SRX240 Services Gateway Software Configuration Overview

This topic includes the following sections:

Preparing the SRX240 Services Gateway for Configuration

The services gateway is shipped with the Juniper Networks Junos operating system (Junos OS) preinstalled. When the services gateway is powered on, it is ready to be configured.

You can perform the initial configuration of the services gateway by using the browser-based setup wizard or by using the command-line interface (CLI).

Before configuring the services gateway, gather the configuration information required to deploy the services gateway in your network. At minimum, the setup wizard requires the following information:

Understanding the Factory Default Configuration

Your services gateway comes configured with a default configuration. This factory default configuration sets up the following network topology:

The default configuration also includes the following security configuration:

Understanding Built-In Ethernet Ports and Initial Configuration

During the initial configuration of the services gateway, how you use the built-in Ethernet ports (ports 0/0 through 0/15) depends on the initial configuration you are performing:

Mapping the Chassis Cluster Ports

A chassis cluster is created by physically connecting two identical SRX240 Services Gateways together using a pair of the same type of Ethernet connections. The connection is made for both a control link and a fabric (data) link between the two services gateway.

The fxp0 port is dedicated as the out-of-band management interface for each of the services gateway in the chassis cluster setup and the fxp1 port is dedicated as the chassis-cluster control port.

On the SRX240 Services Gateway, the fxp1 port is not user configurable when the services gateway is operating in chassis cluster mode.

Table 28 shows the mapping of the chassis cluster ports.

Table 28: Mapping the Chassis Cluster Ports on an SRX240 Services Gateway

Ethernet Ports on SRX240 Services Gateway

Management Interface

0/0 (ge-0/0/0)

fxp0 (management port)

0/1 (ge-0/0/1)

fxp1 (control port)

Note: On SRX240 Services Gateway, the fabric link connection can be any pair of Gigabit Ethernet interfaces.

Junos OS automatically creates the fxp0 and fxp1 interfaces on these ports when the SRX240 Services Gateway is operating in chassis cluster mode.

For more information, see the following guides:

Understanding Management Access

Telnet allows you to connect to the services gateway and access the CLI to execute commands from a remote system. Telnet CLI connections are not encrypted and therefore can be intercepted.

Note: Telnet access to the root user is prohibited. You must use more secure methods, such as SSH, to log in as root.


SSH provides the following features:

The SSH client software must be installed on the machine where the client application runs. If the SSH private key is encrypted (for greater security), the SSH client must be able to access the passphrase used to decrypt the key.

For information about obtaining SSH software, see http://www.ssh.com and http://www.openssh.com.

If you are using a Junos XML protocol server to configure and monitor devices, you can activate cleartext access on the device to allow unencrypted text to be sent directly over a Transmission Line Protocol (TCP) connection without using any additional protocol (such as SSH, SSL, or Telnet). For more information about the Junos XML management protocol, see the Junos XML Management Protocol Guide.

Note: Information sent in cleartext is not encrypted and therefore can be intercepted.

If the device is operating in a Common Criteria environment, see the Secure Configuration Guide for Common Criteria and Junos-FIPS.

Related Documentation