Step 1: Begin
This guide walks you through the simple steps to onboard Juniper Networks® SRX Series Firewalls to the Juniper® Security Director Cloud. You can onboard SRX Series Firewalls to Juniper Security Director Cloud using the following options:
-
Greenfield onboarding: Onboard new cloud-ready SRX Series Firewalls.
-
Brownfield onboarding: Onboard existing, in-service SRX Series Firewalls.
You can also onboard SRX Series Firewalls using the following methods:
- To onboard SRX Series Firewalls to Juniper Security Director Cloud using ZTP, see Add Devices Using Zero Touch Provisioning.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using JWeb, see Add SRX Series Firewalls to Juniper Security Director Cloud Using JWeb.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using Security Director on-prem, see Add Devices to Juniper Security Director Cloud.
- To onboard cloud-ready SRX Series Firewalls using Mist, see Cloud-Ready SRX Firewalls with Mist.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Mist, see SRX Adoption.
Greenfield Onboarding: Add Cloud-Ready SRX Series Firewalls to Juniper Security Director Cloud Using QR Code
Install the rack and power on your cloud-ready SRX Series Firewall. For instructions specific to your device, see the applicable hardware guide.
Firewall |
Install and Maintain Hardware |
|---|---|
SRX1600 |
|
SRX2300 |
All interfaces on cloud-ready SRX Series Firewalls are DHCP enabled in the factory-default configuration. Make sure that you can connect to the internet using one of the interfaces.
-
Log in to the Juniper Security Director Cloud portal, click Add
Subscriptions, enter details, and click
OK
View your added subscriptions from Subscriptions>SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.
-
Use your mobile phone to scan the QR code on the cloud-ready SRX Series
Firewall. Click the displayed link and select Claim to SD
Cloud to go to Juniper Security Director Cloud login
page.
-
Read the prerequisites, enter your e-mail address, and click
Next.
-
Follow the on-screen instructions to sign in.
-
Select the organization to add your device, enter the root password, and
click Add Device.
Congratulations! You've successfully registered your device to the organization and added your device to Juniper Security Director Cloud.
-
Power on you cloud-ready SRX Series Firewall and log in to Juniper Security
Director Cloud portal using your laptop or desktop. View the newly added
device on the SRX > Device
Management > Devices page.
Note:Device discovery takes a few seconds to complete. After successful device discovery, you can see the following status updates:
-
Management Status: Up
-
Inventory Status: In Sync
-
Device Config Status: In Sync
Congratulations! You've successfully onboarded your cloud-ready SRX Series Firewall. You’re now ready to associate devices to your Juniper Security Director Cloud subscription.
To continue, proceed to Step 2: Up and Running.
-
Brownfield Onboarding: Add SRX Series Firewalls to Juniper Security Director Cloud Using Commands
-
Make sure SRX Series Firewall can communicate with Juniper Security Director Cloud fully qualified domain name (FQDN) on respective ports. The FQDN of each home region is different. See the following table for FQDN mapping details.
Table 2: Home Region to FQDN Mapping Home Region Purpose Port FQDN North Virginia
ZTP
Outbound SSH
System Log messages over TLS
443
7804
6514
jsec-virginia.juniperclouds.net
srx.sdcloud.juniperclouds.net
srx.sdcloud.juniperclouds.net
Ohio
ZTP
Outbound SSH
System log messages over TLS
443
7804
6514
jsec-ohio.juniperclouds.net
srx.jsec-ohio.juniperclouds.net
srx.jsec-ohio.juniperclouds.net
-
Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.
-
Log in to the Juniper Security Director Cloud portal, click
Add Subscriptions, enter details, and click
OK
View your added subscriptions from Subscriptions>SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.
-
Click Adopt SRX Devices and select SRX
Devices to add devices or select SRX
Clusters to add device clusters.
Follow the on-screen instructions to continue. -
Copy and paste the commands from the devices page to the SRX Series
Firewall or the primary cluster device console, and commit the
changes.
It will take few seconds for the device discovery. After device discovery is successful, verify the following fields on the Devices page:
-
Management Status changes from Discovery in progress to Up.
-
Inventory Status and Device Config Status changes from Out of Sync to In Sync.
In case of discovery failure, go to Administration > Jobs page to view the status.
You’re ready to associate devices to your Juniper Security Director Cloud subscription. To continue, proceed to Step 2: Up and Running.