Initially Configuring the SRX5800 Services Gateway

This procedure connects the device to the network but does not enable it to forward traffic. For complete information about enabling the device to forward traffic, including examples, see the appropriate Junos OS configuration guides.

To configure the software:

1. Verify that the device is powered on.
2. Log in as the root user. There is no password.
3. Start the CLI.
   root# cliroot@>
4. Enter configuration mode.
   configure [edit]root@#
5. Set the root authentication password by entering either a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
   [edit]root@# set system root-authentication plain-text-passwordNew password: password Retype new password: password
6. Configure an administrator account on the device. When prompted, enter the password for the administrator account.
   [edit]root@# set system login user admin class super-user authentication plain-text-password New password: password Retype new password: password
7. Commit the configuration to activate it on the device.
   [edit]root@# commit
8. Log in as the administrative user you configured in step 6.
9. Configure the name of the device. If the name includes spaces, enclose the name in quotation marks (“ ”).
   configure [edit]admin@# set system host-name host-name
10. Configure the IP address and prefix length for the device’s Ethernet interface.
    [edit]admin@# set interfaces fxp0 unit 0 family inet address address/prefix-length
11. Configure the traffic interface.
    [edit]admin@# set interfaces ge-6/2/0 unit 0 family inet address address/prefix-lengthadmin@# set interfaces ge-6/3/5 unit 0 family inet address address/prefix-length
12. Configure the default route.
    [edit]admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
13. Configure basic security zones and bind them to traffic interfaces.
    [edit]admin@# set security zones security-zone trust interfaces ge-6/3/5 admin@# set security zones security-zone untrust interfaces ge-6/2/0
14. Configure basic security policies.
    [edit]admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any root@# set security policies from-zone trust to-zone untrust policy policy-name then permit
15. Check the configuration for validity.
    [edit]admin@# commit checkconfiguration check succeeds
16. Commit the configuration to activate it on the device.
    [edit]admin@# commitcommit complete
17. Optionally, display the configuration to verify that it is correct.
    admin@# show

    ## Last changed: 2008-05-07 22:43:25 UTC
    version "9.2I0 [builder]";
    system {
        autoinstallation;
        host-name henbert;
        root-authentication {
            encrypted-password "$1$oTVn2KY3$uQe4xzQCxpR2j7sKuV.Pa0"; ## SECRET-DATA
        }
        login {
            user admin {
                uid 928;
                class super-user;
                authentication {
                    encrypted-password "$1$cdOPmACd$QvreBsJkNR1EF0uurTBkE."; ## SECRET-DATA
                }
            }
        }
        services {
            ssh;
           web-management {
                http {
                    interface ge-0/0/0.0;
                }
            }
        }
        syslog {
            user * {
                any emergency;
            }
            file messages {
                any any;
                authorization info;
            }
            file interactive-commands {
                interactive-commands any;
            }
        }
        license {
            autoupdate {
                url https://ae1.juniper.net/junos/key_retrieval;
            }
        }
    }
    interfaces {
        ge-0/0/0 {
            unit 0;
        }
        ge-6/2/0 {
            unit 0 {
                family inet {
                    address 5.1.1.1/24;
                }
            }
        }
        ge-6/3/5 {
            unit 0 {
                family inet {
                    address 192.1.1.1/24;
                }
            }
        }
        fxp0 {
            unit 0 {
                family inet {
                    address 192.168.10.2/24;
                }
            }
        }
    }
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 5.1.1.2;
        }
    }
    security {
        zones {
            security-zone trust {
                interfaces {
                    ge-6/3/5.0;
                }
            }
            security-zone untrust {
                interfaces {
                    ge-6/2/0.0;
                }
            }
        }
        policies {
            from-zone trust to-zone untrust {
                policy bob {
                    match {
                        source-address any;
                        destination-address any;
                        application any;
                    }
                    then {
                        permit;
                    }
                }
            }
        }
    }

18. Commit the configuration to activate it on the device.
    [edit]admin@# commit
19. Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the device.
    [edit]admin@# commit
20. When you have finished configuring the device, exit configuration mode.
    [edit]admin@# exitadmin@host>