Or
Select Configure>Device Setup>Basic Settings>System Identity in the J-Web user interface.
The System Identity configuration page appears.
Table 111 explains the contents of this page.
Save—Saves all the basic settings configuration and returns to the main configuration page.
Note For all the configuration options under Basic Settings:
Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.
When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels all your entries and returns to the main configuration page.
Table 111: System Identity Details Configuration Details
| Field | Function | Action |
|---|---|---|
Host Name | Specifies the hostname of the device. | Enter a name. |
Domain Name | Specifies the network or subnetwork to which the device belongs. | Enter a name. |
Root Password | Specifies a password for the root user. Note: After you have defined a root password, that password is required when you log in to the J-Web or the CLI. | Enter a password. |
Confirm Password | Specifies the password for the root user. | Re-enter the password. |
DNS Servers | Specifies the DNS server settings. The options available are:
| Select an option:
|
Domain Search | Specifies the DNS hostname settings. The options available are:
| Select an option:
|
Or
Select Configure>Device Setup>Basic Settings>Date Time in the J-Web user interface.
The Date and Time configuration page appears.
Save—Saves all the basic settings configuration and returns to the main configuration page.
Note For all the configuration options under Basic Settings:
Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.
When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels all your entries and returns to the main configuration page.
Table 112: Date and Time Configuration Details
| Field | Function | Action |
|---|---|---|
Time Zone | Specifies the time zone in which the router resides. | Select a time zone from the list. |
Current date/time | Displays the current date and time. | — |
Time Source | Specifies which method the device should use to set the system time. | |
Sync with NTP Server—Synchronizes the system time with the NTP server that you select. The available options are:
| Select an option.
| |
Sync with Computer Time—Uses the computer that you are currently logged into to determine the system time for the device. | When you select this option, the PC time that will be used is displayed in the Current Date & Time field. | |
Manual Configure Time—Enables you to manually select the date and time for the device. Note: After you configure the time manually, the session will expire. Log in to J-Web. | Set the date and time using the calendar pick tool and time fields. |
Or
Select Configure>Device Setup>Basic Settings>Management Access in the J-Web user interface.
The Management Access configuration page appears.
Save—Saves all the basic settings configuration and returns to the main configuration page.
Note For all the configuration options under Basic Settings:
Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.
When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels all your entries and returns to the main configuration page.
Table 113: Management Access Configuration Details
| Field | Function | Action |
|---|---|---|
Loopback Address | Specifies a loopback address for the device. | Enter the IP address. Note: If the SRX device does not have a dedicated management port (fxp0), then Loopback Address and Subnet are the only options available for the management access configuration. |
Subnet | Specifies the range of logical addresses within the address space that is assigned to an organization. | Enter the address, for example, 255.255.255.0. You can also specify the address prefix. |
IPv4 | Displays whether or not IPv4 is enabled. | Select this option to enable IPv4. Note: IPv4 configuration is supported only on the SRX devices with fxp0 port. |
Management Access Port | Specifies an IPv4 address for the device. | Enter the IP address. |
Subnet | Specifies the range of logical addresses within the address space that is assigned to an organization. | Enter the address, for example, 255.255.255.0. You can also specify the address prefix. |
Default Gateway | Specifies the default gateway address for IPv4. | Enter the IP address. |
| Services | ||
Telnet | Provides secure Telnet connections. | Select this option to enable telnet. |
SSH | Provides secure SSH connections. | Select this option to enable SSH. |
FTP | Provides secure file transfers | Select this option to enable FTP. |
Netconf | Provides NETCONF connections. | Select this option to enable NETCONF. |
RFC Complaint | Provides NETCONF sessions complaint with RFC 4741. | Select this option to enable RFC complaint. |
Netconf -> SSH | Provides NETCONF connections over SSH connections. | Select this option to enable Netconf -> SSH. |
Trace Options | Provides NETCONF trace options. | Select this option to enable trace options. |
On Demand | Provides on-demand tracing. | Select this option to enable on-demand. |
No Remote Trace | Disables remote tracing. | Select this option to enable no remote tracing. |
Junoscript Over Clear Text | Provides clear text based Junoscript connections. | Select this option to enable Junoscript over clear text. |
Junoscript Over SSL | Provides SSL based Junoscript connections. | Select this option to enable Junoscript over SSL. |
Junoscript Certificate | Provides the local certificate for SSL. | Select the local certificate for SSL from the list. |
HTTP | Enables unencrypted HTTP connection settings. | Select this option to enable HTTP. |
Interface | Provides interfaces that accept HTTP access. | Select the interface in order of your preference and click on the left arrow/right arrow to add. |
HTTPS | Enables encrypted HTTPS connection settings. | Select this option to enable HTTPS. |
Interface | Provides interfaces that accept HTTPS access. | Select the interface in order of your preference and click on the left arrow/right arrow to add. |
HTTPS Certificate | Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs. | Select the HTTPS certificate form the list. |
HTTPS Port | Provides TCP ports for incoming HTTPS connections. | Select the HTTPS port by clicking top or bottom arrows. |
| WEB API | ||
Web API | Enables Web API configuration. | Select this option to enable Web API. |
Client | Enables client for the Web API. | Select this option to enable client. |
Host Name | Provides the address of permitted HTTP/HTTPS request originators. | Select this option to add or delete the address of permitted HTTP/HTTPS request originators. To add, click + and enter the IPv4 address of the request originator. |
HTTP | Enables unencrypted HTTP connection settings. | Select this option to enable HTTP. |
HTTP Port | Provides TCP ports for incoming HTTP connections. | Select this option to enable HTTP port. |
HTTPs | Enables encrypted HTTPS connection settings. | Select this option to enable HTTPS. |
HTTPS Port | Provides TCP ports for incoming HTTPS connections. | Click top or bottom arrows to select the HTTPS port. |
Certificate Type | Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs for Web API. | Select an option. |
Default | - | |
PKI Certificate | The option available is PKI Certificate. Select a PKI certificate from the list for HTTPS of Web API. | |
File Path | The options available are as follows:
| |
User | Provides the user credential details. | Select this option to enable user. |
Name | Specifies the username. | Enter the username. |
Password | Specifies the user password. | Enter the password. |
| REST API | ||
REST API | Allows RPC execution over HTTP(S) connection. | Select this option to enable REST API. |
Explorer | Provides the REST API explorer tool. | Select this option to enable REST API explorer. |
Control | Controls the REST API process. | Select this option to enable control. |
Allowed Sources | Provides the source IP address. | Click + and enter the IPv4 address of the source. |
Connection Limit | Provides the maximum number of simultaneous connections. | Click top or bottom arrows to select the number of simultaneous connections. |
HTTP | Enables unencrypted HTTP connections for REST API. | Select this option to enable HTTP. |
Address | Provides addresses for the incoming connections for HTTP of REST API. | Click + and enter the IPv4 address. |
Port | Provides ports to accept HTTP connections fr REST API. | Click top or bottom arrows to select the HTTP port. Note: The default port for HTTP of REST API is 3000. |
HTTPS | Enables encrypted HTTPS connections for REST API. | Select this option to enable HTTPS. |
Address | Provides addresses for the incoming connections for HTTPS of REST API. | Click + and enter the IPv4 address. |
Cipher List | Provides the Cipher suites for HTTPS of REST API. | Select the Cipher suites in order of your preference and click on the left arrow or right arrow to add. |
Port | Provides the port to accept the HTTPS connection of REST API. | Click top or bottom arrows to select the HTTPS port. Note: The default port for HTTPS of REST API is 3443. |
Server Certificate | Provides the server certificate for HTTPS of REST API. | Select the server certificate from the list. |
Certificate Authority Profile | Provides the certificate authority profile for HTTPS of REST API. | Select the certificate authority profile from the list. To create Certificate Authority:
|
| Certificate | ||
Certificate | Specifies the certificate name to secure HTTPS connections. | Select an option:
|
J-Web enables you to forward logs using stream mode and event mode. All the categories can be configured for sending specific category logs to different log servers in stream mode log forwarding.
Select Configure>Device Setup>Basic Settings>Security Logging in the J-Web user interface.
The Security Logging configuration page appears.
Note Starting in Junos OS 19.1R1, Security Logging page supports only Stream Mode.
Click one:
Save—Saves all the basic settings configuration and returns to the main configuration page.
Note For all the configuration options under Basic Settings:
Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.
When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels all your entries and returns to the main configuration page.
Table 114: Security Logging Configuration Page
| Field | Function | Action |
|---|---|---|
Logging | Enables the security logging. | Select this option to enable logging. Note:
|
UTC Timestamp | Allows use of Coordinated Universal Time (UTC) for security log timestamps. | Select this option to enable UTC Timestamp. |
Log On | Provides log on types for logging. | Select Source Address or Source Interface. |
IP Address | Specifies a source IP address or the IP address used when exporting security logs. | Enter the IP address. |
Interface | Specifies the interface of the log source. | Select the interface from the list. |
Format | Specifies the format in which the logs are stored. | Select the logging format. By default, None logging format is selected. Options available are:
|
Transport Protocol | Specifies the type of transport protocol to be used to log the data. | Select the logging transport protocol. By default, None is selected. Options available are:
|
Syslog Server | Enables you to configure syslog servers. You can configure a maximum of three syslog servers. | Select an option:
|
Or
Select Configure>Device Setup>Basic Settings>SNMP in the J-Web user interface.
The SNMP configuration page appears.
Save—Saves all the basic settings configuration and returns to the main configuration page.
Note For all the configuration options under Basic Settings:
Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.
When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels all your entries and returns to the main configuration page.
Table 115: SNMP Configuration Details
| Field | Function | Action |
|---|---|---|
Contact Information | Specifies the administrative contact for the system. | Enter any contact information for the administrator of the system (such as name and phone number). |
System Description | Specifies the description for the system. | Enter any information that describes the system. |
Local Engine ID | Specifies the administratively unique identifier of an SNMPv3 engine for system identification. The local engine ID contains a prefix and a suffix. The prefix is formatted according to specifications defined in RFC 3411. The suffix is defined by the local engine ID. Generally, the local engine ID suffix is the MAC address of Ethernet management port 0. | Enter the MAC address of Ethernet management port 0. |
System Location | Specifies the location of the system. | Enter any location information for the system (lab name or rack name, for example). |
System Name Override | Specifies the option to override the system hostname. | Enter the name of the system. |
Community | Specifies the name and authorization for the SNMP community. |
|
| Trap Groups | ||
Name | Specifies the name of the SNMP trap group being configured. | Enter the SNMP trap group name. |
Categories | Specifies which trap categories to add to the trap group being configured. The options available are:
| Select an option. |
Targets | Specifies one or more IP addresses that specify the systems to receive SNMP traps that are generated by the trap group being configured. | Click +, enter the target IP address for SNMP trap group, and click OK. |
Health Monitoring | Specifies the option to check the SNMP health monitor on the device. The health monitor periodically checks the following key indicators of device health:
| Enable the option. |
Interval | Specifies the sampling frequency interval, in seconds, over which the key health indicators are sampled and compared with the rising and falling thresholds. For example, if you configure the interval as 100 seconds, the values are checked every 100 seconds. | Enter a value from 1 through 24855. The default value is 300 seconds. |
Rising Threshold | Specifies the value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is increasing. For example, if the rising threshold is 90, SNMP generates an event when the value of any key indicator reaches or exceeds 90 seconds. | Enter a value from 1 through 100. The default value is 90 seconds. |
Falling Threshold | Specifies a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is decreasing. For example, if the falling threshold is 80, SNMP generates an event when the value of any key indicator falls back to 80 seconds or less. | Enter a value 0 through 100. The default value is 80 seconds. |
Boot DHCP Relay Configuration Page Options
The Chassis Cluster Setup Wizard configuration page appears. This wizard guides you through configuring chassis cluster on a two-unit cluster.
Before you establish a chassis cluster connection between the two units, ensure that you have physical access to both the devices.
Your other unit must be on the same hardware and software version as the current unit.
Note that both units are erased and rebooted, after which all existing data is irretrievable. You have the option to save a backup copy of your configuration before rebooting.
Selecting a Node
The welcome page shows the possible chassis cluster connections that you can configure for your SRX Series device. It shows a graphical representation for SECONDARY UNIT (NODE1) and PRIMARY UNIT (NODE 0).
If this is the first unit you are setting up, select Yes, this is the first unit to be setup (Node 1).The secondary unit is outlined to indicate the node 1 configuration. You can configure your primary unit (Node 0) later. If you prefer to set a different unit as your secondary, switch to it now and re-enter the Chassis Cluster setup wizard.
If this is the primary or second unit you are setting up, select No, this is the second unit to be setup (Node 0). This option will enable you to establish a Chassis Cluster configuration with the secondary unit that you already finished setting up.
Click Next. The Chassis Cluster Setup Wizard page appears.
Setting Up Secondary Unit (Node 1)
Connecting Units
Ensure that both the units are powered on. Ensure that your computer is connected to your secondary unit via the FXP0 port.
Your secondary unit's Control Port ge-0/0/1 is connected to your primary unit's Control Port ge-0/0/1.
and/or
Your secondary unit's Fabric Port ge-0/0/2 is connected to your primary unit's Fabric Port ge-0/0/2.
In the Chassis Cluster Setup Wizard page, select the type of connection that you have established for both the units.
Switching Units
Once the connection is established between the two units, you must shutdown the unit in order to reconfigure it for chassis cluster. You can select to save a backup before shutting down.
Click Shutdown and continue.
The graphical representation of the units shows that the primary unit is now connected to your computer and the secondary unit is shutdown..
Enable—Enables cluster mode on the node.
Enable and Reboot—Enables cluster mode and reboots the node.
Enable and No Reboot—Enables cluster mode without rebooting the node.
Disable—Disables the cluster mode on the node.
Disable and Reboot—Disables cluster mode and reboots the node.
Disable and No Reboot—Disables cluster mode without rebooting the node.
Reset—Resets your entries to the original value.
OK—Saves the configuration and returns to the main configuration page.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels your entries and returns to the main configuration page.
Table 116: Add Chassis Cluster Setup Wizard Configuration Details
| Field | Function | Action |
|---|---|---|
Cluster ID | Specifies the number by which a cluster is identified. | Enter a number from 0 through 15. |
| Node | ||
Node ID | Specifies the number by which a node is identified. | Enter a number from 0 through 1. |
Node Management IP Address (fxp0.0) | Specifies the management IP address of a node. | Enter a valid IP address for the management interface. |
| Control Link | ||
Fpc | Specifies the FPC control link. | Select the FPC number from the list. |
Port | Specifies the port to configure for the control link. | Enter a number from 0 through 2. |
You can use the Setup wizard to configure a device or edit an existing configuration.
Use the Edit Existing Configuration mode if you have already configured the device using the factory mode.
Use the Create New Configuration mode to configure a device using the wizard.
Using the Setup wizard, you can configure the following:
Basic settings
Security topology
Security policy
Network Address Translation
Note
On all branch SRX Series devices, the New Setup wizard has the following limitations:
The Existing Edit mode might not work as expected if you previously configured the device manually, without using the wizard.
Edit mode might overwrite outside configurations such as Custom Application, Policy Name, and zone inbound services.
In create new mode, when you commit your configuration changes, your changes will overwrite the existing configuration.
VPN and NAT wizards are not compatible with the New Setup wizard; therefore the VPN or NAT wizard configuration will not be reflected in the New Setup wizard or vice versa.
By default, 2 minutes are required to commit a configuration using the New Setup wizard.
On SRX650 devices, the default mode configures only the ge-0/0/1 interface under the internal zone.
You might encounter usability issues if you use Microsoft Internet Explorer version 8 to launch the New Setup wizard.
If you refresh your browser after you download the license, the factory mode wizard is not available.
When you commit the configuration, the underlying Web management interface changes, and you do not receive a response about the commit status.
Webserver ports 80 (HTTP) and 443 (HTTPS) on the DMZ or internal zone are overshadowed if Web management is enabled on the Internet zone not configured for destination NAT. As a workaround, change the webserver port numbers for HTTP and HTTPS by editing the recommended policies on the Security policies page.
Images, buttons, and spinner (indicating that the configuration is being applied) on the wizard screen do not initially appear when the browser cache is cleared.
PPPoE connects multiple hosts on an Ethernet LAN to a remote site through a single customer premises equipment (CPE) device (Juniper Networks device).
Use the configure PPPoE tasks to configure the PPPoE connection. The PPPoE wizard guides you to set up a PPPoE client over the Ethernet connection.
Note
On all branch SRX Series devices, the PPPoE wizard has the following limitations:
While you use the load and save functionality, the port details are not saved in the client file.
The Non Wizard connection option cannot be edited or deleted through the wizard. Use the CLI to edit or delete the connections.
The PPPoE wizard cannot be launched if the backend file is corrupted.
The PPPoE wizard cannot be loaded from the client file if non-wizard connections share the same units.
The PPPoE wizard cannot load the saved file from one platform to another platform.
There is no backward compatibility between PPPoE wizard Phase 2 to PPPoE wizard Phase 1. As a result, the PPPoE connection from Phase 2 will not be shown in Phase 1 when you downgrade to an earlier release.
A virtual private network (VPN) provides a means for secure communication among remote computers across a public WAN, such as the Internet.
This wizard leads you through the basic required steps to configure basic settings for a router-based VPN. To configure a VPN with a complete set of options, use either the J-Web interface or the command-line interface (CLI).
As you use this wizard, refer to the upper left area of the page to see where you are in the configuration process. Refer to the lower left area of the page for help related to the current page and its contents.
When you click a link under the Resources heading in the lower left area, the document opens in your browser. If it is in a new tab, be sure to close only the tab (not the browser window) when you close the document.
Network Address Translation (NAT) is a method for modifying or translating network address information in packet headers. Either one or both of the source and destination addresses in a packet may be translated. NAT can also include the translation of port numbers.
The NAT type determines the order in which NAT rules are processed. During the first packet processing for a flow, NAT rules are applied in the following order:
This wizard leads you through the basic required steps to configure NAT for the SRX Series security device. To configure more detailed settings, use either the J-Web interface or the command-line interface (CLI).
As you use this wizard, refer to the upper left area of the page to see where you are in the configuration process. Refer to the lower left area of the page for help related to the current page and its contents.
When you click a link under the Resources heading in the lower left area, the document opens in your browser. If it is in a new tab, be sure to close only the tab (not the browser window) when you close the document.