JUNIPER SRX320 Services Gateway Instruction Manual

: June 12, 2024
: JUNIPer

JUNIPER SRX320 Services Gateway

JUNIPER-SRX320-Services-Gateway-product

Product Information

The Day One+ SRX320 is a firewall product that provides a simple, three-step path to quickly get users up and running with the device. The product comes with simplified and shortened installation and configuration steps, along with how-to videos. The SRX320 can be installed in a rack and deployed on a network using the CLI. The product also offers Guided Setup for SRX300 Line Firewalls, which provides step-by-step instructions on how to easily secure and validate a branch location.

Begin
This section includes details on how to meet the SRX320, install it in a rack, and power it on.

Meet the SRX320

What’s in the Box? The SRX320 package includes a power cable, an accessory box, a console cable, an RJ-45 to DB-9 serial port adapter, and a Quick Start Guide.
What Else Do I Need? You’ll need to order the appropriate rack mount kit depending on whether you have a PoE or non-PoE SRX320 model, and whether you already have a power supply adapter tray.

Product Usage Instruction

Install the SRX320 in a Rack
To mount the SRX320 in a rack, follow these steps:

Review General Safety Guidelines and Warnings.
Wrap and fasten one end of the electrostatic discharge (ESD) grounding strap around your bare wrist, and connect the other end to a site ESD point.
Attach the mounting bracket and power supply adapter tray to the sides of the SRX320 using the screws that came with the rack mount kit and the screwdriver.
Place the power supply adapter in the tray.
Lift the SRX320 and position it in the rack. Line up the bottom hole in the mounting brackets with a hole in each rack rail, making sure the SRX320 is level.
While holding the SRX320 in place, have a second person insert and tighten the rack mount screws to secure the adapter tray and mounting brackets to the mounting rails. Make sure to tighten the screws in the two bottom holes first and then tighten the screws in the two top holes.
Check that the mounting brackets on each side of the rack are level.

Power On
Once you have installed the SRX320 in the rack, follow these steps to connect it to power:

Wrap and fasten one end of the electrostatic discharge (ESD) grounding strap around your bare wrist, and connect the other end to a site ESD point. NOTE: If the SRX320 has a supply adapter tray, you can perform step 2 and 3 with the power supply adapter seated in the tray.
Plug the DC connector end of the power cable into the power connector at the back of the SRX320.

For more hands-on experience with the topics and operations covered in this guide, visit Juniper Networks Virtual Labs and reserve your free sandbox today!

Begin

In this guide, we provide a simple, three-step path, to quickly get you up and running with your new SRX320. We’ve simplified and shortened the installation and configuration steps, and included how-to videos. You’ll learn how to install the SRX320 in a rack, power it up, and deploy it on your network using the CLI.

NOTE:
We think you’ll want to check out our Guided Setup: SRX300 Line Firewalls. Our Guided Setup picks up where this Day One+ ends, providing step-by-step instructions on how to easily secure and validate your branch location.

Are you interested in getting hands-on experience with the topics and operations covered in this guide? Visit Juniper Networks Virtual Labs and reserve your free sandbox today! You’ll find the Junos Day One Experience sandbox in the stand alone demonstration category.

Meet the SRX320

The Juniper Networks® SRX320 Services Gateway provides next-generation security, routing, switching, and WAN connectivity in a small desktop device. The SRX320 features eight 1GbE ports, including six RJ-45 network ports and two small form-factor pluggable (SFP) transceiver ports. The SFP ports are MACsec capable.

JUNIPER-SRX320-Services-Gateway-fig-1

Install the SRX320 in a Rack

You can install the SRX320 on a table or desk, on a wall, or in a rack. We show you how to install it in a rack.

What’s in the Box

SRX320 Services Gateway
A power cord appropriate for your geographic location
An RJ-45 cable
A DB-9 adapter
A USB cable

What Else Do I Need

To mount the SRX320 in a rack, you’ll need to order the rack mount kit appropriate for your installation. The required rack mount kit depends on whether you have a PoE or non-PoE SRX320 model, and whether you already have a power supply adapter tray. Check out the following table to see which rack mount kit you need.

Model

| Rack Mount Kit with Power Supply Adapter Tray| Rack Mount Kit Without Power Supply Adapter Tray
---|---|---
SRX320 (non-PoE model)| SRX320-RMK0

Includes:

· Twelve flat-head M3x5mm Phillips mounting screws

· One mounting bracket

· One power supply adapter tray and two adapter stopper brackets

| SRX320-RMK1

Includes:

· Eight flat-head M3x5mm Phillips mounting screws

· Two mounting brackets

|
SRX320 (PoE model)| SRX320-P-RMK0

Includes:

· Thirteen flat-head M3x5mm Phillips mounting screws

· One mounting bracket

· One power supply adapter tray and three adapter stopper brackets

| SRX320-P-RMK1

Includes:

· Eight flat-head M3x5mm Phillips mounting screws

· Two mounting brackets

You’ll also need to provide:

Someone to help you do the installation
Rack mount screws appropriate for your rack
A number 2 Phillips (+) screwdriver

Rack It

Review General Safety Guidelines and Warnings.
Wrap and fasten one end of the electrostatic discharge (ESD) grounding strap around your bare wrist, and connect the other end to a site ESD point.
Attach the mounting bracket and power supply adapter tray to the sides of the SRX320 using the screws that came with the rack mount kit and the screwdriver.
Place the power supply adapter in the tray.
Lift the SRX320 and position it in the rack. Line up the bottom hole in the mounting brackets with a hole in each rack rail, making sure the SRX320 is level.
While you’re holding the SRX320 in place, have a second person insert and tighten the rack mount screws to secure the adapter tray and mounting brackets to the mounting rails. Make sure to tighten the screws in the two bottom holes first and then tighten the screws in the two top holes.
Check that the mounting brackets on each side of the rack are level.

Power On

Now that you’ve installed the SRX320 in the rack, you’re ready to connect it to power.

Wrap and fasten one end of the electrostatic discharge (ESD) grounding strap around your bare wrist, and connect the other end to a site ESD point.
NOTE: If the SRX320 has a supply adapter tray, you can perform step 2 and 3 with the power supply adapter seated in the tray.
Plug the DC connector end of the power cable into the power connector at the back of the SRX320.
Plug the AC adapter end of the power cable into the power supply adapter.
If the AC power source outlet has a power switch, turn it off.
Plug the power cord into the AC power source outlet.
If the AC power source outlet has a power switch, turn it on.

The SRX320 powers up as soon as you connect it to power. When the STAT LED on the front panel is lit solid green, the SRX320 is ready to use.

Now that the SRX320 is powered on, let’s do some initial configuration to get it up and running on the network.

NOTE:
Be sure to check out our Guided Setup: SRX300 Line Firewalls. Our Guided Setup picks up where this Day One+ leaves off, providing step-by-step instructions on how to easily secure and validate your branch location.

SRX320 Provisioning Options

It’s simple to provision and manage the SRX320 and other devices on your network. Choose the configuration tool that’s right for you:

Junos CLI commands. In this guide, we show you how to configure the SRX320 with CLI commands that leverage the plug-and-play factory defaults.
J-Web, Juniper Networks GUI is pre-installed on the SRX320. For information on performing initial configuration using the J-Web setup wizard see Configure SRX Devices Using the J-Web Setup Wizard in the J-Web User Guide for SRX Series Devices.
Juniper Networks Cloud-based applications. These applications feature plug-and-play to quickly get you up and running on the network:
- Juniper Sky™ Enterprise, Juniper Networks-hosted public cloud-based Software as a Service (SaaS) solution. You’ll need to have a Juniper Sky Enterprise subscription service before you can use it to configure the SRX320. For more information, check out the Juniper Sky Enterprise Getting Started Guide.
- Contrail Service Orchestration (CSO). If you’re using Junos OS Release 19.2 or earlier, you can use Juniper Networks Network Service Controller to configure the SRX320 with ZTP. Network Service Controller is a component of CSO. See Configure the Device Using ZTP with Juniper Networks Network Service Controller. To use CSO, you’ll need an authentication code. See the Contrail Service Orchestration (CSO ) Deployment Guide.

Juniper Sky™ Enterprise, Juniper Networks-hosted public cloud-based Software as a Service (SaaS) solution. You’ll need to have a Juniper Sky Enterprise subscription service before you can use it to configure the SRX320. For more information, check out the Juniper Sky Enterprise Getting Started Guide. • Contrail Service Orchestration (CSO). If you’re using Junos OS Release 19.2 or earlier, you can use Juniper Networks Network Service Controller to configure the SRX320 with ZTP. Network Service Controller is a component of CSO. See Configure the Device Using ZTP with Juniper Networks Network Service Controller. To use CSO, you’ll need an authentication code. See the Contrail Service Orchestration (CSO ) Deployment Guide.

NOTE:
This examples assumes you are using DHCP to configure the WAN interface. If the WAN provider does not support DHCP ypu’ll need to manually configure the WAN interface and related static routing. See Junos Initial Configuration.

Have this information handy before you begin the initial configuration:

Root password
Hostname

Connect to the Serial Console Port

Plug one end of the Ethernet cable into the RJ-45 to DB-9 serial port adapter for your SRX320.
Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
Connect the other end of the Ethernet cable to the serial console port on the SRX320.
Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal) and select the appropriate COM port to use (for example, COM1).
Verify that the serial port settings are set to the default:
- Baud rate—9600
- Parity—N
- Data bits—8
- Stop bits—1
- Flow control—none

NOTE: You can also connect to the SRX320 using a mini-USB console port. See the SRX320 Hardware Guide.

Perform Initial Configuration

Login as the root user and start the CLI. You don’t need a password if you’re running the factory default.
- login: root
- root@%cli
- root>
  NOTE: You can view the factory-default settings with the show configuration operational mode command.
Enter configuration mode.
- root> configure
- [edit]
- root#
Since you’re doing the initial configuration manually, you’ll need to remove ZTP from the configuration. This stops the periodic log messages that report on ZTP status. Set the root authentication password and commit the change to deactivate ZTP.
- [edit]
- root# delete chassis auto-image-upgrade
- root# delete system phone-home
- root# set system root-authentication plain-text-password
- New password: password
- Retype new password: password
  Issue the commit command to activate the candidate configuration that disables ZTP:
- [edit]
- root# commit
Enable root login over SSH, and allow SSH access over the WAN interface (ge-0/0/0).
- [edit]
- root# set system services ssh root-login allow
- root# set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh
Configure the hostname.
- [edit]
- root# set system host-name host_name
That’s it! The initial configuration is complete. Commit the configuration to activate the changes on the SRX.
- [edit]
- root# commit

Congratulations Your SRX is Up and Running

Your SRX320 is now online and providing secure Internet access to devices attached to the LAN ports. You can manage the device locally and remotely, using the Junos CLI, J-Web, or a cloud based provisioning service. Here’s what your network looks like:

JUNIPER-SRX320-Services-Gateway-fig-7

A few things to keep in mind about your new SRX320 branch network:

You access the SRX CLI or J-Web user interface locally using the 192.168.1.1 address. To access the SRX remotely, specify the IP address assigned by the WAN provider. Simply issue a show interfaces ge-0/0/0 terse CLI command to confirm the address in use by the WAN interface.
Devices attached to the LAN ports are configured to use DHCP. They receive their network configuration from the SRX. These devices obtain an IP address from the 192.168.1.0/24 address pool and use the SRX as their default gateway.
All LAN ports are in the same subnet with Layer 2 connectivity. All traffic is permitted between trust zone interfaces.
All traffic originating in the trust zone is permitted in the untrust zone. Matching response traffic is allowed back from the untrust to the trust zone. Traffic that originates from the untrust zone is blocked from the trust zone.
The SRX performs source NAT (S-NAT) using the WAN interface’s IP for traffic sent to the WAN that originated from the trust zone.
Traffic associated with specific system services (HTTPS, DHCP, TFTP, and SSH) is permitted from the untrust zone to the local host. All local host services and protocols are allowed for traffic that originates from the trust zone.

Keep Going

Congratulations! Your SRX320 is configured and ready to go. Here are some things you can do next.

What’s Next

NOTE:
Quickly configure and validate a secure branch office in a few simple steps with our Guided Setup: SRX300 Line Firewalls. Our Guided Setup picks up where this Day One+ guide ends and is designed to quickly get your branch location online and secured.

If you want to	Then
Configure interfaces	See the [Interfaces User Guide for

Security](https://www.juniper.net/documentation/us/en/software/junos /interfaces-security-devices/index.html?icid=junos%3Anote%3A1%3Asrx320_dayone)
Quickly configure network interfaces, security zones, firewall policies, and NAT policies| See the Security J-Web Getting Started Guide
Configure network management protocols and technologies| See the Network Management and Monitoring Guide
Set up your SRX320 with advanced security measures to protect and defend your network| Visit Day One: SRX Series Up and Running With Advanced Security Services
Manage software upgrades on your SRX320| See Installing Software on SRX Series Devices
Get hands-on experience with the procedures covered in this guide| Visit Juniper Networks Virtual Labs and reserve your free sandbox. You’ll find the Junos Day One Experience sandbox in the stand alone category.

General Information

If you want to	Then

Download, activate, and manage your software licenses to unlock additional features for your SRX services gateway| See Activate Junos OS Licenses in the Juniper Licensing Guide
See all documentation available for the SRX320| Visit the SRX320 Documentation page in the Juniper TechLibrary
Configure the SRX320 with the Junos OS CLI| Start with the Day One+ for Junos OS guide
Configure the SRX320 using J-Web| See J-Web for SRX Series Documentation
Stay up-to-date on new and changed features and known and resolved issues| See Junos OS Release Notes
If you want to| Then
---|---
Use the more advanced configuration features offered by Juniper Contrail Service Orchestration (CSO) and Juniper Sky Enterprise| You’ll need an account and activation code. These guides will help you get started: Contrail Service Orchestration (CSO) Deployment Guide and the Juniper Sky Enterprise Getting Started Guide.

Learn With Videos

Our video library continues to grow! We’ve created many, many videos that demonstrate how to do everything from install your hardware to configure advanced Junos OS network features. Here are some great video and training resources that will help you expand your knowledge of Junos OS.

If you want to	Then

View a Web-based training video which provides an overview of the SRX320 and describes how to install and configure it| SRX300 and SRX320 Services Gateways Overview and Deployment (WBT)
Get short and concise tips and instructions that provide quick answers, clarity, and insight into specific features and functions of Juniper technologies| See Learning with Juniper on the Juniper Networks main YouTube page
View a list of the many free technical trainings we offer at Juniper| Visit the Getting Started page on the Juniper Learning Portal

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Copyright © 2022 Juniper Networks, Inc. All rights reserved. Rev. 06, January 2022.