Built-In Ethernet Ports for the SRX550 Services Gateway

You perform initial device setup through the six built-in Gigabit Ethernet ports, labeled 0/0 through 0/5 (interfaces ge-0/0/0 through ge-0/0/5), on the front panel of the SRX550 Services Gateway.

Note: If chassis clustering is enabled, we recommend using the port labeled 0/0 port as the management port (fxp0) and using the 0/1 port (if used) as the control port (fxp1). The fxp0 and fxp1 ports are created only when chassis clustering is enabled. You can use the other ports as fabric ports.

Before initial configuration, when the factory default configuration is active, the services gateway attempts to perform autoinstallation by obtaining a device configuration through all its connected interfaces, including the interface ge-0/0/0. All interfaces are configured as Layer 3 interfaces. See Table 17 for the default interface configuration.

Table 17: Default Interface Configuration for the Services Gateway

Port Label

Interface

Connector

Security Zone

DHCP State

Address

0/0

ge-0/0/0

Note: If chassis clustering is enabled, use this port as the management port (fxp0).

RJ-45

Untrust

Client

Dynamically assigned

0/1

ge-0/0/1 (if used)

Note: If chassis clustering is enabled, use this port as the control port (fxp1).

RJ-45

Trust

Server

Ports 0/1 through 0/1 are grouped into a VLAN with IP address 192.168.1.1/24

0/2

ge-0/0/2 (if used)

Note: Use this port as a fabric port.

RJ-45

Trust

Server

0/3

ge-0/0/3 (if used)

Note: Use this port as a fabric port.

RJ-45

Trust

Server

0/4

Note: This port is connected directly to port 0/5 when the device is powered off. This feature bypasses the device in the event of a power failure.

ge-0/0/4

RJ-45

Trust

Server

0/5

Note: This port is connected directly to port 0/4 when the device is powered off. This feature bypasses the device in the event of a power failure.

ge-0/0/5

RJ-45

Trust

Server

0/6

ge-0/0/6

No default Configuration

0/7

ge-0/0/7

0/8

ge-0/0/8

0/9

ge-0/0/9

By default, the security policies and NAT rules in Table 18 and Table 19 are created on the SRX Series security policies.

Table 18: Security Policies

Source Zone

Destination Zone

Policy Action

Trust

Untrust

Permit

Table 19: NAT Rule

Source Zone

Destination Zone

NAT Action

Trust

Untrust

Source NAT to untrust zone interface

For example, a common default firewall configuration includes the following assumptions:

Note: The interfaces ge-0/0/1 (port 0/1) through ge-0/0/5 interface (port 0/5) are a part of the default VLAN. The protected hosts can be connected to any of the ports that are part of the default VLAN.

You can configure the services gateway using the CLI or the J-Web interface. To use the J-Web interface, connect a desktop or laptop computer to the port labeled 0/1 (interface ge-0/0/1). The IP address of the desktop or laptop computer can be statically configured or assigned by the factory default DHCP server enabled on the VLAN interface.

After you connect your desktop or laptop computer to port 0/1, use a Web browser to visit http://192.168.1.1, access the J-Web setup wizard, and complete the initial setup configuration of the services gateway.

After you perform the initial configuration and commit it by clicking Commit, the configured services gateway can no longer act as a DHCP server. Therefore, to continue using the services gateway as a management interface, you need to configure the IP address of the interface as part of the initial configuration.

Note: You must manually configure the IP address for the management port that you are using before you save your initial configuration. When you save the configuration for the first time, you will lose the connection to the services gateway if you have not manually configured the IP address. If you lose the connection through the management interface, you must connect through the console port.

After the initial configuration is complete, you can attach the built-in Ethernet port that you are using for management purposes to the management network.

Related Documentation