JUNIPER NETWORKS SRX345 Services Gateway User Guide

: June 17, 2024
: JUNIPER NETWORKS

Table of Contents

Package Contents
Gather Configuration Information
Factory-Default Settings
Reference
References
Read User Manual Online (PDF format)
Download This Manual (PDF format)

How to Set Up Your SRX345 Services
Gateway

The SRX345 Services Gateway consolidates security, routing, switching, and WAN interfaces for midsize distributed enterprises. With advanced threat mitigation capabilities, the services gateway provides cost-effective and secure connectivity across distributed enterprises.
The SRX345 Services Gateway has a capacity of 5 gigabits per second (Gbps) and is 1 rack unit (U) tall. The services gateway has eight 1 G Ethernet ports, eight 1 G SFP ports, one management port, 4 GB of DRAM memory, 8 GB of flash memory, and four Mini-Physical Interface Module (Mini-PIM) slots.

Package Contents

JUNIPER NETWORKS SRX345 Services Gateway - Package
Contents Front Panel JUNIPER
NETWORKS SRX345 Services Gateway - Front Panel

Specification	Value
DImensions (H x W x D)	14.57 in. x 17.36 in. x 1.72 in.
Chassis weight	10.80 lb
Average power consumption	122 W
Average heat dissipation	420 BTU/hour
Relative humidity	5% to 90%, noncondensing
Noise level	35 dBA

Gather Configuration Information

Gather information about your network and the configuration settings that you will use to configure the device.
Required

Device name
Root authentication
Management interface

Optional

NTP server name or IP address
Licenses

Internet zone

Static IP or Dynamic IP (provided by ISP)
Port number

DMZ

Network IP address
Port number

Internal zone

Zone name
Network IP address
Port number
DHCP server

Security policies

Remote client IP pool range

Source NAT

Internal zones for which source NAT has been added
IP address or hostname

Factory-Default Settings

Security Policies

Source Zone	Destination Zone	Policy Action
trust	untrust	permit
trust	trust	permit
untrust	trust	deny

NAT Rules

Source Zone	Destination Zone	Policy Action
trust	untrust	Source NAT to untrust zone interface

Interfaces

Port Label| Interface| Security Zone| DHCP State| IP Address
---|---|---|---|---
0/0| ge-0/0/0| untrust| Client| Dynamically assigned
0/1| ge-0/0/1| trust| Server| 192.168.2.1/24
0/2| ge-0/0/2| trust| Server| 192.168.3.1/24
0/3| ge-0/0/3| trust| Server| 192.168.4.1/24
0/4| ge-0/0/4| trust| Server| 192.168.5.1/24
0/5| ge-0/0/5| trust| Server| 192.168.6.1/24
0/6| ge-0/0/6| trust| Server| 192.168.7.1/24
0/7| ge-0/0/7| trust| Server| 192.168.8.1/24
MGMT| fxp0| | | 192.168.1.1/24

Initial Configuration Process JUNIPER NETWORKS SRX345 Services Gateway -
Initial Configuration Process Connect the Grounding Cable

Connect the grounding cable to a proper earth ground.
Place the grounding cable lug over the grounding point on the side of the chassis.
NOTE: A licensed electrician must attach a cable lug to the grounding cable. A cable with an incorrectly attached lug can damage the device.
Secure the grounding cable lug to the grounding point with the screws. Apply between 6 in.-lb (0.67 Nm) and 8 in.-lb (0.9 Nm) of torque to the screws.

NOTE: The device should be permanently connected to ground during normal operation.
Power On the Device
NOTE: Before connecting the device to the power supply, attach an ESD strap to an ESD point and place the other end of the strap around your bare wrist.

Insert the appliance coupler end of the power cord into the appliance inlet on the power supply faceplate. Use a retainer clip to secure the power cord to the power supply point.
Insert the power cord plug into an external AC power source receptacle.
Turn on the power to the AC power receptacle.
Note the following LED indications. Wait until the STATUS LED is solid green before proceeding to the next step.

LED	State
ALARM	• Solid amber (noncritical alarm).

• Solid red (critical alarm).
• Off (no alarms).
STAT| • Solid green (operating normally).
• Solid red (error detected).
PWR| • Solid green (receiving power).
• Solid red (power failure).
• Off (no power).
HA| • Solid green (all HA links are available).
• Solid amber (some HA links are unavailable).
• Solid red (HA links are not functional).
• Off (HA is disabled).
mPIM0 , mPIM1, mPIM2, and mPIM3| • Solid green (Mini-PIM is functioning normally).
•Solid red (Mini-PIM hardware failure).
• Off (Mini-PIM is not present or Mini-PIM is not detected by the device).

Connect the Management Device

To configure the device using J-Web (recommended), connect the management port MGMT to the Ethernet port on the management device, using an RJ-45 cable.
Configure a static IP address in the 192.168.1.0/24 network for the management device. Do not assign the 192.168.1.1 IP address to the management device, as this IP address is assigned to the device. You can use the ipconfig (or ifconfig for Macintosh or Linux users) command to verify the IP address.

NOTE: To configure the device using the CLI, connect the RJ-45 cable from the CONSOLE port to the supplied DB-9 adapter, which then5 connects to the serial port on the management device (serial port settings: 9600-N-1).
Alternately, you can use the USB cable to connect to the mini-USB console port on the services gateway. To use the USB console port, you must download a USB driver to the management device from http://www.juniper.net/support/downloads/group/?f=junos.
Log In to J-Web

Access the J-Web interface (http://192.168.1.1). The recommended browser is
Mozilla Firefox version 23.x or later.
Select one of the following setup modes:

JUNIPER NETWORKS SRX345 Services Gateway - Log In

Guided Setup (uses a static IP address)—Allows you to set up the device in a custom security configuration. You can select either the Basic or the Expert option.
Default Setup (uses a dynamic IP address)—Allows you to quickly set up the device with the default configuration. Any additional configuration can be done after the wizard setup is completed.
High Availability—Allows you to set up a chassis cluster with a default basic configuration.

NOTE: The initial configuration requires only the device name, root password, and management interface. You can skip all the other steps and go directly to the Confirm & Apply page to apply the configuration.
Configure the Device Using the Guided Setup Mode

Connect port 0/0 to the ISP device to obtain a static IP address. Ensure that the cable connecting the ISP-supplied device to the SRX Series device is firmly seated.
Select the expertise level as Basic or Expert.The following table compares the Basic and Expert levels:
Options| Basic| Expert
---|---|---
Number of internal zones allowed| 3| ≥ 3
Internet zone configuration options| • Static IP
• Dynamic IP| • Static IP
•Static pool
• Dynamic IP
Internal zone service configuration| Allowed| Allowed
Internal destination NAT configuration| Not allowed| Allowed
Configure the basic settings:
a. Device name
b. Password for the root account
c. Management interface
d. Time
Configure the security topology:
a. Internet zone
b. Internal zones
c. DMZ
Configure the security policy:
a. Licenses
b. DMZ policy
c. Internal policy
d. Remote access
Configure Network Address Translation:
a. Source NAT
b. Destination NAT
Review the settings and click Apply Settings.
NOTE: Check the connectivity from the management device to the SRX Series device. You might lose connectivity to the SRX Series device if you have changed the management interface IP. Click the URL for reconnection instructions on the Confirm & Apply page to reconnect, if required.
Click Done to complete the setup.

Configure the Device Using the Default Setup Mode

Connect port 0/0 to the ISP device to obtain a dynamic IP address. Ensure that the cable connecting the ISP-supplied device to the SRX Series device is firmly seated.
Configure the basic settings – device name, root account information, management interface, and system time.
Configure the security policy – licenses.
Review the settings.
NOTE: Verify that the internal zone IP and management interface IP are on different networks.
Click Apply Settings. Click Done to complete the setup.
NOTE: Check the connectivity from the management device to the SRX Series device. You might lose connectivity to the SRX Series device if you have changed the management interface IP. Click the URL for reconnection instructions on the Confirm & Apply page to reconnect, if required.

Verify the Settings
Access http://www.juniper.net to ensure that you are connected to the Internet. This connectivity ensures that you can pass traffic through the services gateway. JUNIPER NETWORKS SRX345 Services Gateway -
Settings If the page does not load, perform the following checks to see if you can identify the problem:

Verify your configuration settings, and ensure that you have applied the configuration.
Check if the ISP-supplied device connecting your SRX Series device to the Internet is turned on and working properly. Try turning it off and on again.

After you complete these steps, the SRX Series device can pass traffic from any trust port to the untrust port.
NOTE: With this step, you have successfully completed the initial configuration, and your SRX345 Services Gateway is ready for use.
Change the Configuration Settings (Optional)
After you complete the initial setup configuration, you can access the J-Web setup wizard by clicking Configuration Wizards > Set Up. You can either edit the existing settings or create a new configuration. If you choose to create a new configuration, then all the current configuration in the services gateway will be deleted. JUNIPER NETWORKS SRX345 Services Gateway - Configuration
Settings Power Off the Device
You can power off the device in one of the following ways:

Graceful shutdown—Press and immediately release the Power button.
Forced shutdown—Press the Power button, and hold it for 10 seconds.

After powering off a power supply, wait at least 60 seconds before turning it back on.
Reset the Configuration
Use the RESET CONFIG button to restore the device to the factory-default configuration or to a rescue configuration. To press the RESET CONFIG button, insert a small probe (such as a straightened paper clip) into the pinhole on the front panel.
Pressing and quickly releasing the RESET CONFIG button loads and commits the rescue configuration. The rescue configuration is a previously committed, valid configuration set through J-Web or the CLI. The STATUS LED is solid amber during this time.
Pressing and holding the RESET CONFIG button for 15 seconds or more, until the STATUS LED is solid amber, deletes all configurations (backup configurations and rescue configuration), and loads and commits the factory configuration.
NOTE: After a rescue configuration has been set, an amber ALARM LED indicates a minor issue, and a solid red ALARM LED indicates a major problem.

Reference

Junos OS Documentation
http://www.juniper.net/techpubs/en_US/release-independent/junos/information- products/pathway-pages/srx-series/product/index.html
Technical Support
http://www.juniper.net/support/requesting-support.html
SRX345 Services Gateway Hardware Guide
http://www.juniper.net/techpubs/en_US/release-independent/junos/information- products/pathway-pages/srx-series/product/index.html
Copyright © 2016, Juniper Networks, Inc. All rights reserved.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Part Number: 530-066671 Rev. 01, March 2016.

How to Set Up Your SRX345 Services Gateway