Configuring the JUNOS Software

The services gateway is shipped with the JUNOS software preinstalled and ready to be configured when the device is powered on. There are three copies of the software: one on a CompactFlash card (if installed) in the Routing Engine, one on the hard disk in the Routing Engine, and one on a USB flash drive that can be inserted into the slot in the Routing Engine faceplate.

When the device boots, it first attempts to start the image on the USB flash drive. If a USB flash drive is not inserted into the Routing Engine or the attempt otherwise fails, the device next tries the CompactFlash card (if installed), and finally the hard disk.

You configure the services gateway by issuing JUNOS command-line interface (CLI) commands, either on a console device attached to the CONSOLE port on the Routing Engine, or over a telnet connection to a network connected to the ETHERNET port on the Routing Engine.

Gather the following information before configuring the device:

• Name the device will use on the network
• Domain name the device will use
• IP address and prefix length information for the Ethernet interface
• IP address of a default router
• IP address of a DNS server
• Password for the root user

This procedure connects the device to the network but does not enable it to forward traffic. For complete information about enabling the device to forward traffic, including examples, see the appropriate JUNOS software configuration guides.

To configure the software:

1. Verify that the device is powered on, as described in Powering On an AC-Powered Services Gateway or Powering On a DC-Powered Services Gateway
2. Log in as the root user. There is no password.
3. Start the CLI.

   root# cli

   root@>

4. Enter configuration mode.

   configure

   [edit]

   root@#

5. Set the root authentication password by entering either a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).

   [edit]

   root@# set system root-authentication plain-text-password

   New password: password

   Retype new password: password

6. Configure an administrator account on the device.

   [edit]

   root@# set system login user admin class super-user authentication plain-text-password

7. Configure the password for the administrator account.

   [edit]

   root@# set system root-authentication plain-text-password

8. Commit the configuration to activate it on the device.

   [edit]

   root@# commit

9. Log in as the administrative user you configured in step 6.
10. Configure the name of the device. If the name includes spaces, enclose the name in quotation marks (“ ”).

    configure

    [edit]

    admin@# set system host-name host-name

11. Configure the IP address and prefix length for the device’s Ethernet interface.

    [edit]

    admin@# set interfaces fxp0 unit 0 family inet address address/prefix-length

12. Configure the traffic interface.

    [edit]

    admin@# set interfaces ge-6/2/0 unit 0 family inet address address/prefix-length

    admin@# set interfaces ge-6/3/5 unit 0 family inet address address/prefix-length

13. Configure the default route.

    [edit]

    admin@# set routing-options static route 0.0.0.0/0 next-hop gateway

14. Configure basic security zones and bind them to traffic interfaces.

    [edit]

    admin@# set security zones security-zone trust interfaces ge-6/3/5

    admin@# set security zones security-zone untrust interfaces ge-6/2/0

15. Configure basic security policies.

    [edit]

    admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any

    root@# set security policies from-zone trust to-zone untrust policy policy-name then permit

16. Check the configuration for validity.

    [edit]

    admin@# commit check

    configuration check succeeds

17. Commit the configuration to activate it on the device.

    [edit]

    admin@# commit

    commit complete

18. Optionally, display the configuration to verify that it is correct.
    
    

    admin@# show

    ## Last changed: 2008-05-07 22:43:25 UTC
    version "9.2I0 [builder]";
    system {
        autoinstallation;
        host-name henbert;
        root-authentication {
            encrypted-password "$1$oTVn2KY3$uQe4xzQCxpR2j7sKuV.Pa0"; ## SECRET-DATA
        }
        login {
            user admin {
                uid 928;
                class super-user;
                authentication {
                    encrypted-password "$1$cdOPmACd$QvreBsJkNR1EF0uurTBkE."; ## SECRET-DATA
                }
            }
        }
        services {
            ssh;
           web-management {
                http {
                    interface ge-0/0/0.0;
                }
            }
        }
        syslog {
            user * {
                any emergency;
            }
            file messages {
                any any;
                authorization info;
            }
            file interactive-commands {
                interactive-commands any;
            }
        }
        license {
            autoupdate {
                url https://ae1.juniper.net/junos/key_retrieval;
            }
        }
    }
    interfaces {
        ge-0/0/0 {
            unit 0;
        }
        ge-6/2/0 {
            unit 0 {
                family inet {
                    address 5.1.1.1/24;
                }
            }
        }
        ge-6/3/5 {
            unit 0 {
                family inet {
                    address 192.1.1.1/24;
                }
            }
        }
        fxp0 {
            unit 0 {
                family inet {
                    address 192.168.10.2/24;
                }
            }
        }
    }
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 5.1.1.2;
        }
    }
    security {
        zones {
            security-zone trust {
                interfaces {
                    ge-6/3/5.0;
                }
            }
            security-zone untrust {
                interfaces {
                    ge-6/2/0.0;
                }
            }
        }
        policies {
            from-zone trust to-zone untrust {
                policy bob {
                    match {
                        source-address any;
                        destination-address any;
                        application any;
                    }
                    then {
                        permit;
                    }
                }
            }
        }
    }

19. Commit the configuration to activate it on the device.

    [edit]

    admin@# commit

20. Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the device.

    [edit]

    admin@host# commit

21. When you have finished configuring the device, exit configuration mode.

    [edit]

    admin@host# exit

    admin@host>