Step 1: Begin

This guide walks you through the simple steps to onboard Juniper Networks® SRX Series Firewalls to Juniper® Security Director Cloud. You can onboard SRX Series Firewalls to Juniper Security Director Cloud using the following options:

Greenfield onboarding: Onboard new SRX Series Firewalls.

Greenfield onboarding involves onboarding new SRX Series firewalls to Juniper Security Director Cloud. This process includes purchasing subscriptions, scanning the QR code on the device, and following the on-screen instructions to add the firewall to Juniper Security Director Cloud.

You can also onboard new, greenfield, SRX Series Firewalls to Juniper Security Director Cloud using ZTP. For details, see Add Devices Using Zero Touch Provisioning.
Brownfield onboarding: Onboard existing, in-service SRX Series Firewalls.

Brownfield onboarding involves onboarding existing, in-service SRX Series Firewalls to Juniper Security Director Cloud. This process includes logging in to Juniper Security Director Cloud portal, adopting the device to generate the Junos OS CLI commands, copying the CLI commands into the firewall's CLI, and then committing the changes.

For supported SRX Series Firewalls, see Juniper Security Director Cloud Supported Firewalls.

Greenfield Onboarding: Add Cloud-Ready SRX Series Firewalls to Juniper Security Director Cloud Using QR Code

Cloud-ready SRX Series Firewalls have a QR or claim code on the chassis for quick onboarding to Juniper Security Director Cloud. Cloud-ready SRX Series Firewalls offer advanced security services, seamless integration, and protection for cloud deployments. You can onboard the cloud-ready SRX Series Firewalls using your mobile phone.

For information about supported cloud-ready and non-cloud-ready SRX Series Firewalls, see Juniper Security Director Cloud Supported Firewalls.

Note:

To onboard non-cloud-ready SRX Series Firewalls to Juniper Security Director Cloud using ZTP, see Add Devices Using Zero Touch Provisioning.

In this section, we will learn how to onboard cloud-ready SRX Series Firewalls using a QR code.

Figure 1: Onboard SRX Series Firewalls to Juniper Security Director Cloud in Greenfield Deployment

Flowchart titled Greenfield Onboarding outlining steps for setting up and managing Juniper Networks' Cloud-ready SRX Series Firewalls using Juniper Security Director Cloud. Steps include installing the firewall, deciding on subscriptions, creating an account, adding firewall via QR code, associating with Security Director Cloud, and starting management. Note indicates cloud-ready status with QR claim code on the firewall.

Before You Begin:

Install the rack and power on your cloud-ready SRX Series Firewall. For instructions specific to your device, see the applicable hardware guide.

Note:

DHCP is enabled on all interfaces on cloud-ready SRX Series Firewalls in the factory-default configuration. Make sure that you can connect to the Internet using one of the interfaces.

Decide which Juniper Security Director Cloud Subscriptions you need. Contact your sales representative or account manager to purchase subscriptions. You can also use a 30-day trial subscription that is available in the portal by default.
Go to https://sdcloud.juniperclouds.net/ and click Create an organization account.
Follow the on-screen instructions to activate your account. It takes up to 7 working days to approve your account.
Log in to the Juniper Security Director Cloud portal, click Add Subscriptions, enter details, and click OK.

View your added subscriptions from Subscriptions > SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.
Use your mobile phone to scan the QR code on the cloud-ready SRX Series Firewall. Click the displayed link and select Claim to SD Cloud to go to Juniper Security Director Cloud login page.
Read the prerequisites, enter your e-mail address, and click Next.
Follow the on-screen instructions to sign in.
Select the organization to add your device, enter the root password, and click Add Device.
Congratulations! You've successfully registered your device to the organization and added your device to Juniper Security Director Cloud. Log out from the page in your mobile phone.
Power on your cloud-ready SRX Series Firewall and log in to Juniper Security Director Cloud portal using your laptop or desktop.
View the newly added device on the SRX > Device Management > Devices page.
Note:
Device discovery takes a few seconds to complete. After successful device discovery, you can see the following status updates:
- Inventory Status: In Sync
- Device Config Status: In Sync
- Management Status: Up
Congratulations! You've successfully onboarded your cloud-ready SRX Series Firewall. You’re now ready to associate devices to your Juniper Security Director Cloud subscription.

To continue, proceed to Step 2: Up and Running.

Brownfield Onboarding: Add SRX Series Firewalls to Juniper Security Director Cloud Using Commands

In this section, we will learn how to onboard existing, in-service, SRX Series Firewalls using CLI commands.

Figure 2: Onboard SRX Series Firewalls to Juniper Security Director Cloud in Brownfield Deployment Flowchart titled Brownfield Onboarding outlining steps for onboarding SRX Series Firewall with Juniper Security Director Cloud: Ensure communication with Juniper Security Director Cloud, decide on subscriptions, create account and add subscriptions, add in-service SRX Series Firewall using commands, associate firewall with Juniper Security Director Cloud, start managing SRX Series Firewalls.

Flowchart titled Brownfield Onboarding outlining steps for onboarding SRX Series Firewall with Juniper Security Director Cloud: Ensure communication with Juniper Security Director Cloud, decide on subscriptions, create account and add subscriptions, add in-service SRX Series Firewall using commands, associate firewall with Juniper Security Director Cloud, start managing SRX Series Firewalls.

Note:

You can also onboard existing, in-service (brownfield), SRX Series Firewalls using the following methods:

To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using J-Web, see Add SRX Series Firewalls to Juniper Security Director Cloud Using J-Web.
To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using Security Director on-prem, see Add Devices to Juniper Security Director Cloud.

Before You Begin:

Make sure SRX Series Firewall can communicate with Juniper Security Director Cloud fully qualified domain name (FQDN) on respective ports. The FQDN of each home region is different. See the following table for FQDN mapping details.

Table 1: Home Region to FQDN Mapping
Region	Purpose	Port	FQDN
North Virginia, U.S.	ZTP	443	jsec2-virginia.juniperclouds.net
	Outbound SSH	7804	srx.sdcloud.juniperclouds.net
	Syslog TLS	6514	srx.sdcloud.juniperclouds.net
Ohio, U.S.	ZTP	443	jsec2-ohio.juniperclouds.net
	Outbound SSH	7804	srx.jsec2-ohio.juniperclouds.net
	Syslog TLS	6514	srx.jsec2-ohio.juniperclouds.net
Montreal, Canada	ZTP	443	jsec-montreal2.juniperclouds.net
	Outbound SSH	7804	srx.jsec-montreal2.juniperclouds.net
	Syslog TLS	6514	srx.jsec-montreal2.juniperclouds.net
Frankfurt, Germany	ZTP	443	jsec-frankfurt.juniperclouds.net
	Outbound SSH	7804	srx.jsec-frankfurt.juniperclouds.net
	Syslog TLS	6514	srx.jsec-frankfurt.juniperclouds.net

Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.

Decide which Juniper Security Director Cloud Subscriptions you need. Contact your sales representative or account manager to purchase subscriptions. You can also use a 30-day trial subscription that is available in the portal by default.
Go to https://sdcloud.juniperclouds.net/ and click Create an organization account.
Follow the on-screen instructions to activate your account. It takes up to 7 working days to approve your account activation request.
Log in to the Juniper Security Director Cloud portal, click Add Subscriptions, enter details, and click OK.

View your added subscriptions from Subscriptions > SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.
Go to Juniper Security Director Cloud, select SRX > Device Management > Devices. Click the + icon to add your devices.
Click Adopt SRX Devices and select one of the following:
- SRX Devices
- SRX Clusters
- SRX Multinode High Availability (MNHA) Pairs
Follow the on-screen instructions to continue.
Copy and paste the commands from the devices page to the SRX Series Firewall. Paste the commands for the primary cluster device console or each device in the MNHA pair. Commit the changes.

It will take few seconds for the device discovery. After device discovery is successful, verify the following fields on the Devices page:

Management Status changes from Discovery in progress to Up.
Inventory Status and Device Config Status changes from Out of Sync to In Sync.

Note:

In case of discovery failure, navigate to Administration > Jobs page to view the status.

You’re ready to associate devices to your Juniper Security Director Cloud subscription. To continue, proceed to Step 2: Up and Running.

ON THIS PAGE

Step 1: Begin

Greenfield Onboarding: Add Cloud-Ready SRX Series Firewalls to Juniper Security Director Cloud Using QR Code

Brownfield Onboarding: Add SRX Series Firewalls to Juniper Security Director Cloud Using Commands