Configuring Junos OS on the SRX300
The services gateway is shipped with the Juniper Networks Junos operating system (Junos OS) preinstalled and ready to be configured when the device is powered on. You can perform the initial software configuration of the services gateway by using the browser-based setup wizard or by using the command-line interface (CLI).
SRX300 Services Gateway Factory-Default Settings
The SRX300 device is shipped with the following factory-default settings:
Table 1: Security Policies
Table 2: NAT Rules
Source NAT to untrust zone interface
Table 3: Interfaces
0/0 and 0/7
ge-0/0/0 and ge-0/0/7
0/1 to 0/6
VLAN Interface irb.0 (ge-0/0/1 to ge-0/0/6)
The SRX300 device is shipped with the following services and protocols enabled by default.
Table 4: Services, Protocols, and Startup Mode
Device Startup Mode
NETCONF over SSH
RSTP (all interfaces)
To provide secure traffic, a basic set of screens are configured on the untrust zone.
How to View Factory-Default Settings
To view the factory-default settings on your device:
- Log in as the root user and provide your credentials.
- View the list of default configuration files:
user@host> file list /etc/config
- View the required default configuration file.
user@host> file show /etc/config/<config file name>
When you commit changes to the configuration, a new configuration file is created, which becomes the active configuration. If the current active configuration fails, you can use the load factory-default command to revert to the factory-default configuration.
Initial Configuration Using the CLI
You can use either the serial or the mini-USB console port on the device.
Connect to the Serial Console Port
To connect to the serial console port:
- Plug one end of the Ethernet cable into the RJ-45 to DB-9 serial port adapter supplied with your SRX300.
- Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
- Connect the other end of the Ethernet cable to the serial console port on the SRX300.
- Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal) and select the appropriate COM port to use (for example, COM1).
- Configure the serial port settings with the following
Connect to the Mini-USB Console Port
To connect to the mini-USB console port:
- Download the USB driver to the management device from the Downloads page. To download the driver for Windows OS, select 6.5 from the Version drop-down list. To download the driver for macOS, select 4.10 from the Version drop-down list.
- Install the USB console driver software:
Install the USB console driver software before attempting to establish a physical connection between the SRX300 and the management device, otherwise the connection will fail.
Copy and extract the
.zipfile to your local folder.
.exefile. The installer screen appears.
Click Continue Anyway on the next screen to complete the installation.
If you chose to stop the installation at any time during the process, then all or part of the software will fail to install. In such a case, we recommend that you uninstall the USB console driver and then reinstall it.
Click OK when the installation is complete.
- Plug the large end of the USB cable supplied with the SRX300 into a USB port on the management device.
- Connect the other end of the USB cable to the mini-USB console port on the SRX300.
- Start your asynchronous terminal emulation application
(such as Microsoft Windows HyperTerminal) and select the new COM port
installed by the USB console driver software. In most cases, this
is the highest-numbered COM port in the selection menu.
You can locate the COM port under Ports (COM & LPT) in Windows Device Manager after the driver is installed and initialized. This might take several seconds.
- Configure the port settings with the following values:
Bits per second—9600
- If you have not already done so, power on the SRX300 by
pressing the Power button on the front panel. Verify that
the PWR LED on the front panel turns green.
The terminal emulation screen on your management device displays the startup sequence. When the SRX300 has finished starting up, a login prompt appears.
Configure the SRX300 Using the CLI
To configure the SRX300 by using the CLI:
- Start the CLI.root@%cliroot>
You can view the factory-default settings by using the show configuration command.
- Enter configuration mode.configureroot#
- Set the root authentication password by entering a cleartext
password, an encrypted password, or an SSH public key string (DSA
or RSA).root# set system root-authentication plain-text-passwordNew password: passwordRetype new password: password
- Commit the configuration
to activate it on the device.root# commit
Initial Configuration Using J-Web
Configure Using J-Web
To configure the device by using J-Web:
- Connect one end of the Ethernet cable to any of the network
0/6on the device.
The ge-0/0/0 and ge-0/0/7 interfaces (ports
0/7) are WAN interfaces. Do not use these ports for the initial configuration procedure.
- Connect the other end of the Ethernet cable to the management
The SRX300 functions as a DHCP server and automatically assigns an IP address to the laptop.
- Ensure that the management device acquires an IP address
on the 192.168.1.0/24 network from the device.
If an IP address is not assigned to the management device, manually configure an IP address in the 192.168.1.0/24 network.
Do not assign the 192.168.1.1 IP address to the management device, as this IP address is assigned to the SRX300.
- Open a browser and type https://192.168.1.1. The Phone Home Client page appears.
- To configure the device:
Using zero-touch provisioning (ZTP)—Follow the procedure in Configure the Device Using ZTP with Juniper Networks Network Service Controller
Using J-Web—Click Skip to J-Web.
- Set a root authentication password in the Skip to J-Web
page and click Submit.
The J-Web login page appears. The SRX300 already has factory-default settings configured to make it a plug-and-play device. So all you have to do to get the SRX300 up and running is connect it to your LAN and WAN networks.
- Connect the WAN network to port
0/0to obtain a dynamic IP address.
- Connect the LAN network to any of the ports from
- Check to see if the SRX300 is connected to the Internet.
Go to http://www.juniper.net. If the page does not load,
check the Internet connection.
After you complete these steps, you can start using the SRX300 on your network right away.
You can continue to customize the settings by logging in to J-Web and selecting the configuration mode that’s right for you. You can then follow the screens as they appear in the Setup wizard.
To customize the configuration in Junos OS Release 19.2, see Customize the Configuration for Junos OS Release 19.2.
To customize the configuration in Junos OS Release 15.1X49-D170, see Customize the Configuration for Junos OS Release 15.1X49-D170.
Customize the Configuration for Junos OS Release 19.2
You can select any one of the configuration modes to customize the configuration:
Standard—Configure basic security settings for the SRX300.
Cluster (HA)—Set up the SRX300 in chassis cluster mode.
Passive—Set up the SRX300 in Tap mode. Tap mode enables the SRX300 to passively monitor traffic flows across a network.
Customize the Configuration for Junos OS Release 15.1X49-D170
You can select any one of the configuration modes to customize the configuration:
Guided Setup (uses a dynamic IP address)—Enables you to set up the SRX300 in a custom security configuration. You can select either the Basic or the Expert option.
The following table compares the Basic and Expert levels:
Number of internal zones allowed
Internet zone configuration options
Internal zone service configuration
Internal destination NAT configuration
If you change the IP address of the port to which the laptop is connected, you might lose connectivity to the device when applying the configuration in the Guided Setup mode. To access J-Web again, open a new browser window and type https://new IP address.
Default Setup (uses a dynamic IP address)—Enables you to quickly set up the SRX300 with the default configuration. Any additional configuration can be done after the wizard setup is completed.
High Availability—Enables you to set up a chassis cluster with a default basic configuration.
Configure the Device Using ZTP with Juniper Networks Network Service Controller
You can configure using ZTP for Junos OS Release 19.2 and earlier releases.
You can use ZTP to complete the initial configuration of the SRX300 in your network automatically, with minimum intervention.
Network Service Controller is a component of the Juniper Networks Contrail Service Orchestration platform that simplifies and automates the design and implementation of custom network services that use an open framework.
For more information, refer to the Network Service Controller
section in the datasheet at http://www.juniper.net/assets/us/en/local/pdf/datasheets/1000559-en.pdf
To configure the device automatically using ZTP:
To complete the ZTP process, ensure that the SRX300 is connected to the Internet.
If you already have the authentication code, enter the code in the webpage displayed.
On successful authentication, the initial configuration is applied and committed on the SRX300. Optionally, the latest Junos OS image is installed on the SRX300 before the initial configuration is applied.
If you do not have the authentication code, you can use the J-Web setup wizard to configure the SRX300. Click Skip to J-Web and configure the SRX300 using J-Web.