Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

SRX110 Services Gateway Software Configuration Overview

 

This topic includes the following sections:

Preparing the SRX110 Services Gateway for Configuration

When the device powers on, it tries to boot Junos OS from the default storage medium. If the device fails to boot from the default storage medium, it tries to boot from the alternate storage medium.

Table 1 provides information on the storage media available on the services gateway.

Table 1: Storage Media on the Services Gateway

Storage Media

Type

CompactFlash

Default; always present

USB storage device

Alternate

Note

The SRX Series devices that ship with Junos OS Release 10.0 or later are formatted with dual-root partitions from the factory. SRX Series devices that are running Junos OS Release 9.6 or earlier can be formatted with dual-root partitions when they are upgraded to Junos OS Release 10.0 or later.

For more information on dual-root partitioning, see the following topics:

You configure the services gateway by issuing Junos OS command-line interface (CLI) commands.

Gather the following information before configuring the device:

  • Device name to be used on the network

  • Domain name the device will use

  • IP address and prefix length information for the Ethernet interface

  • IP address of a default router

  • IP address of a DNS server

  • Password for the root user

Understanding Built-In Ethernet Ports

Note the following points about the services gateway management ports:

  • The services gateway uses fe-0/0/1 to fe-0/0/7 as management ports to perform initial device setup. Before initial configuration, when the factory-default configuration is active, the device attempts to perform autoinstallation by obtaining a device configuration through all of its connected interfaces.

  • The services gateway acts as a DHCP client out of the built-in Ethernet ports. If the services gateway does not find a DHCP server within a few seconds, the device acts as a DHCP server and assigns an IP address as 192.168.1.1/24. With the device temporarily acting as a DHCP server, you can manually configure it with the J-Web interface.

  • Any DHCP client host, for example, a PC or laptop computer, directly connected to any of fe-0/0/1 to fe-0/0/7 ports receives an address on the 192.168.1.1/24 network.

  • Any DHCP client host, for example, a PC or laptop computer, directly connected to any of fe-0/0/1 to fe-0/0/7 ports receives an address on the 192.168.1.1/24 network.

Understanding Management Access

Telnet allows you to connect to the services gateway and access the CLI to execute commands from a remote system. The Telnet CLI connections are not encrypted and therefore can be intercepted.

Note

Telnet access to the root user is prohibited. You must use more secure methods, such as SSH, to log in as root.

SSH provides the following features:

  • Allows you to connect to the device and access the CLI to execute commands from a remote system

  • Encrypts traffic so that it cannot be intercepted (unlike Telnet)

  • Can be configured so that connections are authenticated by a digital certificate

  • Uses public–private key technology for both connection and authentication

The SSH client software must be installed on the machine where the client application runs. If the SSH private key is encrypted (for greater security), the SSH client must be able to access the passphrase used to decrypt the key.

For information about obtaining SSH software, see http://www.ssh.com and http://www.openssh.com.

If you are using a Junos XML management protocol server to configure and monitor devices, you can activate cleartext access on the device to allow unencrypted text to be sent directly over a Transmission Line Protocol (TCP) connection without using any additional protocol (such as SSH, SSL, or Telnet). For more information about the Junos XML management protocol application programming interface (API), see the NETCONF XML Management Protocol Guide  .

Note

Information sent in cleartext is not encrypted and therefore can be intercepted.

If the device is operating in a Common Criteria environment, see the Configuration Guides for Junos OS Public Sector Certifications.