Enabling Remote Users to Access the C-Web Interface
You can make the C-Web interface accessible to remote users through secure HTTP (HTTPS) or HTTP. You can configure access through the C-Web interface or by using the SRC CLI.
Accessing the C-Web Interface Through Secure HTTP
Before you configure access to the C-Web interface through HTTPS, obtain a digital security certificate on the system.
See Chapter 26, Managing Security Digital Certificates.
To make the C-Web interface accessible to remote users through HTTPS:
- Select the Ethernet port from the list.
- To configure a TCP port, type the value in the Port box, and click Apply.
- Type a list of incoming network interfaces in the Interface box.
- To configure a TCP port, type the value in the Port box, and click Apply.
Accessing the C-Web Interface Through HTTP
Although you can configure access to the C-Web interface through HTTP rather than HTTPS, be aware of the following restrictions:
- An HTTP connection is not secure. At login, the password is sent in clear text across the network and could be intercepted.
- If you use the redirect server, you must change the port that the C-Web interface uses from the default port, 80. If the redirect server is enabled, and the C-Web interface is configured to use HTTP on port 80, the redirect server will intercept traffic destined for the C-Web interface.
To make the C-Web interface accessible to remote users through HTTP:
- Select the Ethernet port from the list.
- To configure a TCP port, type the value in the Port box, and click Apply.
- Type a list of incoming network interfaces in the Interface box.
- To configure a TCP port, type the value in the Port box, and click Apply.
Configuration Statements for Accessing the C-Web Interface Through Secure HTTP
Before you configure access to the C-Web interface through HTTPS, obtain a digital security certificate on the system.
See Chapter 26, Managing Security Digital Certificates.
To make the C-Web interface accessible to remote users through HTTPS:
- From configuration mode, access the hierarchy level for Web-management HTTPS.
[edit]user@host#edit system services web-management https
- Specify which TCP port is to receive incoming connection requests for the C-Web interface.
[edit system services web-management https]user@host#set port
port
The default port for HTTPS is 443.
- Specify the interface to be used for Web browser connections to the C-Web interface.
[edit system services web-management https]user@host#set interface
interface
You can specify an interface for SRC installations on Solaris platforms as well as on C-series Controllers. On a C-series Controller, use eth0; you can use eth2 or eth3 if installed.
On C-series Controllers, specifying an interface is important if your C-series Controller has eth2 and eth3 interfaces and you want to restrict C-Web interface access to one or both of these interfaces.
- Specify the name of the certificate on the local system.
[edit system services web-management https]user@host#set local-certificate
local-certificate
- Configure logging for the C-Web interface.
See SRC-PE Monitoring and Troubleshooting Guide, Chapter 3, Configuring Logging for SRC Components with the CLI.
Users who have privileges to log in to the SRC CLI also have privileges to log in to the C-Web interface.
See Chapter 19, Configuring User Access.
Configuration Statements for Accessing the C-Web Interface Through HTTP
Although you can configure access to the C-Web interface through HTTP rather than HTTPS, be aware of the following restrictions:
- An HTTP connection is not secure. At login, the password is sent in clear text across the network and could be intercepted.
- If you use the redirect server, you must change the port that the C-Web interface uses from the default port, 80. If the redirect server is enabled, and the C-Web interface is configured to use HTTP on port 80, the redirect server will intercept traffic destined for the C-Web interface.
To make the C-Web interface accessible to remote users through HTTP:
- From configuration mode, access the hierarchy level for Web-management HTTP.
[edit]user@host#edit system services web-management http
- (Required if you use redirect server) Specify which TCP port is to receive incoming connection requests for the C-Web interface.
[edit system services web-management https]user@host#set port
port
The default port for HTTP is 80. Use another port if you use the redirect server.
- (Optional) Specify the interface to be used for Web browser connections to the C-Web interface.
[edit system services web-management https]user@host#set interface
interface
You can specify an interface for SRC installations on Solaris platforms as well as on C-series Controllers. On the C-series Controller, use eth0; you can use eth2 or eth3 if installed.
On C-series Controllers, specifying an interface is important if your C-series Controller has eth2 and eth3 interfaces and you want to restrict C-Web interface access to one or both of these interfaces.
See SRC-PE Monitoring and Troubleshooting Guide, Chapter 3, Configuring Logging for SRC Components with the CLI.
Users who have privileges to log in to the SRC CLI also have privileges to log in to the C-Web interface.