Technical Documentation

Basic Configuration of the 1-Port SFP Mini-Physical Interface Module

To enable the 1-Port SFP Mini-Physical Interface Module (Mini-PIM) installed on the SRX Series Services Gateway, you must configure the properties. You can perform the same configuration tasks using either J-Web or the CLI. In addition, you can configure a wide variety of options that are not encountered frequently.

Using J-Web

To perform basic configuration of the 1-Port SFP Mini-PIM and to configure network interfaces for the services gateway with J-Web:

  1. In J-Web, select Configure>Interfaces.

    The Interfaces page displays and lists the network interfaces present on the services gateway, along with configuration information (if configured).

  2. To configure properties for a network interface (Mini-PIM), select the interface name, and click Edit.
  3. To use the port on the Mini-PIM, you must assign it to a security zone other than the Null zone. Optionally, you can also assign the port an IP address (for example, 192.168.3.1/24). Enter or select the following settings:
    1. Select Configure>Security>Zones/Screens.
    2. Add or select a security zone other than Null; for example, Trust.
    3. For host inbound traffic, set the following:
      • Services=Allow All
      • Protocols=Allow All
    4. Click OK, and click Commit to apply the configuration and other pending changes (if any).
  4. To use the port on the Mini-PIM, you must also set security policies. Select the following settings:
    1. Select Configure>Security>Policy>FW Policies.
    2. Set Policy Action: Default Policy Action=Permit-All.
    3. Click OK to save changes, and click Commit to apply the configuration and other pending changes (if any).

    For advanced configuration information, see the Junos OS Network Interfaces Configuration Guide.

Using the CLI

To perform basic configuration for the 1-Port SFP Mini-PIM and to configure network interfaces for the services gateway with the CLI:

  • Verify that the 1-Port SFP interface is installed on the device:

    show chassis hardware

  • Verify the status of the interface:

    show interfaces terse

  • Assign the port an IP address:

    set interface ge-1/0/0 unit 0 family inet address interface address/destination prefix

  • Add or select a security zone; for example, Trust:

    set security zones security-zone trust interfaces ge-1/0/0.0 host-inbound-traffic system-services all

  • Add or select security zones for host inbound traffic protocol options:

    set security zones security-zone trust interfaces ge-1/0/0.0 host-inbound-traffic protocols all

  • Set security policies:

    set security policies default-policy permit-all

Related Topics

Published: 2010-07-13

Help
|
My Account
|
Log Out