Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add Devices

Overview

You can add devices to Juniper Security Director Cloud in the following ways:

Before You Begin

  • Ensure that each SRX Series Firewall port can communicate with a Juniper Security Director Cloud FQDN. The FQDN of each region is different.

    Table 1: Region to FQDN Mapping
    Region Purpose Port FQDN

    North Virginia, US

    ZTP

    443

    jsec2-virginia.juniperclouds.net

    Outbound SSH

    7804

    srx.sdcloud.juniperclouds.net

    Syslog TLS

    6514

    srx.sdcloud.juniperclouds.net

    Ohio, US

    ZTP

    443

    jsec2-ohio.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec2-ohio.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec2-ohio.juniperclouds.net

    Montreal, Canada

    ZTP

    443

    jsec-montreal2.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec-montreal2.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec-montreal2.juniperclouds.net

    Frankfurt, Germany

    ZTP

    443

    jsec-frankfurt.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec-frankfurt.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec-frankfurt.juniperclouds.net

  • Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.

  • To discover and manage the device from Juniper Security Director Cloud, ensure that the netconf and ssh rate limit is set to 32 or higher on the device. For more information, see Junos CLI Reference.

Add Standalone Devices, Device Clusters, or MNHA Pair Devices Using Commands

Juniper Security Director Cloud generates commands for adding a standalone device, a device cluster, or a multinode high availability (MNHA) pair devices. You can copy and paste the commands into the device console. When you commit the commands to the device, Juniper Security Director Cloud discovers and adds the device to the cloud. For more information about MNHA, see the High Availability User Guide.

  1. Click SRX > Device Management > Devices.
    The Devices page is displayed.
  2. Click +.
    The Add Devices page is displayed.
  3. Click Adopt SRX Devices.
  4. Select one of the following options:
    • SRX Devices to add standalone devices.
    • SRX Clusters to add device clusters.
    • SRX Multi-node High Availability (MNHA) to add MNHA pairs.
  5. Enter the number of standalone devices, device clusters, or MNHA pairs to be added and click OK.
    Note:

    You can add a maximum of 50 standalone devices, device clusters, or MNHA pairs at a time. An MNHA pair consists of 2 devices. So, if you enter 1, both the devices in the MNHA pair are added.

    A success message is displayed and the standalone device, device cluster, or MNHA pair and its devices are displayed on the Devices page.
    Note:

    At this point, Juniper Security Director Cloud has not yet completely added the device. So the Management Status column displays Discovery Not Initiated status.

  6. In the Management Status column, click Adopt Device or Adopt Cluster.
    Note:

    If you added an MNHA pair, the Adopt Device link is displayed for each MNHA pair device.

    The Adopt Devices page opens with the commands that you need to commit to the device.
  7. Copy and paste the commands to your device edit prompt, and press Enter. If you are adding a device cluster, paste the commands to the cluster's primary device's CLI. If you are adding an MNHA pair, paste the commands to each device in the pair.
  8. Type Commit and press Enter to commit the changes to the device.
    The device discovery process is initiated in Juniper Security Director Cloud. You can refresh the Devices page and see the status Discovery in progress in the Management Status column. You can view the job status on the Jobs page.

After discovery is complete, the status in the Management Status column changes to Up. If the discovery fails, Discovery failed status is displayed. Hover over the Discovery failed status to see the reason for the failure.

  • If the job fails for an MNHA pair, the deployment mode is not displayed beside the MNHA pair name. You can delete and add the MNHA pair again or initiate the discovery process again.

  • If security certificate installation job failed on a device in the MNHA pair, retry the job from the Jobs page and then reinitiate security logs configuration for the device from the Devices page.

Add Devices Using Zero Touch Provisioning

You can configure and provision devices automatically using Zero Touch Provisioning (ZTP). ZTP reduces the manual intervention for adding devices to a network. To ensure valid devices are onboarded through ZTP, you can configure Juniper Security Director Cloud to prompt you to approve or reject onboarding requests.

Table 2: ZTP Supported Devices
ZTP Supported Device Supported Junos OS Release

SRX300, SRX320, SRX340, and SRX345 firewalls

Junos OS Release 18.4R3 and later

SRX380

Junos OS Release 20.1R1 and later

SRX1500

Junos OS Release 20.2R1 and later

SRX1600, SRX2300

Junos OS Release 23.4R1 and later

SRX4300

Junos OS Release 24.1R1 and later

Note:

To add other devices models, configure the basic device settings and connectivity, and add the device using Add Standalone Devices, Device Clusters, or MNHA Pair Devices Using Commands.

Power on the devices to add to Juniper Security Director Cloud.
  1. Click SRX >Device Management > Devices.
    The Devices page is displayed.
  2. Click Add Devices.
    The Add Devices page is displayed.
  3. To manually enter the device details, click Register SRX Devices for ZTP, and do the following:
    1. Enter the serial number of the device.
    2. Set a root password for the device with at least six alphanumeric and special characters without spaces.
    3. To add multiple devices, click + and enter the device details.
    4. To use the same root password for all devices, select Use this password for all devices in Device 1.
    5. Click OK.
  4. To upload device information as a CSV file, click Register Devices for ZTP > Upload CSV File, and do the following:
    1. Click Download sample CSV file to download the CSV file template to enter the device details.
    2. Add the serial number and root password of the devices in the CSV file.
    3. Click Browse and upload the CSV file.
    4. Click OK.

The devices are added and displayed on the Devices page and the device discovery process is initiated.

If Juniper Security Director Cloud is configured to prompt you to approve or reject onboarding requests for devices through ZTP, a link to approve or reject the request is displayed in the Management Status column. See Approve or Reject Onboarding Requests for ZTP Devices.

Add Device by Scanning QR Code

You can add cloud-ready SRX Series Firewalls to Juniper Security Director Cloud by scanning the QR code available on the firewall. Your SRX Series Firewall is cloud-ready if it has a QR claim code on the front or the back panel.

Ensure the following:
  • The firewall is powered on.

  • The firewall is not already added in an organization. You can add a firewall in only one organization.

  1. Scan the QR code on the SRX Series Firewall using a mobile device that is connected to the Internet.
  2. Click the displayed link to go to the Juniper Security Director Cloud login page.
  3. Enter your account email address and password and click Login.
    If you do not have an account, go to https://sdcloud.juniperclouds.net on a different device, create an account, and then retry.
  4. Select the organization to add the firewall.
  5. Enter the root password for the firewall with a minimum of six characters without spaces and click Add Device.
    The firewall is added to Juniper Security Director Cloud and the device discovery is automatically initiated. You can log in to the portal and manage the firewall after the discovery is complete.
    Note:

    After you log in, the session is valid for 60 minutes. During this time, you can add multiple firewalls without entering the account email address and password.

Approve or Reject Onboarding Requests for ZTP Devices

The Approve/reject device onboarding requests toggle button on the Organization page must be enabled to receive onboarding requests.

Zero Touch Provisioning (ZTP) reduces the manual intervention for adding devices to a network. However, to ensure valid devices are onboarded through ZTP, you can configure Juniper Security Director Cloud to prompt you to approve or reject onboarding requests for devices.

When you enter an incorrect serial number, an onboarding request is not generated. It ensures that only devices with valid serial numbers are added in Juniper Security Director Cloud.

  1. In the Management Status column for the device, hover over the Onboarding Request(s) link .
    The options to approve or reject the request are displayed.
    Note:

    You must approve or reject a request within 14 days. After 14 days, the device is automatically removed from Juniper Security Director Cloud.

  2. To approve the request and initiate device discovery, perform the following steps:
    1. Click Approve Onboarding Request(s).
      You are prompted to confirm if you want to approve the request.
    2. Click OK.
      The device discovery process is initiated and Discovery in progress status is displayed in the Management Status column. When the discovery is complete, Up and In Sync statuses are displayed in Management Status and Inventory Status columns respectively. If the discovery failed, you can check the details on the Jobs page.
      Note:

      You can reject the request anytime before the discovery process is initiated. If the discovery is initiated, you can only delete the device from Juniper Security Director Cloud. See Delete Devices.

  3. To reject the request, click Reject Onboarding Request(s).
    The Onboarding Request(s) Rejected status is displayed as a link. You can hover over the link and approve the request later.
    Note:

    You must approve or reject a request within 14 days. After 14 days, the device is automatically removed from Juniper Security Director Cloud.