashes J2320 Power SystemJ2350 Power System 24 J2320 and J2350 Services Router Hardware Features J2320 and J2350 Cooling System 26 J4350 and J6350 Services Router Hardware Features J4350 and J6350 Services Router Hardware Features J4350 and J6350 Chassis J4350 and J6350 Services Router Hardware Features Front of J4350 and J6350 Chassis Rear of J4350 AC-Powered Chassis Rear of J4350 DC-Powered Chassis 30 J4350 and J6350 Services Router Hardware Features J4350 and J6350 Physical Specifications J4350 and J6350 Midplane J4350 and J6350 Boot DevicesJ4350 and J6350 Routing Engine Hardware J4350 and J6350 Front Panel 32 J4350 and J6350 Services Router Hardware Features Power LED Slot Number Diagram on Front Panel 34 J4350 and J6350 Services Router Hardware Features Alarm LEDStatus LED Reset Config Button 36 J4350 and J6350 Services Router Hardware Features J4350 Power System Power Supply LED J6350 Power SystemState Description J4350 and J6350 Cooling System 38 J4350 and J6350 Services Router Hardware Features Software Overview Software Overview Kernel and Microkernel Routing Engine and Packet Forwarding EngineJunos Software Processes Junos Software Processes User InterfacesProcess Name Description Software Overview PIM and VoIP Module Terms PIM and VoIP Module OverviewPIM and VoIP Module Terms Term Definition PIM and VoIP Module Terms Dialer filter PIM and VoIP Module Overview J2320 and J2350 Field-Replaceable PIM Summary Field-Replaceable PIMsField-Replaceable PIMs J2320 and J2350 Field-Replaceable PIM Summary J4350 and J6350 Field-Replaceable PIM Summary J4350 and J6350 Field-Replaceable PIM and Module Summary Fe-3/0/0 Port, 6-Port, 8-Port, and 16-Port Gigabit Ethernet uPIMs 16-Port Gigabit Ethernet uPIM TX/RX Optical Interface Support for SFP Gigabit Ethernet uPIMs Port Gigabit Ethernet ePIMsParameter 1000Base-SX Transceiver 1000Base-LX Transceiver SFP Gigabit Ethernet ePIM Optical Interface Support for SFP Gigabit Ethernet ePIM Status LEDs for Serial Ports Dual-Port Serial PIMColor State Description Dual-Port T1 PIM Dual-Port T1 or E1 PIM Status LEDs for T1 and E1 Ports Dual-Port Channelized T1/E1/ISDN PRI PIM Label Color State Description LEDs for Channelized T1/E1/ISDN PRI PIMs T3 PIM T3 or E3 PIM Status LEDs for T3 and E3 Ports Dual-Port Fast Ethernet PIM LEDs for Dual-Port Fast Ethernet PIM Port Fast Ethernet ePIM LEDs for 4-Port Fast Ethernet ePIM Port Isdn BRI PIMs LEDs for Isdn BRI S/T and U PIMs Isdn BRI U PIM Adsl PIM Shdsl PIM LEDs for Adsl PIMs LEDs for G.SHDSL PIMs Avaya VoIP ModulesAvaya VoIP Modules J2320 and J2350 Avaya VoIP Module Summary Avaya VoIP Module Summary TIM521 BRI J4350 and J6350 Avaya VoIP Module Summary TGM550 Telephony Gateway Module TGM550 Telephony Gateway Module TGM550 Maximum Media Gateway Capacities Hardware or Feature TGM550 Maximum CapacityAdditional Information ASB LEDs for TGM550 Gateway Module Possible Analog Telephone Line Configurations TIM508 Possible Port ConfigurationsTIM508 Analog Telephony Interface Module LEDs for TIM508 TIM510 E1/T1 Telephony Interface Module LEDs for TIM510 TIM514 Analog Telephony Interface Module TIM516 Analog Telephony Interface Module TIM514 Possible Port ConfigurationsLEDs for TIM514 Possible Analog Telephone Line Line Configurations TIM516 Possible Port ConfigurationsLEDs for TIM516 TIM518 Analog Telephony Interface Module TIM518 Possible Port Configurations LEDs for TIM518 TIM521 BRI Telephony Interface Module LEDs for TIM521 User Interface Overview Services Router User Interface OverviewUser Interface Overview Web Overview Before You Begin CLI OverviewBefore You Begin Starting the J-Web Interface Using the J-Web InterfaceServices Router User Interface Overview Using the J-Web Interface Web Layout Elements of the J-Web Interface Main Pane Elements Top Pane Elements Main Pane Elements Side Pane Elements Side Pane Elements Navigating the J-Web Interface Key J-Web Edit Configuration Buttons Navigating the Quick Configuration PagesNavigating the J-Web Configuration Editor Web Quick Configuration Buttons Getting J-Web Help CoS Help Web Sessions CLI Command Hierarchy Using the Command-Line InterfaceUsing the Command-Line Interface Starting the CLI CLI Operational Mode CLI Configuration Mode Editing Keystrokes CLI Basics CLI Editing Keystrokes Command CompletionTask Category Action Keyboard Sequence Online Help Help Commands Configuring the CLI Environment Configuring the CLI Environment Vt100 Set cli screen-widthSet cli terminal AnsiPage Installing a Services Router Installing a Services RouterPage General Site Guidelines Preparing for Router InstallationGeneral Site Guidelines Rack Size and Strength for J2320 and J2350 Routers Rack RequirementsRack Requirements Rack Size and Strength for J4350 and J6350 Routers Preparing for Router InstallationConnection to Building Structure Router Environmental Tolerances Fire Safety RequirementsRouter Environmental Tolerances Fire Suppression Power Guidelines, Requirements, and Specifications Power Guidelines, Requirements, and SpecificationsFire Suppression Equipment Electromagnetic Compatibility Site Electrical Wiring GuidelinesSignaling Limitations Radio Frequency Interference AC Power, Connection, and Power Cord Specifications Router Power RequirementsSpecification Country Electrical Specifications Plug Standards AC Power Cord Specifications DC Power, Connection, and Power Cable Specifications Planning for Power Management Tokens Junos CLI Low Power High Power Series PIM Power Consumption and Heat DissipationName Model Number Model Low- Power Capacity High- Power Capacity Tokens Maximum Power and Heat Capacities of J-series Models Isdn Provisioning Network Cable SpecificationsSite Preparation Checklist Site Preparation ChecklistPage Installing and Connecting a Services Router Unpacking a J-series Services Router Unpacking a J-series Services Router Installing and Connecting a Services Router Installing J2320 and J2350 RoutersInstalling J2320 and J2350 Routers Installing J4350 and J6350 Routers Installing J4350 and J6350 Routers Installing the Mounting Brackets Attaching Center Screw to the Rack Connecting Interface Cables to Services Routers Connecting Interface Cables to Services RoutersChassis Grounding Connecting AC Power Connecting PowerConnecting Power Connecting AC Power to the J2320 Services Router Connecting AC Power to the J2350 Services Router Connecting DC Power VDC and RTN Connecting DC Power to the J2350 Services Router Powering a Services Router On and Off Powering a Services Router On and OffPage Term Definition Establishing Basic ConnectivityBasic Connectivity Terms Basic Connectivity Terms Router Identification Basic Connectivity OverviewBasic Connectivity Overview Establishing Basic Connectivity Root PasswordNetwork Settings Time Zone and System Time Built-In Ethernet Interface Address Default GatewayBackup Router Loopback Address Management Access Configuration Guide for Common Criteria and JUNOS-FIPS Connecting to the J-Web Interface Connecting to a Services RouterConnecting to a Services Router Connecting to a Services Router COM1 Connecting to the CLI Locally Connecting to the Console Port on J2320 and J2350 Routers Configuring the Modem at the Router End Connecting to the CLI Remotely Connecting the Modem to the Console Port Connecting to the CLI at the User End Configuring Basic Settings with J-Web Quick ConfigurationConfiguring Basic Settings with J-Web Quick Configuration Set Up Quick Configuration Time Set Up Quick Configuration SummaryField Function Your Action Identification Ge-0/0/0 Address Set Up Quick Configuration SummaryField Function Network Sample Settings on a Services Router Configuring Basic Settings with a Configuration Editor Configuring Basic Settings Set name-server Task Web Configuration Editor CLI Configuration EditorSet backup router address Set ntp server Verifying Basic Connectivity Displaying Basic Connectivity Configurations 151 Displaying Basic Connectivity ConfigurationsPage Secure Web Access Terms Configuring Secure Web AccessSecure Web Access Terms Secure Web Access Terms Secure Web Access Overview Secure Web Access Overview Configuring Secure Web Access Configuring Secure Web AccessGenerating SSL Certificates Quick Configuration Secure Access Certificates Secure Access Quick Configuration SummaryHttp Web Access Https Web Access Configuring Secure Web Access with a Configuration Editor Configuring Secure Web Access with a Configuration EditorSecure Access Quick Configuration Summary Configuring a Secure Web Access Displaying an SSL Certificate Configuration Verifying Secure Web Access Displaying a Secure Access Configuration Displaying a Secure Access Configuration Series License Overview Installing and Managing J-series LicensesSeries License Overview License Enforcement License Key Components Software Feature LicensesSeries Services Router Software Feature Licenses Licensed Software Feature License Name Summary of License Management Fields Feature SummaryInstalled Licenses Managing J-series Licenses with the J-Web Interface Downloading Licenses with the J-Web Interface Adding New Licenses with the J-Web InterfaceDeleting Licenses with the J-Web Interface Displaying License Keys with the J-Web Interface Managing J-series Licenses with the CLI Managing J-series Licenses with the CLIAdding New Licenses with the CLI Deleting a License with the CLI Verifying J-series License Management Displaying Installed LicensesSaving License Keys with the CLI Verifying J-series License Management Displaying License Usage Displaying Installed License KeysDisplaying License Usage Displaying Installed License Keys Maintaining Services Router Hardware Maintaining Services Router HardwarePage Tools and Parts Required Replacing Hardware ComponentsTools and Parts Required Tools and Parts Required Replacing the Console Port CableReplacing a PIM Removing a PIM Replacing a PIM Replacing Hardware Components Installing a PIM Installing a PIM Replacing PIM Cables Installing PIM CablesReplacing PIM Cables Removing PIM Cables User@host request chassis fpc slot pim-slotonline To replace the cover on the J2320 and J2350 chassis Matching the Chassis Slots and Tabs Location of J2320 and J2350 Internal Compact Flash Removing the J2320 or J2350 Internal Compact Flash Location of J4350 and J6350 Compact Flash Page Removing the J4350 or J6350 Compact Flash Replacing External Compact Flashes Replacing External Compact Flashes Replace the compact flash slot cover Removing the USB Storage Device Replacing USB Storage DevicesReplacing USB Storage Devices Installing the USB Storage Device Replacing Dram Modules Replacing Dram Modules J4350 and J6350 Dram Location Removing a Dram Module Installing or Replacing Dram Modules Installing a Dram Module Replacing AC Power Supply Cords Replacing Power System ComponentsReplacing Power System Components Removing an AC Power Supply from J6350 Routers Removing an AC Power Supply Installing an AC Power Supply in J6350 Routers Installing an AC Power Supply Replacing DC Power Supply Cables Removing a DC Power Supply Removing a DC Power Supply Installing a DC Power Supply VDC and RTN Installing a DC Power Supply Removing a J2320 or J2350 Crypto Module Removing a J2320 or J2350 Crypto Accelerator Module Installing a J2320 or J2350 Crypto Accelerator Module Installing a J2320 or J2350 Crypto Accelerator Module User@host show chassis hardware Removing a J4350 or J6350 Crypto Accelerator Module Removing a J4350 or J6350 Crypto Module Screw Installing a J4350 or j6350 Crypto Accelerator Module Replacing Air Filters on J2350 Routers Replacing Air Filters on J2350 Routers Replacing Air Filters on J4350 and J6350 Routers Replacing Air Filters on J4350 and J6350 Routers Attaching Air Filter and Filter Cover Page Component Alarm Conditions Corrective Action Alarm Severity Troubleshooting Hardware ComponentsChassis Alarm Conditions Chassis Alarm Conditions and Corrective Actions Troubleshooting Power Management Troubleshooting Power Management User@host show chassis fpc Troubleshooting Hardware Components Contacting the Juniper Networks Technical Assistance Center Contacting the Juniper Networks Technical Assistance Center Locating Component Serial Numbers Contacting Customer Support and Returning HardwareLocating Component Serial Numbers Location of the Serial Number ID Labels J2320 and J2350 Chassis Serial Number and Agency Labels Contacting Customer Support and Returning Hardware J4350 and J6350 Chassis Serial Number and Agency Labels Contacting Customer Support Power Supply Serial Number LabelsReturn Procedure PIM Serial Number Label Tools and Parts Required Packing a Router or Component for ShipmentPacking a Router or Component for Shipment Packing Components for Shipment Packing the Services Router for Shipment Contacting Customer Support and Returning Hardware Page Series Requirements and Specifications Series Requirements and SpecificationsPage Serial PIM Cable Specifications Network Cable Specifications and Connector PinoutsSerial PIM Cable Specifications Port Serial PIM Cables and Connectors RS-232 DTE Cable Pinout LFH-60 Pin DB-25 Pin LFH-60 Pairing DescriptionRS-232 DTE Cable Pinout RS-422/449 EIA-449 DTE Cable Pinout RS-232 DCE Cable PinoutRS-422/449 EIA-449 DTE Cable Pinout RS-232 DCE Cable Pinout Receive Data a RS-422/449 EIA-449 DCE Cable Pinout RS-422/449 EIA-449 DCE Cable Pinout EIA-530A DTE Cable Pinout EIA-530A DTE Cable Pinout EIA-530A DCE Cable Pinout EIA-530A DCE Cable Pinout DTE Cable Pinout LFH-60 Pin 34 Pin LFH-60 Pairing Description35 DTE Cable Pinout 21 DTE Cable Pinout LFH-60 Pin DB-15 Pin LFH-60 Pairing DescriptionDCE Cable Pinout 35 DCE Cable Pinout 21 DCE Cable Pinout Gigabit Ethernet uPIM RJ-45 Connector Pinout Fast Ethernet RJ-45 Connector PinoutGigabit Ethernet uPIM RJ-45 Connector Pinout Fast Ethernet RJ-45 Connector Pinout Gigabit Ethernet ePIM RJ-45 Connector Pinout Gigabit Ethernet ePIM RJ-45 Connector PinoutGigabit Ethernet ePIM RJ-45 Connector Pinouts Pin Signal Name DB-9 Console Connector Pinout RJ-45 Chassis Console Connector PinoutE1 and T1 RJ-48 Cable Pinouts RJ-48 Connector to RJ-48 Connector Crossover Pinout RJ-48 Connector to RJ-48 Connector Straight Pinout236 E1 and T1 RJ-48 Cable Pinouts RJ-48 Connector to DB-15 Connector Crossover Pinout RJ-48 Connector to DB-15 Connector Straight Pinout PinSignal E3 and T3 BNC Connector PinoutAdsl and G.SHDSL RJ-11 Connector Pinout Adsl and G.SHDSL RJ-11 Connector Pinout Isdn RJ-45 Connector Pinout Isdn RJ-45 Connector PinoutConnector Pinouts for Avaya VoIP Modules Isdn RJ-45 Connector Pinout TGM550 RJ-45 Pin Signal Terminal DB-9 Pins TGM550 RJ-11 Connector Pinout for Analog PortsTGM550 RJ-45 Console Connector Pinouts TGM550 RJ-11 Connector Pinout TIM510 RJ-45 Connector Pinout TIM508 Connector PinoutTIM510 RJ-45 Connector Pinout TIM508 Connector Pinout TIM516 Connector Pinout TIM514 Connector PinoutTIM516 Connector Pinout TIM514 RJ-11 Connector Pinout TIM516 Connector Pinout TIM518 Connector Pinout TIM518 Connector Pinout TIM521 RJ-45 Connector Pinout TIM521 Connector PinoutPage Definition of Safety Warning Levels Safety and Regulatory Compliance InformationDefinition of Safety Warning Levels Definition of Safety Warning Levels Safety Guidelines and Warnings Safety Guidelines and WarningsGeneral Safety Guidelines and Warnings Safety and Regulatory Compliance Information Qualified Personnel Warning Place a Component into an Electrostatic Bag Preventing Electrostatic Discharge Damage General Electrical Safety Guidelines Electrical Safety Guidelines and Warnings AC Power Electrical Safety Guidelines DC Power Electrical Safety Guidelines DC Power Disconnection Warning Power Sources for Redundant Power Supplies Safety Guidelines and Warnings DC Power Wiring Sequence Warning DC Power Grounding Requirements and Warning Varten 48 V, +RTN varten +RTN, maajohto maajohtoon DC Power Wiring Terminations Warning Grounded Equipment Warning Case of Electrical Accident Multiple Power Supplies Disconnection Warning Power Disconnection Warning TN Power Warning Telecommunication Line Cord Warning Installation Instructions Warning Installation Safety Guidelines and WarningsChassis Lifting Guidelines Rack-Mounting Requirements and Warnings Safety Guidelines and Warnings Safety and Regulatory Compliance Information Safety Guidelines and Warnings Ramp Warning Laser and LED Safety Guidelines and Warnings Class 1 Laser Product Warning General Laser Safety Guidelines Laser Beam Warning Class 1 LED Product Warning Radiation from Open Port Apertures Warning Maintenance and Operational Safety Guidelines and Warnings Battery Handling Warning Jewelry Removal Warning Lightning Activity Warning Operating Temperature Warning Safety Guidelines and Warnings Product Disposal Warning Agency Approvals Agency Approvals Compliance Statements for EMC Requirements Lithium BatteryCompliance Statements for Environmental Requirements Compliance Statements for Nebs Compliance Statements for EMC Requirements Canada European Community Japan FCC Part 15 Statement United StatesFCC Part 68 Statement Compliance Statements for EMC Requirements Index IndexPage Symbols Alternative boot media See boot devices USB Reset Config See also LEDs Daemons See processes, software Eprom Gigabit Ethernet ports Installation Hardware Installation 119 E3 PIM Link Internal compact flash 178 Adsl Power LED Rescue configuration, resetting with Rescue Config 265 SSH System overview Hardware Software System time See also Junos CLI EMI