- Related Topics
- Connecting an SRX100 Services Gateway to the J-Web Interface
- Connecting the SRX100 Services Gateway to the CLI
- Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI
- Performing Initial Software Configuration on the SRX100 Services Gateway Using the J-Web Interface
- SRX100 Services Gateway Secure Web Access Overview
SRX100 Services Gateway Software Configuration Overview
This topic includes the following sections:
Preparing SRX100 Services Gateway for Configuration
When the SRX100 services gateway powers on, it tries to boot the JUNOS Software from the default storage media. If the device fails to boot from the default storage media, it tries to boot from the alternate storage media.
Table 1 provides information on the storage media available on SRX100 services gateway.
Table 1: Storage Media on SRX100 Services Gateway
Storage Media | Type |
|---|---|
Internal NAND flash | Default; always present |
USB storage device | Alternate |
 | Note: The SRX100 Services Gateway that ship with JUNOS Release 10.0 or later are formatted with dual-root partitions from the factory. SRX Series devices that are running JUNOS Software Release 9.6 or earlier can be formatted with dual-root partitions when they are upgraded to JUNOS Release 10.0 or later. |
For more information on dual-root partitioning, see the JUNOS Software Administration Guide for Security Devices.
You configure the services gateway by issuing JUNOS command-line interface (CLI) commands.
Gather the following information before configuring the device:
- Device name to be used on the network
- Domain name the device will use
- IP address and prefix length information for the Ethernet interface
- IP address of a default router
- IP address of a DNS server
- Password for the root user
Understanding Built-In Ethernet Ports
Note the following points about the SRX100 Services Gateway management ports:
- The SRX100 Services Gateway uses fe-0/0/1 to fe-0/0/7 as management ports to perform initial device setup. Before initial configuration, when the factory default configuration is active, the device attempts to perform autoinstallation by obtaining a device configuration through all of its connected interfaces.
- The services gateway acts as a DHCP client out of the built-in Ethernet ports. If the services gateway does not find a DHCP server within a few seconds, the device acts as a DHCP server and assigns an IP address as 192.168.1.1/24. With the device temporarily acting as a DHCP server, you can manually configure it with the J-Web interface.
- Any DHCP client host, for example, a PC or laptop computer, directly connected to any of fe-0/0/1 to fe-0/0/7 ports receives an address on the 192.168.1.1/24 network.
Mapping the Chassis Cluster Ports
On the SRX100 Services Gateway, the fxp1 port is not user configurable when the services gateway is operating in chassis cluster mode.
The fxp0 port is dedicated as the out-of-band management interface for each of the devices in the chassis cluster setup and the fxp1 port is dedicated as the chassis-cluster control port.
Table 2 shows the mapping of the chassis cluster ports.
Table 2: Mapping the Chassis Cluster Ports on an SRX100 Services Gateway
FE Ports on SRX100 Services Gateway | Management Interface |
|---|---|
fe-0/0/6 | fxp0 (management port) |
fe-0/0/7 | fxp1 (control port) |
JUNOS Software automatically creates the fxp0 and fxp1 interfaces on these ports when the SRX100 Services Gateway is operating in chassis cluster mode.
For more information, see the following guides:
- JUNOS Software Interfaces and Routing Configuration Guide
- JUNOS Software Security Configuration Guide
Understanding Management Access
Telnet allows you to connect to the services gateway and access the CLI to execute commands from a remote system. The Telnet CLI connections are not encrypted and therefore can be intercepted.
| Note: Telnet access to the root user is prohibited. You must use more secure methods, such as SSH, to log in as root. |
SSH provides the following features:
- Allows you to connect to the device and access the CLI to execute commands from a remote system
- Encrypts traffic so that it cannot be intercepted (unlike Telnet)
- Can be configured so that connections are authenticated by a digital certificate
- Uses public–private key technology for both connection and authentication
The SSH client software must be installed on the machine where the client application runs. If the SSH private key is encrypted (for greater security), the SSH client must be able to access the passphrase used to decrypt the key.
For information about obtaining SSH software, see http://www.ssh.com and http://www.openssh.com.
If you are using a JUNOScript server to configure and monitor devices, you can activate cleartext access on the device to allow unencrypted text to be sent directly over a Transmission Line Protocol (TCP) connection without using any additional protocol (such as SSH, SSL, or Telnet). For more information about the JUNOScript application programming interface (API), see the JUNOScript API Guide.
| Note: Information sent in cleartext is not encrypted and therefore can be intercepted. |
If the device is operating in a Common Criteria environment, see the Secure Configuration Guide for Common Criteria and JUNOS-FIPS.
