Technical Documentation
Performing Initial Software Configuration on the SRX3600 Services Gateway
This procedure connects the services gateway to the network but does not enable it to forward traffic. For complete information about enabling the services gateway to forward traffic, including examples, see the appropriate Junos OS configuration guides.
To configure the software:
- Verify that the services gateway is powered on.
- Log in as the root user. There is no password.
- Start
the CLI.
root#cliroot# - Enter
configuration mode.
configure[edit]root@# - Set the
root authentication password by entering a cleartext password, an
encrypted password, or an SSH public key string (DSA or RSA).
[edit]root@# set system root-authentication plain-text-passwordNew password: passwordRetype new password: password - Configure an administrator account on the services gateway.
When prompted, enter the password for the administrator account.
[edit]root@# set system login user admin class super-user authentication plain-text-passwordNew password: passwordRetype new password: password - Commit
the configuration to activate it on the services gateway.
[edit]root@# commit - Log in as the administrative user you configured in step 6.
- Configure
the name of the services gateway. If the name includes spaces, enclose
the name in quotation marks (“ ”).
configure[edit]admin@# set system host-name host-name - Configure
the IP address and prefix length for the services gateway’s
Ethernet interface.
[edit]admin@# set interfaces fxp0 unit 0 family inet address address/prefix-length - Configure
the traffic interface.
[edit]admin@# set interfaces ge-0/0/0 unit 0 family inet address address/prefix-lengthadmin@# set interfaces ge-0/0/1 unit 0 family inet address address/prefix-length - Configure
the default route.
[edit]admin@# set routing-options static route 0.0.0.0/0 next-hop gateway - Configure
basic security zones and bind them to traffic interfaces.
[edit]admin@# set security zones security-zone trust interfaces ge-0/0/0admin@# set security zones security-zone untrust interfaces ge-0/0/1 - Configure
basic security policies.
[edit]admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application anyadmin@# set security policies from-zone trust to-zone untrust policy policy-name then permit - Check
the configuration for validity.
[edit]admin@# commit checkconfiguration check succeeds - Commit
the configuration to activate it on the services gateway.
[edit]admin@# commitcommit complete - Optionally, display the configuration to verify that it
is correct.
admin@# show## Last changed: 2008-05-07 22:43:25 UTC version "9.2I0 [builder]"; system { autoinstallation; host-name henbert; root-authentication { encrypted-password "$1$oTVn2KY3$uQe4xzQCxpR2j7sKuV.Pa0"; ## SECRET-DATA } login { user admin { uid 928; class super-user; authentication { encrypted-password "$1$cdOPmACd$QvreBsJkNR1EF0uurTBkE."; ## SECRET-DATA } } } services { ssh; web-management { http { interface ge-0/0/0.0; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { unit 0 { family inet { address 192.1.1.1/24; } } } ge-0/0/1 { unit 0 { family inet { address 5.1.1.1/24; } } } fxp0 { unit 0 { family inet { address 192.168.10.2/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop 5.1.1.2; } } security { zones { security-zone trust { interfaces { ge-0/0/0.0; } } security-zone untrust { interfaces { ge-0/0/1.0; } } } policies { from-zone trust to-zone untrust { policy bob { match { source-address any; destination-address any; application any; } then { permit; } } } } } - Commit the configuration to activate it on the services
gateway.
[edit]admin@# commit - Optionally, configure
additional properties by adding the necessary configuration statements.
Then commit the changes to activate them on the services gateway.
[edit]admin@# commit - When you have finished configuring the services gateway,
exit configuration mode.
[edit]admin@# exitadmin@#
Published: 2011-09-21
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.
