Step 7: Perform the Initial Software Configuration
This procedure connects the firewall to the network but does not enable it to forward traffic. For complete information about enabling the firewall to forward traffic, including examples, see the appropriate Junos operating system (Junos OS) configuration guides at www.juniper.net/techpubs/.
To configure the software:
Enter Configuration Mode
- If you have not already done so, switch the circuit breaker or toggle switch for each power supply to the ON position to start the device. The OK LED on the power supply faceplate should blink, and then light steadily.
- Log in as the root user. There is no password.
- Start the CLI.
root# cli root@>
- Enter
configuration mode.
configure [edit] root@#
Configure User Accounts and Passwords
- Set the root authentication
password by entering a cleartext password, an encrypted password,
or an SSH public key string (DSA or RSA).
[edit] root@# set system root-authentication plain-text-password New password: password Retype new password: password
- Configure
an administrator account on the device. When prompted, enter the password
for the administrator account.
[edit] root@# set system login user admin class super-user authentication plain-text-password New password: password Retype new password: password
-
Commit the configuration to activate it on the firewall.
[edit] root@# commit
Configure System Attributes
- Log in as the administrative user that you configured earlier.
-
Configure the name of the firewall. If the name includes spaces, enclose
the name in quotation marks (“ ”).
configure [edit] admin@# set system host-name host-name
-
Configure the IP address and prefix length for the firewall Ethernet
interface.
[edit] admin@# set interfaces fxp0 unit 0 family inet address address/prefix-length
- Configure the traffic interface.
[edit] admin@# set interfaces ge-4/2/0 unit 0 family inet address address/prefix-length admin@# set interfaces ge-4/3/5 unit 0 family inet address address/prefix-length
- Configure the default route.
[edit] admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
- Configure basic security zones and bind them to traffic
interfaces.
[edit] admin@# set security zones security-zone trust interfaces ge-4/3/5 admin@# set security zones security-zone untrust interfaces ge-4/2/0
- Configure basic security policies.
[edit] admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any destination-address any application any admin@# set security policies from-zone trust to-zone untrust policy policy-name then permit
Commit the Configuration
- Check the configuration
for validity.
[edit] admin@# commit check configuration check succeeds
- Optionally, display the configuration
to verify that it is correct.
admin@# show
## Last changed: 2008-05-07 22:43:25 UTC version "9.2I0 [builder]"; system { autoinstallation; host-name henbert; root-authentication { encrypted-password "$1$oTVn2KY3$uQe4xzQCxpR2j7sKuV.Pa0"; ## SECRET-DATA } login { user admin { uid 928; class super-user; authentication { encrypted-password "$1$cdOPmACd$QvreBsJkNR1EF0uurTBkE."; ## SECRET-DATA } } } services { ssh; web-management { http { interface ge-0/0/0.0; } } } syslog { user * { any emergency; } file messages { any any; authorization info; } file interactive-commands { interactive-commands any; } } license { autoupdate { url https://ae1.juniper.net/junos/key_retrieval; } } } interfaces { ge-0/0/0 { unit 0; } ge-2/0/0 { unit 0 { family inet { address 5.1.1.1/24; } } } ge-2/1/5 { unit 0 { family inet { address 192.1.1.1/24; } } } fxp0 { unit 0 { family inet { address 192.168.10.2/24; } } } } routing-options { static { route 0.0.0.0/0 next-hop 5.1.1.2; } } security { zones { security-zone trust { interfaces { ge-2/1/5.0; } } security-zone untrust { interfaces { ge-2/0/0.0; } } } policies { from-zone trust to-zone untrust { policy bob { match { source-address any; destination-address any; application any; } then { permit; } } } } } -
Commit the configuration to activate it on the firewall.
[edit] admin@# commit
-
Optionally, configure additional properties by adding the necessary
configuration statements. Then commit the changes to activate them on the
firewall.
[edit] admin@# commit
-
When you have finished configuring the firewall, exit configuration
mode.
[edit] admin@# exit admin@>