Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring Junos OS on the SRX320

 

The SRX320 Services Gateway is shipped with the Juniper Networks Junos operating system (Junos OS) preinstalled and is ready to be configured when the SRX320 is powered on. You can perform the initial software configuration of the SRX320 by using the browser-based setup wizard or by using the command-line interface (CLI).

SRX320 Services Gateway Factory-Default Settings

The SRX320 is shipped with the following factory-default settings:

Table 1: Security Policies

Source Zone

Destination Zone

Policy Action

trust

trust

permit

trust

untrust

permit

Table 2: NAT Rules

Source Zone

Destination Zone

Policy Action

trust

untrust

Source NAT to untrust zone interface

Table 3: Ethernet Interfaces

Port Label

Interface

Security Zone

DHCP State

IP Address

0/0 and 0/7

ge-0/0/0 and ge-0/0/7

untrust

Client

Unassigned

0/1 to 0/6

VLAN interface irb.0 (ge-0/0/1 to ge-0/0/6)

trust

Server

192.168.1.1/24

Table 4: LTE Interfaces

Interface

Security Zone

IP Address

cl-1/0/0

N/A

N/A

dl0 (logical)

untrust

ISP assigned*

*Only if the LTE Mini-PIM is present

The SRX320 is shipped with the following services and protocols enabled by default:

Table 5: Services, Protocols, and Startup Mode

Services

Protocols

Device Startup Mode

SSH

HTTPS

NETCONF over SSH

RSTP (all interfaces)

Switching

To provide secure traffic, a basic set of screens are configured on the untrust zone.

How to View Factory-Default Settings

To view the factory-default settings on your device:

  1. Log in as the root user and provide your credentials.
  2. View the list of default configuration files:
    user@host> file list /etc/config

  3. View the required default configuration file.
    user@host> file show /etc/config/<config file name>

When you commit changes to the configuration, a new configuration file is created, which becomes the active configuration. If the current active configuration fails, you can use the load factory-default command to revert to the factory-default configuration.

Initial Configuration Using the CLI

You can use either the serial or the mini-USB console port on the device.

Connect to the Serial Console Port

To connect to the serial console port:

  1. Plug one end of the Ethernet cable into the RJ-45 to DB-9 serial port adapter supplied with your SRX320.
  2. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
  3. Connect the other end of the Ethernet cable to the serial console port on the SRX320.
    Figure 1: Connect to the Console Port on the SRX320
    Connect to the Console Port on the SRX320
  4. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal) and select the appropriate COM port to use (for example, COM1).
  5. Configure the serial port settings with the following values:
    • Baud rate—9600

    • Parity—N

    • Data bits—8

    • Stop bits—1

    • Flow control—none

Connect to the Mini-USB Console Port

To connect to the mini-USB console port:

  1. Download the USB driver to the management device from the Downloads page. To download the driver for Windows OS, select 6.5 from the Version drop-down list. To download the driver for macOS, select 4.10 from the Version drop-down list.
  2. Install the USB console driver software:Note

    Install the USB console driver software before attempting to establish a physical connection between the SRX320 and the management device, otherwise the connection will fail.

    1. Copy and extract the .zip file to your local folder.

    2. Double-click the .exe file. The installer screen appears.

    3. Click Install.

    4. Click Continue Anyway on the next screen to complete the installation.

      If you chose to stop the installation at any time during the process, then all or part of the software will fail to install. In such a case, we recommend that you uninstall the USB console driver and then reinstall it.

    5. Click OK when the installation is complete.

  3. Plug the large end of the USB cable supplied with the SRX320 into a USB port on the management device.
  4. Connect the other end of the USB cable to the mini-USB console port on the SRX320.
  5. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal) and select the new COM port installed by the USB console driver software. In most cases, this is the highest-numbered COM port in the selection menu.

    You can locate the COM port under Ports (COM & LPT) in Windows Device Manager after the driver is installed and initialized. This might take several seconds.

  6. Configure the port settings with the following values:
    • Bits per second—9600

    • Parity—None

    • Data bits—8

    • Stop bits—1

    • Flow control—None

  7. If you have not already done so, power on the SRX320 by pressing the Power button on the front panel. Verify that the PWR LED on the front panel turns green.

    The terminal emulation screen on your management device displays the startup sequence. When the SRX320 has finished starting up, a login prompt appears.

Configure the SRX320 Using the CLI

To configure the SRX320 by using the CLI:

  1. Start the CLI.
    Note

    You can view the factory-default settings by using the show configuration command.

  2. Enter configuration mode.
  3. Set the root authentication password by entering a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
  4. Commit the configuration to activate it on the device.

Initial Configuration Using J-Web

Configure Using J-Web

To configure the device by using J-Web:

  1. Connect one end of the Ethernet cable to any of the network ports numbered 0/1 through 0/6 on the device.Note

    The ge-0/0/0 and ge-0/0/7 interfaces (ports 0/0 and 0/7) are WAN interfaces. Do not use these ports for the initial configuration procedure.

  2. Connect the other end of the Ethernet cable to the management device.
    Figure 2: Connect the SRX320 to a Management Device
    Connect
the SRX320 to a Management Device

    The SRX320 functions as a DHCP server and automatically assigns an IP address to the laptop.

  3. Ensure that the management device acquires an IP address on the 192.168.1.0/24 network from the device.

    If an IP address is not assigned to the management device, manually configure an IP address in the 192.168.1.0/24 network.

    Note

    Do not assign the 192.168.1.1 IP address to the management device, as this IP address is assigned to the SRX320.

  4. Open a browser and type https://192.168.1.1. The Phone Home Client screen appears.

  5. To configure the device:
  6. Set a root authentication password in the Skip to J-Web screen and click Submit.

    The J-Web login page appears. The SRX320 already has factory-default settings configured to make it a plug-and-play device. So all you have to do to get the SRX320 up and running is connect it to your LAN and WAN networks.

  7. Connect the WAN network to port 0/0 to obtain a dynamic IP address.
  8. Connect the LAN network to any of the ports from 0/1 through 0/6.
  9. Check to see if the SRX320 is connected to the Internet. Go to http://www.juniper.net. If the page does not load, check the Internet connection.

    After you complete these steps, you can start using the SRX320 on your network right away.

You can continue to customize the settings by logging in to J-Web and selecting the configuration mode that’s right for you. You can then follow the screens as they appear in the Setup wizard.

Customize the Configuration for Junos OS Release 19.2

You can select any one of the configuration modes to customize the configuration:

  • Standard—Configure basic security settings for the SRX320.

  • Cluster (HA)—Set up the SRX320 in chassis cluster mode.

  • Passive—Set up the SRX320 in Tap mode. Tap mode enables the SRX320 to passively monitor traffic flows across a network.

Customize the Configuration for Junos OS Release 15.1X49-D170

You can select any one of the configuration modes to customize the configuration:

  • Guided Setup (uses a dynamic IP address)—Enables you to set up the SRX320 in a custom security configuration. You can select either the Basic or the Expert option.

    The following table compares the Basic and Expert levels:

    Options

    Basic

    Expert

    Number of internal zones allowed

    3

    ≥ 3

    Internet zone configuration options

    • Static IP

    • Dynamic IP

    • Static IP

    • Static pool

    • Dynamic IP

    Internal zone service configuration

    Allowed

    Allowed

    Internal destination NAT configuration

    Not Allowed

    Allowed

    Note

    If you change the IP address of the port to which the laptop is connected, you might lose connectivity to the device when applying the configuration in the Guided Setup mode. To access J-Web again, open a new browser window and type https://new IP address.

  • Default Setup (uses a dynamic IP address)—Enables you to quickly set up the SRX320 with the default configuration. Any additional configuration can be done after the wizard setup is completed.

  • High Availability—Enables you to set up a chassis cluster with a default basic configuration.

Configure the Device Using ZTP with Juniper Networks Network Service Controller

Note

You can configure using ZTP for Junos OS Release 19.2 and earlier releases.

You can use ZTP to complete the initial configuration of the SRX320 in your network automatically, with minimum intervention.

Network Service Controller is a component of the Juniper Networks Contrail Service Orchestration platform that simplifies and automates the design and implementation of custom network services that use an open framework.

For more information, refer to the Network Service Controller section in the datasheet at http://www.juniper.net/assets/us/en/local/pdf/ datasheets/1000559-en.pdf  .

To configure the device automatically using ZTP:

Note

To complete the ZTP process, ensure that the SRX320 is connected to the Internet.

  • If you already have the authentication code, enter the code in the webpage displayed.

    Figure 3: Authentication Code Page
    Authentication
Code Page

    On successful authentication, the initial configuration is applied and committed on the SRX320. Optionally, the latest Junos OS image is installed on the SRX320 before the initial configuration is applied.

  • If you do not have the authentication code, you can use the J-Web setup wizard to configure the SRX320. Click Skip to J-Web and configure the SRX320 using J-Web.