• Downloads
• Performing Initial Software Configuration on the SRX210 Services Gateway Using the CLI     

• Related Topics
• Connecting an SRX210 Services Gateway to the CLI Locally
• Connecting an SRX210 Services Gateway to the CLI Remotely
• SRX210 Services Gateway Software Configuration Overview
• Performing Initial Software Configuration on the SRX210 Services Gateway Using the J-Web Interface
• SRX210 Services Gateway Secure Web Access Overview

Performing Initial Software Configuration on the SRX210 Services Gateway Using the CLI

This procedure connects the device to the network but does not enable it to forward traffic. For complete information about enabling the device to forward traffic, including examples, see the appropriate JUNOS Software configuration guides.

To configure the software:

1. Verify that the device is powered on.
2. Log in as the root user. There is no password.
3. Start the CLI.
   root# cliroot@>
4. Enter configuration mode.
   configure [edit]root@#
5. Set the root authentication password by entering a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
   [edit]root@# set system root-authentication plain-text-passwordNew password: password Retype new password: password
6. Configure an administrator account on the device.
   [edit]root@# set system login user admin class super-user authentication plain-text-password
7. Commit the configuration to activate it on the device.
   [edit]root@# commit
8. Log in as the administrative user you configured in Step 6.
9. Configure the name of the device. If the name includes spaces, enclose the name in quotation marks (“ ”).
   configure [edit]admin@# set system host-name host-name
10. Configure the traffic interface.
    [edit]admin@# set interfaces ge-0/0/1 unit 0 family inet address address/prefix-length
11. Configure the default route.
    [edit]admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
12. Configure basic security zones and bind them to traffic interfaces.
    [edit]admin@# set security zones security-zone untrust interfaces ge-0/0/1
13. Configure basic security policies.
    [edit]admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any root@# set security policies from-zone trust to-zone untrust policy policy-name then permit
14. Create a NAT rule for source translation of all Internet bound traffic.
    [edit]admin@# set security nat source rule-set interface-nat from zone trust admin@# set security nat source rule-set interface-nat to zone untrust admin@# set security nat source rule-set interface-nat rule rule1 match source-address 0.0.0.0/0 destination-address 0.0.0.0/0admin@# set security nat source rule-set interface-nat rule rule1 then source-nat interface
15. Check the configuration for validity.
    [edit]admin@# commit checkconfiguration check succeeds
16. Commit the configuration to activate it on the device.
    [edit]admin@# commitcommit complete
17. Optionally, display the configuration to verify that it is correct.
    [edit]user@host# showsystem {host-name devicea;domain-name lab.device.net;domain-search [ lab.device.net device.net ];backup-device 192.168.2.44;time-zone America/Los_Angeles;root-authentication {ssh-rsa "ssh-rsa AAAAB3Nza...D9Y2gXF9ac==root@devicea.lab.device.net";}name-server {10.148.2.32;}services {}ntp { server 10.148.2.21; }}interfaces {ge-0/0/0 {unit 0 {family inet {address 192.168.1.1/24;}}}lo0 {unit 0 {family inet {address 172.16.1.24/32;}}}}
18. Commit the configuration to activate it on the device.
    [edit]admin@# commit
19. Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the device.
    [edit]admin@host# commit
20. When you have finished configuring the device, exit configuration mode.
    [edit]admin@host# exitadmin@host>