Your Webhosting Questions
Answered by the Webhosting Experts
Tags
...

Disabling the J-Web interface of Juniper Networks Junos OS on SRX Series

The following information will assist in initial mitigation of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

 

Please note that disabling the Web interface will impact functionality of SSL VPNs, if you are running an SSL VPN additional steps may be required to maintain proper functionality of the SRX device. 

 

First, login to the firewall using your current credentials.  In this example I will be using the root account. 

Logging in with a root account will require you to access the CLI, logging in with a user account will take you directly to the CLI. 

CLI

Enter the configuration or edit mode

Configuration mode CLI

Delete the web management services  with the command: delete system services web-management

Command to delete system services web-management

Confirm your changes using the command: show | compare  

 Here you are looking to make sure that all changes are under the edit system services, web-management header. 

verifying changes

Commit your changes and exit configuration mode using:  commit and-quit

commit changes and exit configuration mode

Once the firewall has exited the configuration mode the changes are complete and going to the IP for your J-Web interface in your browser, will now timeout. 

 

With this interface disabled, this will remove the attack vector for certain CVEs, allowing time to plan for additional long term mitigations without incurring unnecessary downtime. 

 

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your my.hivelocity.net account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your my.hivelocity.net account or if you are on the go, please reach out from your valid my.hivelocity.net account email to us here at: support@hivelocity.net. We are also available to you through our phone and live chat system 24/7/365.

Tags +