Modifying the Basic Configuration for Security Devices

You can use the Basic Setup section on the Modify Configuration page to modify the basic configuration for a device. You can modify settings related to hostname and device name, system time, basic protocols, users, DNS, and SNMP.

Note Refer to the Junos OS documentation at https://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/ for a particular release and device. There you can find detailed information on the configuration parameters for that device.

Procedure

To modify the basic configuration:

  1. Select Devices > Security Devices.

    The Security Devices page appears.

  2. Select the devices to modify configuration.
  3. From the More or right-click menu, select Configuration > Modify Configuration.

    The Modify Configuration page appears with the Basic Setup section selected by default.

  4. Modify the configuration according to the guidelines provided in Table 87.
  5. After modifying the configuration, you can cancel the changes, save the changes, preview the changes, or save the changes and deploy the configuration on the device. See Modifying the Configuration of Security Devices.

Table 87: Basic Setup

 

Setting

Guideline

Hostname

Modify the hostname of the device.

Domain Name

Modify the domain name in which the device is located.

Root Password

Enter an alphanumeric password. It must be from 6 up to 128 characters long. It can include uppercase letters, lowercase letters, numbers, punctuation marks, and other special characters.

Confirm Password

Re-enter the password for the root user.

DNS Server

Configure a Domain Name System (DNS) for a device. Specify a server that the device can use to resolve hostnames into addresses.

To add a DNS Server:

Procedure

  1. Click + icon.

    The Add DNS Server page is displayed.

  2. Enter the IPv4 or IPv6 address of the DNS Server.
  3. Click OK.

    If the fields entered are valid, a DNS server is created and a confirmation message is displayed at the top of the Modify Configuration page.

You can also edit or delete the DNS Server.

Domain Search

Specifies the DNS domain name.

To include the domain name of the device in a DNS search:

Procedure

  1. Click + icon.

    The Add Domain Name page is displayed.

  2. Enter the domain name.

    Enter a string with an alphanumeric character. You can include underscores, hyphen, slash, and dot. Spaces are not allowed.

  3. Click OK.

You can also edit or delete the existing DNS names.

System Time Setting

Time Zone

Select the local time zone in which the device is located.

Time Source

Specifies the method the device uses to set the system time. Sync with NTP Server synchronizes the system time with the NTP server that you select.

NTP Server

Existing NTP servers are displayed in a table with the server name, authentication key, NTP server version, and whether the server is preferred (True) or not (False). You can perform the following actions:

  • Add an NTP Server:

    1. Click + to add an NTP server.

      The Add NTP Server page is displayed.

    2. Complete the configuration according to the guidelines provided in Table 88.

    3. Click OK.

      If the fields entered are valid, an NTP server is created and a confirmation message is displayed at the top of the Modify Configuration page.

  • Modify NTP server settings—Select an NTP server and click the pencil icon to modify the settings.

    The Edit NTP Server page appears, showing the same fields that are presented when you create an NTP server. You can modify some of the fields on this page. See Table 88 for an explanation of the fields.

  • Delete NTP servers—Select one or more NTP servers and click the X icon to delete the NTP servers.

    The Warning page appears. Click Yes to confirm the deletion. The selected NTP servers are deleted.

Management Access Configuration

Web API

Select the checkbox to enable Web API configuration.

Client

Select the checkbox to enable web API client.

Host Name

Provides the address of permitted HTTP or HTTPS request originators.

Procedure

To add a hostname:

  1. Click + icon.

    The Add WebAPI Hostname page is displayed.

  2. Enter the IPv4 address of the request originator.
  3. Click OK.

To edit the hostname, select the hostname and click the pencil icon. Click the delete icon to delete the hostname.

HTTP

Select the checkbox to enable unencrypted HTTP connection settings.

HTTP Port

Select a HTTP port. Provides TCP ports for incoming HTTP connections. The range is from 1 through 65535.

HTTPS

Select the checkbox to enable encrypted HTTPS connection settings.

HTTPS Port

Select a HTTPs port. Provides TCP ports for incoming HTTPS connections. The range is from 1 through 65535.

Certificate Type

Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs for Web API.

Select an option:

  • Default—Specifies the default certificate to be used.

  • PKI Certificate—Specifies the name of the certificate that is generated by public key infrastructure (PKI).

    PKI Certificate—Select the PKI certificate for HTTPS of Web API.

  • Local Certificate—Specifies the name of the local certificate.

    • Upload Certificate—Browse and upload the certificate.

    • Certificate Path—Displays the file path of the uploaded certificate.

    • Certificate Key—Browse and upload the certificate key.

    • Certificate Key Path—Displays the file path of the uploaded certificate key.

User

Select the checkbox to provide the user credential details.

Name

Enter the username.

Password

Enter the password.

REST API

Select the checkbox to enable REST API. Allows RPC execution over HTTP(S) connection.

Explorer

Select the checkbox to enable REST API explorer.

Control

Select the checkbox to specify the allowed source IP addresses and maximum number of simultaneous connections for the REST API process.

Allowed Sources

Specifies the source IP address for the REST API process.

Procedure

To add the source IP address for the REST API process:

  1. Click + icon.

    The Add Allowed Source page is displayed.

  2. Enter the IPv4 address of the source.
  3. Click OK.

Connection Limit

Select the maximum number of simultaneous connections for the REST API process.

HTTP

Select the checkbox to enable unencrypted HTTP connections for REST API.

Address

Provides addresses for the incoming connections for HTTP of REST API.

Procedure

To add the address:

  1. Click + icon.

    The Add Address page is displayed.

  2. Enter the IPv4 address.
  3. Click OK.

HTTP Port

Select the HTTP port. Provides port to accept HTTP connections for REST API. The range is from 1024 through 65535.

HTTPS

Select the checkbox to enable encrypted HTTPS connections for REST API.

Address

Provides addresses for the incoming connections for HTTPS of REST API.

Procedure

To add the address:

  1. Click + icon.

    The Add Address page is displayed.

  2. Enter the IPv4 address.
  3. Click OK.

HTTPS Port

Select the port to accept the HTTPS connection of REST API. The range is 1024 through 65535.

Cipher List

Select the Cipher suites in order of your preference and click the right arrow to add.

Provides the Cipher suites for HTTPS of REST API.

Server Certificate

Select the server certificate for HTTPS of REST API.

Certificate

Specifies the certificate name to secure HTTPS connections.

To add a local certificate:

Procedure

  1. Click the + icon.

    The Add Local Certificate page is displayed.

  2. Enter the name and certificate content.
  3. Click OK.

Select the certificate and click pencil icon to edit the certificate. Click the delete icon to delete the certificate.

System Services

FTP File Transfers

Select the checkbox to allow FTP file transfers to and from the device.

SSH Access

Select the checkbox to allow SSH access to the device.

Telnet Login

Select the checkbox to allow telnet access to the device.

NetConf Session

Select the checkbox to enable network configuration protocol connections.

RFC Complaint

Select the checkbox to enable the network configuration protocol sessions compliant to RFC 4741.

NetConf -> SSH

Select the checkbox to enable network configuration protocol connections over SSH connections.

HTTP Services

Select the checkbox to enable unencrypted HTTP connection settings.

HTTP Port

Select the TCP port for incoming HTTPS connections. The range is 1 through 65535.

Interface

Select interfaces that acccept http access.

HTTPS Services

Select the checkbox to enable encrypted HTTPS connection settings.

Interface

Select interfaces that acccept https access.

HTTPS Certificate

Select the certificate that you want to use to secure the connection from the HTTPS certificates list.

This is applicable only if you allow HTTPS Services.

  • local-certificate—Specifies the name of the local certificate to use.

  • pki-local-certificate—Specifies the name of the certificate that is generated by public key infrastructure (PKI).

  • system-generated-certificate—Specifies the automatically generated self-signed certificate for enabling HTTPS services.

HTTPS Port

Select the TCP port for incoming HTTPS connections. The range is from 1 through 65535.

This is applicable only if you allow HTTPS Services.

SNMP

Location

Enter the location information where the device is physically located such as a lab name or a rack name.

Contact Information

Enter the contact information such as name and phone number of an administrator of the system.

System Description

Enter the description for the system.

Local Engine ID

Enter the MAC address of Ethernet management port 0. The local engine ID is unique identifier of an SNMPv3 engine for system identification. The local engine ID contains a prefix and a suffix. The prefix is formatted according to specifications defined in RFC 3411. The suffix is defined by the local engine ID. The local engine ID suffix is the MAC address of Ethernet management port 0.

Community

Existing SNMP communities are displayed in a table with the name and authorization for each community. You can perform the following actions:

  • Add an SNMP community:

    1. Click + to add an SNMP community on the device.

      The Add SNMP Community page appears.

    2. Specify the following fields:

      • Name—Specify the name of the SNMP community string.

      • Authorization—Select the authorization for the SNMP community. If you select read-only, the user can read the information from the device by using the SNMP GET command. If you select read-write, in addition to reading the information, the user can also modify the configuration on the device using the SNMP SET command.

    3. Click OK.

      If the fields entered are valid, an SNMP community is created and a confirmation message is displayed at the top of the Modify Configuration page.

  • Modify an SNMP community—Select an SNMP community and click the pencil icon to modify the settings.

    The Edit SNMP Community page appears, showing the same fields that are presented when you create an SNMP community. You can modify some of the fields on this page. See the preceding bullet for an explanation of the fields.

  • Delete SNMP community entries—Select one or more SNMP community entries and click the X icon to delete the communities.

    The Warning page appears. Click Yes to confirm the deletion. The selected SNMP communities are deleted.

Trap Group

Existing SNMP trap groups are displayed in a table with the name and category for each trap group. You can perform the following actions:

  • Add an SNMP trap group

    1. Click + to add an SNMP trap group on the device.

      The Add SNMP Trap Group page appears.

    2. In the Name field, specify the name of the SNMP trap group.

    3. Select the SNMP trap types or categories to be associated with the trap group.

    4. Click OK.

      If the fields entered are valid, an SNMP trap group is created and a confirmation message is displayed at the top of the Modify Configuration page.

  • Modify an SNMP trap group—Select an SNMP trap group and click the pencil icon to modify the settings.

    The Edit SNMP Trap Group page appears, showing the same fields that are presented when you create an SNMP trap group. You can modify some of the fields on this page. See the preceding bullet for an explanation of the fields.

  • Delete SNMP trap groups—Select one or more trap groups and click the X icon to delete the trap groups.

    The Warning page appears. Click Yes to confirm the deletion. The selected SNMP trap group are deleted.

Health Monitoring

Select the checkbox to enable the SNMP health monitor on the device. The health monitor periodically checks the following key indicators of device health:

  • Percentage of file storage used

  • Percentage of Routing Engine CPU used

  • Percentage of Routing Engine memory used

  • Percentage of memory used for each system process

  • Percentage of CPU used by the forwarding process

  • Percentage of memory used for temporary storage by the forwarding process

Interval

Select an interval to specify the sampling frequency interval, in seconds, over which the key health indicators are sampled and compared with the rising and falling thresholds. For example, if you configure the interval as 100 seconds, the values are checked every 100 seconds.

The range is from 1 through 24855. The default value is 300 seconds.

Rising Threshold

Select a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator reaches or exceeds the rising threshold value. For example, if the rising threshold is 90, SNMP generates an event when the value of any key indicator reaches or exceeds 90 seconds.

The range is from 1 through 100. The default value is 90 seconds.

Falling Threshold

Select a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator reaches or falls below the falling threshold value. For example, if the falling threshold is 80, SNMP generates an event when the value of any key indicator is 80 seconds or less.

The range is from 0 through 100. The default value is 80 seconds.

Table 88: Add NTP Server Settings

 

Setting

Guideline

Name

Specify the name or IP address of the remote NTP server.

Key

Specify the key number used to encrypt authentication fields in all packets sent to the NTP server.

Version

Specify the version number used in outgoing NTP server packets.

Prefer

Specify the NTP server as the preferred server if you configured more than one.

Routing Instance

Enter the routing instance through which the server is reachable.