Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Performing Initial Software Configuration on the SRX1400 Services Gateway (CLI Procedure)

 

This sample procedure explains how you can create an initial configuration using CLI commands to connect the services gateway to the network. For complete information about enabling the services gateway to forward traffic, including examples, see the appropriate Junos OS configuration guides at www.juniper.net/documentation/.

To configure Junos OS:

  1. Verify that the device is powered on.
  2. Log in as the root user. There is no password.
  3. Start the CLI.
    root#cli
    root#

  4. Enter configuration mode.
    configure
    [edit]
    root@#

  5. Set the root authentication password by entering a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
    [edit]
    root@# set system root-authentication plain-text-password
    New password: password
    Retype new password: password

  6. Configure an administrator account on the device. When you are prompted, enter the password for the administrator account.
    [edit]
    root@# set system login user admin class super-user authentication plain-text-password
    New password: password
    Retype new password: password

  7. Commit the configuration to activate it on the services gateway.
    [edit]
    root@# commit

  8. Log in as the administrative user you configured in Step 6.
  9. Configure the name of the services gateway. If the name includes spaces, enclose the name in quotation marks (“ ”).
    configure
    [edit]
    admin@# set system host-name host-name

  10. Configure the IP address and prefix length for the services gateway Ethernet interface.
    [edit]
    admin@# set interfaces fxp0 unit 0 family inet address address/prefix-length

  11. Configure the traffic interface.
    [edit]
    admin@# set interfaces ge-0/0/0 unit 0 family inet address address/prefix-length
    admin@# set interfaces ge-0/0/1 unit 0 family inet address address/prefix-length
    Note

    The ge-0/0/0 interface is for the LAN, and the ge-0/0/1 interface is for the ISP.

  12. Configure the default route.
    [edit]
    admin@# set routing-options static route 0.0.0.0/0 next-hop gateway

  13. Configure basic security zones and bind them to traffic interfaces.
    [edit]
    admin@# set security zones security-zone trust interfaces ge-0/0/0
    admin@# set security zones security-zone untrust interfaces ge-0/0/1

  14. Configure basic security policies.
    [edit]
    admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any
    admin@# set security policies from-zone trust to-zone untrust policy policy-name then permit
    admin@# set security policies from-zone untrust to-zone trust policy policy-name match source-address any destination-address any application any
    admin@# set security policies from-zone untrust to-zone trust policy policy-name then permit
    Note

    The actual configuration of the policies depends on your requirements.

  15. Check the configuration for validity.
    [edit]
    admin@# commit check
    configuration check succeeds

  16. Commit the configuration to activate it on the services gateway.
    [edit]
    admin@# commit
    commit complete

  17. Optionally, display the configuration to verify that it is correct.Note

    This is a sample output. The actual output might vary depending on your configuration requirements.

    admin@# show
  18. Commit the configuration to activate it on the services gateway.
  19. Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the services gateway.
  20. When you have finished configuring the services gateway, exit configuration mode.
Note

To access the device using J-Web for the first time, enter the configuration mode in the CLI, and set the management option using the command set system services web-management http.

If you are using an interface other than fxp0, then you must also use the command set security zones security-zone trust interface interface-name host-inbound-traffic system-services http/https to set up J-Web.