Performing Initial Software Configuration on the SRX3600 Services Gateway

This procedure connects the services gateway to the network but does not enable it to forward traffic. For complete information about enabling the services gateway to forward traffic, including examples, see the appropriate Junos OS configuration guides.

To configure the software:

  1. Verify that the services gateway is powered on.
  2. Log in as the root user. There is no password.
  3. Start the CLI.

    root#cli

    root#
  4. Enter configuration mode.

    configure

    [edit]

    root@#
  5. Set the root authentication password by entering a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).

    [edit]

    root@# set system root-authentication plain-text-password

    New password: password

    Retype new password: password
  6. Configure an administrator account on the services gateway. When prompted, enter the password for the administrator account.

    [edit]

    root@# set system login user admin class super-user authentication plain-text-password

    New password: password

    Retype new password: password
  7. Commit the configuration to activate it on the services gateway.

    [edit]

    root@# commit
  8. Log in as the administrative user you configured in step 6.
  9. Configure the name of the services gateway. If the name includes spaces, enclose the name in quotation marks (“ ”).

    configure

    [edit]

    admin@# set system host-name host-name
  10. Configure the IP address and prefix length for the services gateway’s Ethernet interface.

    [edit]

    admin@# set interfaces fxp0 unit 0 family inet address address/prefix-length
  11. Configure the traffic interface.

    [edit]

    admin@# set interfaces ge-0/0/0 unit 0 family inet address address/prefix-length

    admin@# set interfaces ge-0/0/1 unit 0 family inet address address/prefix-length
  12. Configure the default route.

    [edit]

    admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
  13. Configure basic security zones and bind them to traffic interfaces.

    [edit]

    admin@# set security zones security-zone trust interfaces ge-0/0/0

    admin@# set security zones security-zone untrust interfaces ge-0/0/1
  14. Configure basic security policies.

    [edit]

    admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any

    admin@# set security policies from-zone trust to-zone untrust policy policy-name then permit
  15. Check the configuration for validity.

    [edit]

    admin@# commit check

    configuration check succeeds
  16. Commit the configuration to activate it on the services gateway.

    [edit]

    admin@# commit

    commit complete
  17. Optionally, display the configuration to verify that it is correct.

    admin@# show
    ## Last changed: 2008-05-07 22:43:25 UTC
    version "9.2I0 [builder]";
    system {
        autoinstallation;
        host-name henbert;
        root-authentication {
            encrypted-password "$1$oTVn2KY3$uQe4xzQCxpR2j7sKuV.Pa0"; ## SECRET-DATA
        }
        login {
            user admin {
                uid 928;
                class super-user;
                authentication {
                    encrypted-password "$1$cdOPmACd$QvreBsJkNR1EF0uurTBkE."; ## SECRET-DATA
                }
            }
        }
        services {
            ssh;
           web-management {
                http {
                    interface ge-0/0/0.0;
                }
            }
        }
        syslog {
            user * {
                any emergency;
            }
            file messages {
                any any;
                authorization info;
            }
            file interactive-commands {
                interactive-commands any;
            }
        }
        license {
            autoupdate {
                url https://ae1.juniper.net/junos/key_retrieval;
            }
        }
    }
    interfaces {
        ge-0/0/0 {
            unit 0 {
                family inet {
                    address 192.1.1.1/24;
                }
            }
        }
        ge-0/0/1 {
            unit 0 {
                family inet {
                    address 5.1.1.1/24;
                }
            }
        }
        fxp0 {
            unit 0 {
                family inet {
                    address 192.168.10.2/24;
                }
            }
        }
    }
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 5.1.1.2;
        }
    }
    security {
        zones {
            security-zone trust {
                interfaces {
                    ge-0/0/0.0;
                }
            }
            security-zone untrust {
                interfaces {
                    ge-0/0/1.0;
                }
            }
        }
        policies {
            from-zone trust to-zone untrust {
                policy bob {
                    match {
                        source-address any;
                        destination-address any;
                        application any;
                    }
                    then {
                        permit;
                    }
                }
            }
        }
    }
  18. Commit the configuration to activate it on the services gateway.

    [edit]

    admin@# commit
  19. Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the services gateway.

    [edit]

    admin@# commit
  20. When you have finished configuring the services gateway, exit configuration mode.

    [edit]

    admin@# exit

    admin@#

Related Documentation