Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configuring Junos OS on the SRX380

The services gateway is shipped with the Juniper Networks Junos operating system (Junos OS) preinstalled and ready to be configured when the device is powered on. You can perform the initial software configuration of the services gateway by using any one of the following methods:

  • J-Web Setup wizard

  • Command-line interface (CLI)

Understanding SRX380 Firewall Factory-Default Settings

The SRX380 device is shipped with the with the factory-default settings listed in Table 1, Table 2, Table 3, and Table 4.

Table 1: Security Policies

Source Zone

Destination Zone

Policy Action

trust

trust

permit

trust

untrust

permit
Table 2: NAT Rules

Source Zone

Destination Zone

Policy Action

trust

untrust

Source NAT to untrust zone interface
Table 3: Ethernet Interfaces

Port Label

Interface

Security Zone

DHCP State

IP Address

0/0 and 0/19

ge-0/0/0 and xe-0/0/19

untrust

Client

Unassigned

0/1 to 0/18

VLAN Interface irb.0

(ge-0/0/1 to ge-0/0/15)

(xe-0/0/16 to xe-0/0/18)

trust

Server

192.168.2.1/24

MGMT

fxp0

Server

192.168.1.1/24
Table 4: LTE Interfaces

Interface

Security Zone

IP Address

cl-1/0/0

N/A

N/A

dl0 (logical)

untrust

ISP assigned*

*Only if the LTE Mini-PIM is present

The SRX380 device is shipped with the following services and protocols enabled by default:

Table 5: Services, Protocols, and Startup Mode

Services

Protocols

Device Startup Mode

SSH

HTTPS

NETCONF over SSH

RSTP (all interfaces)

Switching

To provide secure traffic, a basic set of screens are configured on the untrust zone.

Initial Configuration

You can configure the device using either the J-Web or CLI:

Initial Configuration Using J-Web

To configure root authentication:

  1. Connect one end of the Ethernet cable to the management port (labeled MGMT) on the device.
    Note:

    You can also connect any of the network ports numbered 0/1 through 0/15 to the Ethernet port on the management device.

  2. Connect the other end of the Ethernet cable to the management device.
    Figure 1: Connecting the SRX380 to a Management DeviceConnecting the SRX380 to a Management Device

    The SRX380 functions as a DHCP server and automatically assigns an IP address to the laptop.

  3. Ensure that the laptop acquires an IP address on the 192.168.1.0/24 network.
  4. If the laptop is unable to acquire an IP address, manually configure an IP address in the 192.168.1.0/24 network.
    Note:

    Be sure you don’t assign the IP address 192.168.1.1 to the laptop as this is the IP address assigned to the SRX380.

  5. Open a browser and type https://192.168.1.1. No login is required.

    The J-Web Setup wizard opens on your screen.

  6. Click Skip in the upper-right corner of the Setup wizard.
  7. Set a root authentication password and click OK.

    The J-Web login page appears.

  8. Log in using the root authentication password.

    The J-Web Setup application displays.

Configuring the SRX380 Firewall Using CLI

To configure Junos OS on the SRX380 using CLI:

  1. Connect the console port to a laptop or PC by using the RJ-45 to DB-9 serial port adapter.

    An Ethernet cable that has an RJ-45 connector at either end and an RJ-45 to DB-9 serial port adapter.

  2. Start the CLI.
    Note:

    You can view the factory-default settings by using the show configuration command.

  3. Enter configuration mode.

  4. Set the root authentication password by entering a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
  5. Commit the configuration to activate it on the services gateway.

Plug and Play

The SRX380 already has factory-default settings configured to make it a plug and play device. So all you have to do to get the SRX380 up and running is connect it to your LAN and WAN networks.

  1. Connect the WAN network to port 0/0.
  2. Connect the LAN network to any of the ports from 0/1 through 0/18.
  3. Check to see if the SRX380 is connected to the Internet. Go to http://www.juniper.net. If the page does not load, check the Internet connection.

After you complete these steps, you can start using the SRX380 on your network right away. You can go back and customize settings at anytime. The J-Web Setup wizard is always available to you.

Configure the SRX380 Using J-Web

You can modify the configuration using J-Web. Have the following information ready before you start the configuration process:

  • Hostname

  • Root authentication password

  • IP address for the NTP server

  • IP address for the DNS server

  • IP address for the management interface

To modify the configuration using J-Web:

  1. In the J-Web application, select Configure > Setup Wizard. The Setup wizard opens on your screen.
    Figure 2: Setup Wizard Page Setup Wizard Page
  2. Select Standard.
  3. Configure the device and users:

    1. Enter the hostname.

    2. (Optional) Allow root access.

    3. Enter the root authentication password.

    4. (Optional) Add user accounts.

    5. Click Next.

    Note:

    Once you specify the hostname and root password, you can skip all the other steps and apply the configuration.

  4. Set the time and configure the DNS server:

    1. Set the time manually or configure an NTP server.

    2. Select the time zone from the drop-down box.

    3. Type the IP address for the DNS server.

    4. Click Next.

  5. Configure the management interface:

    1. Select the management port.

    2. Type the IP address for the management interface and the static route if it is needed to reach the SRX380 via the management interface.

    3. Click Next.

  6. Configure zones and associate interfaces to the zones. You can use the default settings and click Next.
  7. Set up additional services and security policies, or just click Finish and set it up later.

    The Setup Wizard displays a summary of your configuration settings.

  8. You can edit any setting or click OK.

    Once you click OK, the Setup Wizard applies your configuration.

    Note:

    You might lose connectivity to the SRX380 device if you changed the IP address of the port to which the laptop is connected. If you lose connectivity, open a new browser window and type https://<new IP address> to access J-Web again.

  9. Click Close to end the Setup Wizard.

    The J-Web login screen automatically displays on your screen. You can now log in with the root authentication password.

Viewing Factory-Default Settings

To view the factory-default settings on your services gateway:

  1. Log in as the root user and provide your credentials.
  2. View the list of default config files:

  3. View the required default config file.

When you commit changes to the configuration, a new configuration file is created, which becomes the active configuration. If the current active configuration fails, you can use the load factory-default command to revert to the factory-default configuration.