JunOS : Restrict the WebUI access to a specific interface VLan and remote IPs

By | March 8, 2015

Here is a quick how to restrict the availability of the WebUI to one or several interface VLan(s) and specify which remote/management IPs should be allowed to access it.

1. Set the web management service to the interface VLan you want it to answer from external requests (this example assume that the l3-interface vlan.10 will be used for WebUI) :

2. Create the firewall filters (optional) if you want to restrict the remote IPs that can access it :

NOTE : You must set the IP/subnet value(s) “prefix-list MGMT-IPv4” with your management IP(s). Add as many as you need, doing one command per IP or subnets.