SRX220 Services Gateway Software Configuration Overview

This topic includes the following sections:

Preparing the SRX220 Services Gateway for Configuration

The services gateway is shipped with the Junos operating system (Junos OS) preinstalled and ready to be configured when the device is powered on.

When the device powers on, it tries to start the Junos OS on the USB flash drive. If a USB flash drive is not inserted into the USB connector or if the attempt otherwise fails, the device next tries the CompactFlash card (if installed), and finally the internal flash memory.

You configure the services gateway by issuing Junos OS commands on the command-line interface (CLI) or by using a setup wizard in the J-Web interface.

Gather the following information before configuring the device:

Understanding Built-In Ethernet Ports

Note the following points about the SRX220 Services Gateway management port:

Mapping the Chassis Cluster Ports

On the SRX220 Services Gateway, the fxp1 port is not user-configurable when the services gateway is operating in chassis cluster mode.

The fxp0 port is dedicated as the out-of-band management port for each device in the chassis cluster setup. The fxp1 port is dedicated as the chassis-cluster control port.

Table 30 shows the mapping of the chassis cluster ports.

Table 30: Mapping of the Chassis Cluster Ports on an SRX220 Services Gateway

GE Port on SRX220 Services Gateway

Management Interface


fxp0 (management port)


fxp1 (control port)

Junos OS automatically creates the fxp0 and fxp1 interfaces on these ports when the SRX220 Services Gateway is operating in chassis cluster mode.

For more information, see the following guides:

Understanding Management Access

Telnet allows you to connect to the services gateway and access the CLI to execute commands from a remote system. The Telnet CLI connections are not encrypted and therefore can be intercepted.

Note: Telnet access to the root user is prohibited. You must use more secure methods, such as SSH, to log in as root.

SSH provides the following features:

The SSH client software must be installed on the machine where the client application runs. If the SSH private key is encrypted (for greater security), the SSH client must be able to access the passphrase used to decrypt the key.

For information about obtaining SSH software, see and .

If you are using a Junos XML protocol server to configure and monitor devices, you can activate cleartext access on the device to allow unencrypted text to be sent directly over a Transmission Control Protocol (TCP) connection without using any additional protocol (such as SSH, Secure Sockets Layer [SSL], or Telnet). For more information about the Junos XML management protocol, see the Junos XML Management Protocol Guide.

If the device is operating in a Common Criteria environment, see the Secure Configuration Guide for Common Criteria and Junos-FIPS.

Related Documentation