Add Devices to Juniper Security Director Cloud
Before You Begin
-
Make sure that each of the SRX Series Firewall ports can communicate with an FQDN of Juniper Security Director Cloud . The FQDN of each home region is different.
Table 1 contains the region-wise mapping details of the SRX Series Firewall ports and the Juniper Security Director Cloud FQDNs.
Table 1: Home Region to FQDN Mapping Region Purpose Port FQDN North Virginia
ZTP
443
jsec2-virginia.juniperclouds.net
Outbound SSH
7804
srx.sdcloud.juniperclouds.net
Syslog TLS
6514
srx.sdcloud.juniperclouds.net
Ohio
ZTP
443
jsec2-ohio.juniperclouds.net
Outbound SSH
7804
srx.jsec2-ohio.juniperclouds.net
Syslog TLS
6514
srx.jsec2-ohio.juniperclouds.net
-
Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.
Add Devices to Juniper Security Director Cloud
You can add devices to Juniper Security Director Cloud and manage your network security for these devices. There are multiple ways to add devices to Juniper Security Director Cloud. Choose the method that's right for you:
-
Add Devices Using Commands - Juniper Security Director Cloud generates commands for adding a device or device cluster. You can copy the commands and paste them into the device console. When you commit the commands to the device, Juniper Security Director Cloud discovers and adds the device or device cluster to the cloud. See Add Devices or Device Clusters Using Commands for details.
-
Add Devices With Zero Touch Provisioning - With Zero Touch Provisioning (ZTP) you can configure and provision devices automatically. See Add Devices Using Zero Touch Provisioning for details.
-
Add Devices Using J-Web - See Add an SRX Series Firewall to Juniper Security Director Cloud in the J-Web User Guide for SRX Series Firewalls for details.
-
Add Devices from Security Director - See Add Devices to Security Director Cloud in the Security Director User Guide for details.
Add Devices by scanning QR code - Juniper Security Director Cloud allows you to onboard the cloud-ready SRX firewalls by scanning the device QR code. See Add Device by Scanning QR Code.
Add Devices or Device Clusters Using Commands
Juniper Security Director Cloud generates commands for adding a device or a device cluster. You can copy and paste the commands into the device console. When you commit the commands to the device, Juniper Security Director Cloud discovers and adds the device or the device cluster to the cloud.
When Juniper Security Director Cloud discovers and adds a device or a device cluster, the Connection Status changes to Up. If the process fails, the Connection Status changes to Discovery failed.
Hover your mouse cursor over the Discovery failed message to see the reason for the failure.
Add Devices Using Zero Touch Provisioning
You can configure and provision devices automatically using Zero Touch Provisioning (ZTP). ZTP reduces the manual intervention for adding devices to a network. See the following table for ZTP supported devices by Juniper Security Director Cloud.
ZTP Supported Device | Supported Junos OS Release |
---|---|
SRX300, SRX320, SRX340, SRX345, and SRX550 HM SRX Series Firewalls |
Junos OS Release 18.4R3 and later |
SRX380 |
Junos OS Release 20.1R1 and later |
SRX1500 |
Junos OS Release 20.2R1 and later |
SRX1600, SRX2300 |
Junos OS Release 23.4R1 and later |
To add other devices models, configure the basic device settings and connectivity, and add the device using Add Devices or Device Clusters Using Commands.
Power on the devices to add to Juniper Security Director Cloud.
Add Device by Scanning QR Code
You can add cloud-ready SRX Series Firewalls to Juniper Security Director Cloud by scanning the QR code available on the firewall. Your SRX Series Firewall is cloud-ready if it has a QR claim code on the front or the back panel.
Before you begin, ensure the following:
-
The firewall is powered on.
-
The firewall is not already added in an organization. You can add a firewall in only one organization.