Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configure Basic Settings

You are here: Device Administration > Basic Settings.

Use this page to configure your device basic settings.

You can do the following:

  • Save—Saves all the basic settings configuration and returns to the main configuration page.

    Note:

    For all the configuration options under Basic Settings:

    • Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.

    • When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.

  • Cancel—Cancels all your entries and returns to the main configuration page.

  • Commit—Commits all the basic settings configuration and returns to the main configuration page.

  • Expand all—Click the arrow pointing outwards icon to expand all the options.

  • Collapse all—Click the arrow pointing inwards to collapse or hide all the options.

Table 1 describes the fields on the Basic Settings page.

Table 1: Fields on the Basic Settings Page

Field

Action

System Identity

Hostname

Enter a hostname for the device.

Domain name

Enter a domain name to specify the network or subnetwork to which the device belongs.

Root password

Enter a password for the root user.

Note:

After you have defined a root password, that password is required when you log in to the J-Web or the CLI.

Confirm root password

Re-enter the password to confirm.

DNS servers

Select an option to specify the DNS server settings:

  • To specify a server that the device can use to resolve hostnames into addresses:

    1. Click + at the upper-right corner of the DNS Servers table.

    2. Enter an IPv4 address of the server.

    3. Click the tick mark to save the changes. Else, click the cancel (X) icon to discard the changes.

  • To edit an existing DNS server hostname:

    1. Select a DNS server hostname that you want to edit.

    2. Click the pencil icon at the upper-right corner of the DNS Servers table or right-click on the hostname and edit the IPv4 address.

    3. Click the tick mark to save the changes. Else, click the cancel (X) icon to discard the changes.

  • To remove an existing DNS server hostname, select it and click the delete icon at the upper-right corner of the DNS Servers table or right-click on the hostname and delete it.

Domain search

Select an option:

  • To add a domain name:

    1. Click + at the upper-right corner of the Domain Search table.

    2. Enter a domain name.

      The string must contain an alphanumeric character and can include underscores, hyphen, slash and dot. No spaces allowed.

    3. Click the tick mark to save the changes. Else, click the cancel (X) icon to discard the changes.

  • To edit an existing domain name:

    1. Select a domain name that you want to edit.

    2. Click the pencil icon at the upper-right corner of the Domain Search table or right-click on the domain name and edit the name.

    3. Click the tick mark to save the changes. Else, click the cancel (X) icon to discard the changes.

  • To remove an existing domain name, select it and click the delete icon at the upper-right corner of the Domain Search table or right-click on the name and delete it.

Time

Time zone

Select the time zone from the list in which the router resides.

Time source

Select an option from the list to set the system time:

NTP Servers—Synchronizes the system time with the NTP server that you select. Click one of the following options:

  • Add—Click + to add an NTP server. Then, enter the NTP server name, key, and Routing Instance. Select an option from the list for Version and Prefer.

  • Edit—Select an existing NTP server that you want to edit and click the pencil icon available at the upper right of the NTP Server table. You can also right-click on the NTP server and click Edit Row. Then, edit the key and version and click the tick mark.

  • Delete—Select an existing NTP server that you want to delete and click the delete icon available at the upper right of the NTP Server table. You can also right-click on the NTP server and click Delete Row. Click Yes to delete the selected server.

Computer—Uses the computer that you are currently logged into to determine the system time for the device.

Note:

When you select this option, the PC time that will be used is displayed in the Current Date & Time field.

Manual—Enables you to manually select the date and time for the device.

Set the date and time using the calendar pick tool and time fields.

Note:

After you configure the time manually, the session will expire. Log in to J-Web.

Device date & time

Displays the device date and time.

Current date & time

Displays the current date and time.

Management and Loopback Address

Management address

Enter IPv4 address for the device.

Subnet

Enter subnet of the IPv4 address.

Loopback address

Enter IP address and subnet for the loopback address.

Note:

If the SRX Series Firewall does not have a dedicated management port (fxp0), then Loopback Address and Subnet are the only options available for the management access configuration.

Subnet

Enter the address, for example, 255.255.255.0. You can also specify the address prefix.

Specifies the range of logical addresses within the address space that is assigned to an organization.

Default gateway

Enter the default gateway address for IPv4.

System Services

Telnet

Select this option to enable telnet.

SSH

Select this option to enable SSH connections.

FTP

Select this option to enable FTP for secure file transfer.

NETCONF

Select this option to enable NETCONF connections.

Junoscript over SSL

Select this option to enable Junoscript connections over SSL.

Junoscript certificate

Select the local certificate for SSL from the list.

Interface

Select the interface in order of your preference and click on the left arrow/right arrow to add.

HTTPS

Select this option to enable HTTPS connection settings.

Interface

Select the interface in order of your preference and click on the left arrow/right arrow to add.

HTTPS certificate

Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs.

Select the HTTPS certificate from the list.

PKI certificate

Select the PKI certificate for HTTPS from the list.

Note:

This option is available only if you select pki-local-certificate in the HTTPS Certificate options.

Local certificate

Select the local certificate for HTTPS from the list.

Note:

This option is available only if you select local-certificate in the HTTPS Certificate options.

HTTPS port

Click up or down arrow to select the TCP ports for incoming HTTP connections.

Virtual domain certificates

Device certificate configured for a domain which can be used for J-Web access.
  • To add a virtual domain certificate:

    1. Click + at the upper-right corner of the Virtual Domain Certificates table.

    2. Enter a virtual domain name and select a device certificate from the list.

      Note:

      The domain name string must contain an alphanumeric character and can include underscores, hyphen, and dot. No spaces allowed.

    3. Click the tick mark to save the changes. Else, click the cancel (X) icon to discard the changes.

Management URL

Enter the URL path for web management access.

Session

Enable to configure the web management session parameters.

Idle timeout

Enter a value or click the up or down arrow to set default timeout of web management sessions.

Maximum session

Click the up or down arrow to set maximum number of web management sessions allowed.

Web API

Select to enable Web API configuration.

Client

Select to enable client for the Web API.

Hostname

Provides the address of permitted HTTP/HTTPS request originators.

To add, click + and enter the IPv4 address of the permitted HTTP/HTTPS request originator and click tick mark to save the changes.

To delete, select the hostname and click the delete icon. Then, click Yes to delete it.

HTTP

Select to enable unencrypted HTTP connection settings.

HTTP port

Click top or bottom arrows to select the TCP ports for incoming HTTP connections.

HTTPs

Select to enable encrypted HTTPS connection settings.

HTTPS port

Click top or bottom arrows to select the TCP ports for incoming HTTP connections.

Certificate type

Select to specify the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs for Web API:

  • Default—Selects the default system generated certificate.

  • PKI Certificate—Select a PKI certificate from the list for HTTPS of Web API.

  • File Path:

    • File Path—Click Browse and select a certificate from your desired location. Or click Upload and upload the selected certificate.

    • Certificate—Displays the file path of the uploaded certificate.

    • Certificate Key:

      • Browse—Click and select the certificate key from your desired location.

      • Upload—Click and upload the selected certificate key.

    • Certificate Key—Displays the file path of the uploaded certificate key.

User

Select this option to enable user credentials.

Name

Enter a username.

Password

Enter the user password.

REST API

Enable this option to allow RPC execution over HTTP(S) connection.

Explorer

Select this option to enable REST API explorer.

Control

Select this option to enable control the REST API process.

Allowed sources

Provides the source IP address.

Click + and enter the IPv4 address of the source. Then, click tick mark.

To delete, select an existing address and click the delete icon. Then, click Yes to delete it.

Connection limit

Click top or bottom arrows to select the number of simultaneous connections.

HTTP

Select to enable unencrypted HTTP connections for REST API.

Address

Click + and enter the IPv4 address for the incoming connections for HTTP of REST API. Then, click tick mark to add it.

To delete, select an existing address and click the delete icon. Then, click Yes to delete it.

Port

Click top or bottom arrows to select the HTTP port to accept HTTP connections for REST API.

Note:

The default port for HTTP of REST API is 3000.

HTTPS

Select to enable encrypted HTTPS connections for REST API.

Address

Click + and enter the IPv4 address for the incoming connections for HTTPS of REST API. Then, click tick mark to add it.

To delete, select an existing address and click the delete icon. Then, click Yes to delete it.

Cipher list

Select the Cipher suites in order of your preference and click on the left arrow or right arrow to add.

Port

Click top or bottom arrows to select the HTTPS port to accept the HTTPS connection of REST API.

Note:

The default port for HTTPS of REST API is 3443.

Server certificate

Select server certificate from the list. See Import a Device Certificate to import a device certificate.

CA Profile

Select the certificate authority profile for HTTPS of REST API from the list.

To create Certificate Authority inline:

  • Click Create Certificate Authority Profile.

  • Enter the following details:

    • CA Profile *—Enter the CA profile name.

    • CA Identifier *—Enter the CA identifier.

    • File Path on Device for Certificate:

      • Browse—Click and select the certificate from your desired location.

      • Upload—Click and upload the selected certificate.

    • File Path on Device for Certificate—Displays the file path of the selected certificate.

  • Click OK.

Security Logging

Stream mode logging

Select this option to enable logging.

Note:

The Enable Traffic Logs option is available for user logical system and tenants.

UTC timestamp

Select this option to enable UTC Timestamp for security log timestamps.

Log on

Select one of the log on types for logging.

  • Source Address—Select this option to enter the source IP address.

  • Source Interface—Select this option to select a source interface from the list.

IP address

Enter the source IP address.

Note:

This option is available if you select the log on type as Source Address.

Format

Specifies the format in which the logs are stored.

Select a format in which the logs are stored from the list.

  • binary—Binary encoded text to conserve resources.

  • SD-Syslog—Structured system log file.

  • Syslog—Traditional system log file.

By default, None logging format is selected.

Transport protocol

Select an option from the list to specify the type of logging transport protocol:

  • TCP—Select this option to set the transport protocol to TCP.

  • UDP—Select this option to set the transport protocol to UDP.

  • TLS—Select this option to set the transport protocol to TLS.

By default, None is selected.

Connections

Select the TCP or TLS connections for logging using up and down arrows.

Note:

This option is available if you select the transport protocol option as TCP or TLS.

TLS profile

Select a TLS profile from the list.

Note:

This option is available if you select the transport protocol option as TLS.

Syslog server

Enables you to configure syslog servers. You can configure a maximum of three syslog servers.

Perform one of the following tasks:

  1. To create syslog server, click +, enter the following details and then click OK.

    • Name—Enter the name of the new stream configuration.

    • Save At—Select the location from the list to save the stream.

    • Type—Select a format in which the logs are stored from the list.

      The log types are:

      • Structure

      • Standard

      • Web

    • Host—Enter the IP address for the stream host name.

  2. To edit an existing syslog server, select it and click the pencil icon. Then, edit the saving mode, streaming type, and host in the Edit Syslog page and click OK.

  3. To delete an existing syslog server, select it and click the delete icon.

On-box reporting

Enable this option to generate on-box reports.

Note:

We recommend you use Stream mode logging to syslog server.

SNMP

Contact information

Enter any contact information for the administrator of the system (such as name and phone number).

System description

Enter any information that describes the system.

Local engine ID

Enter the MAC address of Ethernet management port 0.

Specifies the administratively unique identifier of an SNMPv3 engine for system identification. The local engine ID contains a prefix and a suffix. The prefix is formatted according to specifications defined in RFC 3411. The suffix is defined by the local engine ID. Generally, the local engine ID suffix is the MAC address of Ethernet management port 0.

System location

Enter any location information for the system (lab name or rack name, for example).

System name override

Specifies the option to override the system hostname.

Enter the name of the system.

Community

Specifies the name and authorization for the SNMP community.

  • Click +.

  • Enter the name of the community being added.

  • Select the desired authorization (either read-only or read-write) from the list.

Click tick mark.

Trap groups

Name

Click + to add a trap group.

Enter the SNMP trap group being configured.

Categories

Select trap categories to add to the trap group being configured. The options available are:

  • Authentication

  • Chassis

  • Configuration

  • Link

  • Remote operations

  • RMON alarm

  • Routing

  • Startup

  • CRRP events

Targets

Specifies one or more IP addresses that specify the systems to receive SNMP traps that are generated by the trap group being configured.

Click +, enter the target IP address for SNMP trap group, and click tick mark.

Health monitoring

Enable the option to check the SNMP health monitor on the device. The health monitor periodically checks the following key indicators of device health:

  • Percentage of file storage used

  • Percentage of Routing Engine CPU used

  • Percentage of Routing Engine memory used

  • Percentage of memory used for each system process

  • Percentage of CPU used by the forwarding process

  • Percentage of memory used for temporary storage by the forwarding process

Interval

Specifies the sampling frequency interval, in seconds, over which the key health indicators are sampled and compared with the rising and falling thresholds. For example, if you configure the interval as 100 seconds, the values are checked every 100 seconds.

Select a value from 1 through 24855. The default value is 300 seconds.

Rising threshold

Specifies the value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is increasing. For example, if the rising threshold is 90, SNMP generates an event when the value of any key indicator reaches or exceeds 90 seconds.

Select a value from 1 through 100. The default value is 90 seconds.

Falling threshold

Specifies a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is decreasing. For example, if the falling threshold is 80, SNMP generates an event when the value of any key indicator falls back to 80 seconds or less.

Select a value 0 through 100. The default value is 80 seconds.

Redundant PSU
Note:

SRX380 devices support power supply redundancy for power management.

Power Supply 0

Displays if the power supply is present or not.

Power Supply 1

Displays if the redundant power supply is present or not.

PSU Redundancy

Enable this option to manage power on the SRX380 device.

Note:

This option is available only when the device is in the standalone mode.