Technical Documentation

Initially Configuring the SRX5800 Services Gateway

This procedure connects the device to the network but does not enable it to forward traffic. For complete information about enabling the device to forward traffic, including examples, see the appropriate JUNOS Software configuration guides.

To configure the software:

  1. Verify that the device is powered on.
  2. Log in as the root user. There is no password.
  3. Start the CLI.
    root# cli
    root@>
  4. Enter configuration mode.
    configure
    [edit]
    root@#
  5. Set the root authentication password by entering either a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
    [edit]
    root@# set system root-authentication plain-text-password
    New password: password
    Retype new password: password
  6. Configure an administrator account on the device.
    [edit]
    root@# set system login user admin class super-user authentication plain-text-password
  7. Configure the password for the administrator account.
    [edit]
    root@# set system root-authentication plain-text-password
  8. Commit the configuration to activate it on the device.
    [edit]
    root@# commit
  9. Log in as the administrative user you configured in step 6.
  10. Configure the name of the device. If the name includes spaces, enclose the name in quotation marks (“ ”).
    configure
    [edit]
    admin@# set system host-name host-name
  11. Configure the IP address and prefix length for the device’s Ethernet interface.
    [edit]
    admin@# set interfaces fxp0 unit 0 family inet address address/prefix-length
  12. Configure the traffic interface.
    [edit]
    admin@# set interfaces ge-6/2/0 unit 0 family inet address address/prefix-length
    admin@# set interfaces ge-6/3/5 unit 0 family inet address address/prefix-length
  13. Configure the default route.
    [edit]
    admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
  14. Configure basic security zones and bind them to traffic interfaces.
    [edit]
    admin@# set security zones security-zone trust interfaces ge-6/3/5
    admin@# set security zones security-zone untrust interfaces ge-6/2/0
  15. Configure basic security policies.
    [edit]
    admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any
    root@# set security policies from-zone trust to-zone untrust policy policy-name then permit
  16. Check the configuration for validity.
    [edit]
    admin@# commit check
    configuration check succeeds
  17. Commit the configuration to activate it on the device.
    [edit]
    admin@# commit
    commit complete
  18. Optionally, display the configuration to verify that it is correct.

    admin@# show
    ## Last changed: 2008-05-07 22:43:25 UTC
version "9.2I0 [builder]";
system {
    autoinstallation;
    host-name henbert;
    root-authentication {
        encrypted-password "$1$oTVn2KY3$uQe4xzQCxpR2j7sKuV.Pa0"; ## SECRET-DATA
    }
    login {
        user admin {
            uid 928;
            class super-user;
            authentication {
                encrypted-password "$1$cdOPmACd$QvreBsJkNR1EF0uurTBkE."; ## SECRET-DATA
            }
        }
    }
    services {
        ssh;
       web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any any;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0;
    }
    ge-6/2/0 {
        unit 0 {
            family inet {
                address 5.1.1.1/24;
            }
        }
    }
    ge-6/3/5 {
        unit 0 {
            family inet {
                address 192.1.1.1/24;
            }
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.10.2/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 5.1.1.2;
    }
}
security {
    zones {
        security-zone trust {
            interfaces {
                ge-6/3/5.0;
            }
        }
        security-zone untrust {
            interfaces {
                ge-6/2/0.0;
            }
        }
    }
    policies {
        from-zone trust to-zone untrust {
            policy bob {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}
  19. Commit the configuration to activate it on the device.
    [edit]
    admin@# commit
  20. Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the device.
    [edit]
    admin@host# commit
  21. When you have finished configuring the device, exit configuration mode.
    [edit]
    admin@host# exit
    admin@host>

Published: 2009-11-03