Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Onboard Brownfield SRX Series Firewalls to Juniper Security Director Cloud Using Commands

This topic walks you through the simple steps to onboard existing, in-service, SRX Series Firewalls to Juniper Security Director Cloud using CLI commands.

Before You Begin

  • Make sure SRX Series Firewall can communicate with Juniper Security Director Cloud fully qualified domain name (FQDN) on respective ports. The FQDN of each home region is different. See the following table for FQDN mapping details.

    Table 1: Home Region to FQDN Mapping
    Region Purpose Port FQDN

    North Virginia, U.S.

    ZTP

    443

    jsec2-virginia.juniperclouds.net

    Outbound SSH

    7804

    srx.sdcloud.juniperclouds.net

    Syslog TLS

    6514

    srx.sdcloud.juniperclouds.net

    Ohio, U.S.

    ZTP

    443

    jsec2-ohio.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec2-ohio.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec2-ohio.juniperclouds.net

    Montreal, Canada

    ZTP

    443

    jsec-montreal2.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec-montreal2.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec-montreal2.juniperclouds.net

    Frankfurt, Germany

    ZTP

    443

    jsec-frankfurt.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec-frankfurt.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec-frankfurt.juniperclouds.net

  • Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.

Workflow

Figure 1: Onboard SRX Series Firewalls to Juniper Security Director Cloud in Brownfield Deployment Flowchart titled Brownfield Onboarding outlining steps for onboarding SRX Series Firewall with Juniper Security Director Cloud: Ensure communication with Juniper Security Director Cloud, decide on subscriptions, create account and add subscriptions, add in-service SRX Series Firewall using commands, associate firewall with Juniper Security Director Cloud, start managing SRX Series Firewalls.
Note:

You can also onboard existing, in-service (brownfield), SRX Series Firewalls using the following methods:

Onboard your SRX Series Firewall to Juniper Security Director Cloud

  1. Decide which Juniper Security Director Cloud Subscriptions you need. Contact your sales representative or account manager to purchase subscriptions. You can also use a 30-day trial subscription that is available in the portal by default.
  2. Go to https://sdcloud.juniperclouds.net/ and click Create an organization account.

    Follow the on-screen instructions to activate your account. It takes up to 7 working days to approve your account activation request.

  3. Log in to the Juniper Security Director Cloud portal, click Add Subscriptions, enter details, and click OK.Juniper Security Director Cloud interface showing Add Subscriptions pop-up in Subscriptions section under Administration menu with navigation options on the left.

    View your added subscriptions from Subscriptions > SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.

  4. Go to Juniper Security Director Cloud, select SRX > Device Management > Devices. Click the + icon to add your devices.
  5. Click Adopt SRX Devices and select one of the following:

    • SRX Devices

    • SRX Clusters

    • SRX Multinode High Availability (MNHA) Pairs

    User interface for adding Juniper SRX devices: options to adopt devices or register for Zero Touch Provisioning. Includes device type selection and Junos OS support notice.Follow the on-screen instructions to continue.
  6. Copy and paste the commands from the devices page to the SRX Series Firewall. Paste the commands for the primary cluster device console or each device in the MNHA pair. Commit the changes.Screenshot of Juniper Security Director Cloud Devices section highlighting Adopt Device option with red notification instructions.

    It will take few seconds for the device discovery. After device discovery is successful, verify the following fields on the Devices page:

    • Management Status changes from Discovery in progress to Up.

    • Inventory Status and Device Config Status changes from Out of Sync to In Sync.

      Note:

      In case of discovery failure, navigate to Administration > Jobs page to view the status.

      You’re ready to associate devices to your Juniper Security Director Cloud subscription.

Associate your SRX Series Firewall with Juniper Security Director Cloud Subscription

  1. Go to SRX > Device Management > Devices, select the device, and click Manage Subscriptions. Follow the on-screen instructions.Manage Subscriptions interface: 1 device selected; selected subscription 10Devices S-SD-1-C-1; 1 of 10 devices in use; expires 08 Nov 2027; Add Subscriptions link; Cancel and OK buttons.
  2. Verify that the Subscriptions column displays the subscription name for your device. Devices management interface showing a table with columns: Host Name, Device Group, Inventory Status, Device Config Status, Management Status, Device Health, Subscriptions, OS Version, Product. Key device statuses: DEMO-AA1111AA1111 is In Sync, Up, No data for health. DEMO-TEST01 and srx111111111111 have Discovery Not Initiated, No Subscription. Buttons for Security Logs Configuration, Manage Subscriptions, and a More dropdown for additional options.

    Congratulations! You have successfully associated your device to Juniper Security Director Cloud.

Related Documentation