Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Performing the Initial Software Configuration for the SRX5800

SRX5800 Firewall Software Configuration Overview

The firewall is shipped with the Junos operating system (Junos OS) preinstalled and ready to be configured when the device is powered on. There are three copies of the software: one on a CompactFlash card (if installed) in the Routing Engine, one on the hard disk in the Routing Engine, and one on a USB flash drive that can be inserted into the slot in the Routing Engine faceplate.

When the device boots, it first attempts to start the image on the USB flash drive. If a USB flash drive is not inserted into the Routing Engine or the attempt otherwise fails, the device next tries the CompactFlash card (if installed), and finally the hard disk.

You configure the firewall by issuing Junos OS command-line interface (CLI) commands, either on a console device attached to the CONSOLE port on the Routing Engine, or over a telnet connection to a network connected to the ETHERNET port on the Routing Engine.

Gather the following information before configuring the device:

  • Name the device will use on the network

  • Domain name the device will use

  • IP address and prefix length information for the Ethernet interface

  • IP address of a default router

  • IP address of a DNS server

  • Password for the root user

Initially Configuring the SRX5800 Firewall

This procedure connects the device to the network but does not enable it to forward traffic. For complete information about enabling the device to forward traffic, including examples, see the appropriate Junos OS configuration guides.

To configure the software:

  1. Verify that the device is powered on.
  2. Log in as the root user. There is no password.
  3. Start the CLI.
  4. Enter configuration mode.
  5. Set the root authentication password by entering either a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
  6. Configure an administrator account on the device. When prompted, enter the password for the administrator account.
  7. Commit the configuration to activate it on the device.
  8. Log in as the administrative user you configured in Step 6.
  9. Configure the name of the device. If the name includes spaces, enclose the name in quotation marks (“ ”).
  10. Configure the IP address and prefix length for the Ethernet management interface on the firewall’s Routing Engine.
  11. Configure the traffic interface.
  12. Configure the default route.
  13. Configure basic security zones and bind them to traffic interfaces.
  14. Configure basic security policies.
  15. Check the configuration for validity.
  16. Commit the configuration to activate it on the device.
  17. Optionally, display the configuration to verify that it is correct.
  18. Commit the configuration to activate it on the device.
  19. Optionally, configure additional properties by adding the necessary configuration statements. Then commit the changes to activate them on the device.
  20. When you have finished configuring the device, exit configuration mode.

Performing Initial Software Configuration Using J-Web

Configuring Root Authentication and the Management Interface from the CLI

Before you can use J-Web to configure your device, you must access the CLI to perform the initial configuration.

To configure root authentication and the management interface:

  1. Log in as root. There is no password.
  2. Start the CLI and enter configuration mode.
  3. Set the root authentication password by entering a cleartext password, an encrypted password, or an SSH public key string (DSA or RSA).
  4. Commit the configuration to activate it on the device.
  5. Configure the IP address and prefix length for the Ethernet management interface on the device.
  6. Configure the default route.
  7. Enable Web access to launch J-Web.
  8. Commit the configuration changes.

Configuring Interfaces, Zones, and Policies with J-Web

You can configure hostnames, interfaces, zones, and security policies using J-Web.

Note:

You cannot use J-Web to configure SRX5400, SRX5600, and SRX5800 Firewalls in Junos OS Release 15.1X49-D10.

Before you begin:

Configure the device with J-Web using the following procedures.

Configuring the Hostname

To configure the hostname:

  1. Launch a Web browser from the management device.
  2. Enter the IP address of the device in the URL address field.
  3. Specify the default username as root and enter the password. See Performing Initial Software Configuration Using J-Web.
  4. Click Log In. The J-Web Dashboard page appears.
  5. Select Configure>System Properties>System Identity, and then select Edit. The Edit System Identity dialog box appears.
  6. Enter the hostname and click OK.
  7. Select Commit Options>Commit to apply the configuration changes.

You have successfully configured the hostname for the system.

Configuring Interfaces

To configure two physical interfaces:

  1. From the J-Web Dashboard page, select Configure>Interfaces and select a physical interface you want to configure.
  2. Select Add>Logical Interface. The Add interface dialog box appears.
  3. Set Unit = 0.
  4. Select the check box for IPv4 Address to enable IPv4 addressing.
  5. Click Add and enter the IPv4 address.
  6. Click OK.

    A message appears after your configuration changes are validated successfully.

  7. Click OK.
  8. Select Commit Options>Commit to apply the configuration changes.

    A message appears after your configuration changes are applied successfully.

  9. Click OK.

You have successfully configured the physical interface. Repeat these steps to configure the second physical interface for the device.

Configuring Zones and Assigning Interfaces

To assign interfaces within a trust zone and an untrust zone:

  1. From the J-Web Dashboard page, select Configure>Security>Zones/Screens and click Add. The Add Zone dialog box appears.
  2. In the Main tab, enter trust for zone name and enter the description.
  3. Set the zone type to Security.
  4. Select the interfaces listed under Available and move them under Selected.
  5. Click OK.

    A message appears after your configuration changes are validated successfully.

  6. Click OK.
  7. Select Commit Options>Commit to apply the configuration changes.

    A message appears after your configuration changes are applied successfully.

  8. Click OK.
  9. Repeat Step 1 through Step 8 and assign another interface to an untrust zone.

You have successfully configured interfaces in a trust zone and in an untrust zone.

Configuring Security Policies

To configure security policies:

  1. From the J-Web Dashboard page, select Configure>Security>Security Policy and click Add. The Add Policy dialog box appears.
  2. In the Policy tab, enter the policy name and set the policy action to permit. Then select Zone and set the From Zone to trust and the To Zone to untrust.
  3. Configure the source IP address by selecting any listed under Available and moving it under Selected.
  4. Configure the destination IP address by selecting any listed under Available and moving it under Selected.
  5. Configure the application by selecting any listed under Available and moving it under Selected.
  6. Click OK.

    A message appears after your configuration changes are validated successfully.

  7. Click OK.
  8. Select Commit Options>Commit to apply the configuration changes.

    A message appears after your configuration changes are applied successfully.

  9. Click OK.

You have successfully configured the security policy.