Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Basic Settings for the SRX650 Services Gateway with the CLI or the J-Web Interface

 

This topic describes how to configure basic settings for your services gateway using either the CLI or the J-Web setup wizard.

To configure basic settings on an SRX650 Services Gateway:

  1. Identify the services gateway.
  2. Connect it to the network.
  3. Configure basic network settings.

In a typical network, the services gateway has the basic settings listed in Table 1. Determine the values to set on the services gateway in your network.

Table 1: Sample Settings on the SRX650 Services Gateway

SRX650 Services Gateway Property

Sample Value

Services gateway hostname

devicea

IP address for default gateway

10.0.0.1/24

IP address of the NTP server used to synchronize system time

10.148.2.21

IP address of the DNS server to which DNS requests are sent

10.148.2.32

Domains to which the services gateway belongs

lab.device.net and device.net

You can configure basic settings for the services gateway using either the J-Web setup wizard or CLI as the configuration editor. Table 2 summarizes the configuration tasks for the initial setup for both required and optional settings.

Table 2: Configuring Basic Settings

Task

Required or Optional

Using the J-Web Setup Wizard

Using the CLI

Navigate to Configure System: Identification page.

Required

After establishing basic connectivity and entering root as the default username (see Connecting to the SRX650 Services Gateway Setup Wizard), click Enter. The J-Web setup wizard appears. Click Start at the bottom of the Introduction page.

Navigate to the top of the configuration hierarchy in the CLI. From the [edit] hierarchy level, type:

edit system

Define the hostname of the services gateway.

Required

On the Configure System: Identification page, type the hostname of the services gateway; for example, devicea.

Specify the hostname. For example:

set host-name devicea

Identify the domain name of the network or subnetwork to which the services gateway belongs.

Required

From the Configure System: Identification page, type the domain name of the services gateway; for example, lab.device.net.

Specify the domain name. For example:

set domain-name lab.device.net

Define the root password for the user with unrestricted access to the services gateway.

Note: For readability, the entire key is not shown.

Required

  1. On the Configure System: Identification page, type the root password, for example ssh-rsa AAAAB3Nza...D9Y2gXF9ac== root@devicea.lab.device.net
  2. Retype the password in the Verify root password field.

Specify the root password. For example:

set root-authentication ssh-rsa “ssh-rsa AAAAB3Nza...D9Y2gXF9ac== root@devicea.lab.device.net”

Define the IP address of the default gateway. The default gateway is the IP address and subnet of the next-hop router, which is generally provided by the ISP for a branch office.

Optional

From the Configure System: Network Settings page, type the IP address of the default gateway; for example, 10.0.0.1/24.

Set the default gateway IP address and the next-hop router address. For example:

set interfaces ge-0/0/1 unit 0 family inet address 10.0.0.1/24

set routing-options static route 0.0.0.0/0 next-hop 10.0.0.2

Note: The example assumes that the next-hop router address is 10.0.0.2.

Add the names of servers that maintain databases for resolving hostnames and IP addresses.

Optional

From the Configure System: Network Settings page, type the IP address of the DNS server; for example, 10.148.2.32. Then click Add.

Specify the address of the DNS server. For example:

set name-server 10.148.2.32

Add each domain to which the services gateway belongs, to include it in a DNS search.

Optional

From the Configure System: Network Settings page, type the domains to be searched; for example, lab.device.net and device.net. Then click Add after each one you add to the list.

Specify the domains to be searched. For example:

set domain-search lab.device.net

set domain-search device.net

Configure interface groups (VLANs).

Optional

From the Interface Groups (VLANs) page, click Add, Edit, or Delete to configure VLANs.

Specify a VLAN interface. For example:

set interfaces ge-0/0/1 unit 0 family inet address 10.148.1.32

Configure interfaces other than VLANs.

Optional

From the Configure Interfaces page, click Add, Edit, or Delete to configure interfaces other than VLANs.

Specify an interface other than a VLAN interface. For example:

set interfaces ge-0/0/2 unit 0 family inet address 10.148.5.32

Specify the tab you want to appear on startup.

Required

From the Configure J-Web Preferences page, from the J-Web starting page options, select the tab you want to appear on startup.

N/A

The Configure J-Web Preferences page appears before the Configure System: Time page in the wizard. Specify when you want commit to occur.

Required

From the Configure J-Web Preferences page, from the J-Web commit options, specify when you want commit to occur.

N/A

Define the current system time and time zone in which the services gateway is located.

Optional

  1. From the Configure System: Time page, click Reset Manually to reset the time.
  2. From the Time Zone list, select the time zone for your services gateway; for example, America/Los_Angeles

Specify the time zone. For example:

set time-zone America/Los_Angeles

Define the NTP server that the services gateway can reach to synchronize the system time.

Optional

From the Configure System: Time page, in the NTP Servers field, type the NTP server's IP address; for example, 10.148.2.21.

Specify the address of the NTP server. For example:

set ntp server 10.148.2.21

Commit the configuration.

Required

Review the configuration on the Review & Commit page. Click Commit to save the configuration, or click Back to make changes.

Commit and save your configuration. For example:

commit

Note

After basic setup is configured, the J-Web setup wizard will no longer be available unless you reset the services gateway to the factory default settings and reboot it. You can perform additional setup by using the J-Web interface or the CLI interface. You can use wizards to configure basic firewall policies, VPN settings, and NAT rules. For more information about these wizards, see the Security Basics.

For more instructions on managing users and operations, monitoring network performance, upgrading software, and diagnosing common problems on an SRX650 Services Gateway, see the Monitoring and Troubleshooting for Security Devices.