Configure cSRX Using Junos OS CLI
This section provides basic CLI configurations that can be used for configuring cSRX Container Firewall containers. For more details see, Introducing the Junos OS Command-Line Interface.
To configure the cSRX container using the Junos OS CLI:
-
Launch the cSRX container. Use the
docker run
command to launch the cSRX container. You include themgt_bridge
management bridge to connect the cSRX to a network.root@csrx-ubuntu3:~/csrx# docker run -d --privileged --network=mgt_bridge -e --name=<csrx-container-name> hub.juniper.net/security/<csrx-image-name>
For example, to launch
csrx2
using cSRX software imagecsrx:18.21R1.9
enter:root@csrx-ubuntu3:~/csrx# docker run -d --privileged --network=mgt_bridge -e --name=csrx2 hub.juniper.net/security/csrx:18.2R1.9
Note:You must include the
--privileged
flag in thedocker run
command to enable the cSRX container to run in privileged mode. -
Log in to the cSRX container using SSH which is accessed by cSRX exposed service port.
root@csrx-ubuntu3:~/csrx#ssh -p 30122 root@192.168.42.81
- Start the CLI as root user.
root#cli root@>
- Verify the interfaces.
root@> show interfaces
Physical interface: ge-0/0/1, Enabled, Physical link is Up Interface index: 100 Link-level type: Ethernet, MTU: 1514 Current address: 02:42:ac:13:00:02, Hardware address: 02:42:ac:13:00:02 Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 200 Link-level type: Ethernet, MTU: 1514 Current address: 02:42:ac:14:00:02, Hardware address: 02:42:ac:14:00:02
- Enter configuration mode.
configure [edit] root@#
- Set the root authentication password by entering a cleartext password, an encrypted password, or an
SSH public key string (DSA or RSA).
[edit] root@# set system root-authentication plain-text-password New password: password Retype new password: password
- Configure the hostname.
[edit] root@# set system host-name host-name
- Configure the two traffic interfaces.
[edit] root@# set interfaces ge-0/0/0 unit 0 family inet address 192.168.20.2/24 root@# set interfaces ge-0/0/1 unit 0 family inet address 192.168.10.2/24
- Configure basic security zones for the public and private
interfaces and bind them to traffic interfaces.
[edit] root@# set security zones security-zone untrust interfaces ge-0/0/0.0 root@# set security zones security-zone trust interfaces ge-0/0/1.0 root@# set security policies default-policy permit-all
- Verify the configuration.
[edit] root@# commit check configuration check succeeds
-
Commit the configuration to activate it on the cSRX instance.
[edit] root@# commit commit complete
- (Optional) Use the
show
command to display the configuration for verification.