Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add Devices to Juniper Security Director Cloud

Before You Begin

  • Make sure that each of the SRX Series Firewall ports can communicate with an FQDN of Juniper Security Director Cloud . The FQDN of each home region is different.

    Table 1 contains the region-wise mapping details of the SRX Series Firewall ports and the Juniper Security Director Cloud FQDNs.

    Table 1: Home Region to FQDN Mapping
    Region Purpose Port FQDN

    North Virginia

    ZTP

    443

    jsec2-virginia.juniperclouds.net

    Outbound SSH

    7804

    srx.sdcloud.juniperclouds.net

    Syslog TLS

    6514

    srx.sdcloud.juniperclouds.net

    Ohio

    ZTP

    443

    jsec2-ohio.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec2-ohio.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec2-ohio.juniperclouds.net

  • Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.

Add Devices to Juniper Security Director Cloud

You can add devices to Juniper Security Director Cloud and manage your network security for these devices. There are multiple ways to add devices to Juniper Security Director Cloud. Choose the method that's right for you:

Add Devices or Device Clusters Using Commands

Juniper Security Director Cloud generates commands for adding a device or a device cluster. You can copy and paste the commands into the device console. When you commit the commands to the device, Juniper Security Director Cloud discovers and adds the device or the device cluster to the cloud.

  1. Select SRX > Device Management > Devices.

    The Device page opens.

  2. Click + icon.

    The Add Devices page opens.

  3. Click Adopt SRX Devices.
  4. Select one of the following options:
    • Devices to add individual devices.
    • Clusters to add device clusters.
  5. Enter the number of devices or device clusters to add to Juniper Security Director Cloud in the Number of SRX devices to be adopted field, and click OK.

    You can add a maximum of 50 devices or device clusters at one time.

    A message confirming that the new device or device cluster is added is displayed. The Devices page opens with the newly added device or device cluster listed in the table.

    Note:

    At this point, Juniper Security Director Cloud has not yet completely added the device or device cluster, so the Connection Status displays Discovery Not Initiated.

  6. On the Devices page, in the Connection Status column for the new device, click one of the following options:
    • Adopt Device to add a device.

    • Adopt Cluster to add a device cluster.

    The Adopt Devices page opens with the commands that you need to commit to the device.

  7. Copy the commands and paste it to your device edit prompt, and press Enter to run the commands.

    If you are adding a device cluster, paste these commands to the CLI of the primary device of the cluster.

  8. Type Commit, and press Enter to commit the changes to the device.

    You can view the status of the process, by going to the Administration > Jobs page.

    When you commit the commands to the device, the device discovery process starts in Juniper Security Director Cloud. You can refresh the Devices page and see the status Discovery in progress in the Connection Status column.

When Juniper Security Director Cloud discovers and adds a device or a device cluster, the Connection Status changes to Up. If the process fails, the Connection Status changes to Discovery failed.

Hover your mouse cursor over the Discovery failed message to see the reason for the failure.

Add Devices Using Zero Touch Provisioning

You can configure and provision devices automatically using Zero Touch Provisioning (ZTP). ZTP reduces the manual intervention for adding devices to a network. See the following table for ZTP supported devices by Juniper Security Director Cloud.

Table 2: ZTP Supported Devices
ZTP Supported Device Supported Junos OS Release

SRX300, SRX320, SRX340, SRX345, and SRX550 HM SRX Series Firewalls

Junos OS Release 18.4R3 and later

SRX380

Junos OS Release 20.1R1 and later

SRX1500

Junos OS Release 20.2R1 and later

SRX1600, SRX2300

Junos OS Release 23.4R1 and later

Note:

To add other devices models, configure the basic device settings and connectivity, and add the device using Add Devices or Device Clusters Using Commands.

Power on the devices to add to Juniper Security Director Cloud.

  1. Select SRX >Device Management > Devices.

    The Devices page opens.

  2. Click Add Devices.

    The Add Devices page opens.

  3. To manually enter the device details, click Register SRX Devices for ZTP, and do the following:
    1. Enter the serial number of the device.
    2. Set a root password for the device.

      The password must contain at least six characters and can consist of alphanumeric and special characters without spaces.

    3. To add multiple devices, click + and enter the device details.
    4. To add multiple devices and use the same root password for all devices, select Use this password for all devices for Device 1.
    5. Click OK.
  4. To upload device information as a CSV file, click Register Devices for ZTP > Upload CSV File, and do the following:
    1. Click Download sample CSV file to download the sample CSV file.
    2. Open the CSV file, add the serial number and root password of the devices that you want to add, and save the changes.
    3. Browse for the CSV file and click OK.

    The CSV file must be in a specific format for the devices to be added. Use the sample CSV file to enter the device details in the correct format and upload the file.

The devices are added to Juniper Security Director Cloud. You can view the devices at Device Management > Devices.

Add Device by Scanning QR Code

You can add cloud-ready SRX Series Firewalls to Juniper Security Director Cloud by scanning the QR code available on the firewall. Your SRX Series Firewall is cloud-ready if it has a QR claim code on the front or the back panel.

Before you begin, ensure the following:

  • The firewall is powered on.

  • The firewall is not already added in an organization. You can add a firewall in only one organization.

  1. Scan the QR code on the SRX Series Firewall using a mobile device that is connected to the Internet.
  2. Click the displayed link to go to the Juniper Security Director Cloud login page.
  3. Enter your account email address and password and click Login.
    If you do not have an account, go to https://sdcloud.juniperclouds.net on a different device, create an account, and then retry.
  4. Select the organization to add the firewall.
  5. Enter the root password for the firewall with a minimum of six characters without spaces and click Add Device.
    The firewall is added to Juniper Security Director Cloud and the device discovery is automatically initiated. You can log in to the portal and manage the firewall after the discovery is complete.
    Note:

    After you log in, the session is valid for 60 minutes. During this time, you can add multiple firewalls without entering the account email address and password.