Showing results for 
Search instead for 
Did you mean: 

SA console port security


SA console port security

Is it possible to put password-protect the console port or disable it?

Super Contributor

Re: SA console port security

I'm not sure which OS version this was introduced but the option is on the console port with version 7.1.

Please choose from among the following options:
1. Network Settings and Tools
2. Create admin username and password
3. Display log/status
4. System Operations
5. Toggle password protection for the console (Off)
6. Create a Super Admin session.
7. System Snapshot
8. Reset allowed encryption strength for SSL

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) -
Super Contributor

Re: SA console port security

You wouldn't want to disable the console port even if you could. And, if you set a password, make sure you remember it!

The console is the last-resort way to manage the device. I've certainly had cases where the only control I had over the device was via the console, when the GUI was nonfunctional. I've also had situations where I've absolutely needed to get on the console to recover a device by rolling back from the current version. If you set a console password, and don't know it, you will end up with a very expensive brick. (I assume Juniper has a way to recover a device even in that circumstance, but I wouldn't be surprised if it didn't involve returning the device to them.)

So, if you are installing a device in an unsecured environment and concerned about tampering, set a console password. Also, you might want to check to see if a syslog message is generated when an admin logs on through the console, and trap that syslog message with some sort of syslog postprocessor like Splunk.


Respected Contributor

Re: SA console port security

On the console options, enable the password protection. However, as kenlars said, please be sure to not lose that password as without it you cannot to emergency recovery options