Juniper SRX100 User Manual

SRX100 Services Gateway Hardware Guide

Published

2020-11-10

for B and H Model Numbers

Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net

Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.

SRX100 Services Gateway Hardware Guide for B and H Model Numbers

Copyright © 2020 Juniper Networks, Inc. All rights reserved.

The information in this document is current as of the date on the title page.

ii

YEAR 2000 NOTICE

Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.

END USER LICENSE AGREEMENT

The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.

Table of Contents

1

About the Documentation | ix

Documentation and Release Notes | ix

Using the Examples in This Manual | ix

Merging a Full Example | x

Merging a Snippet | xi

Documentation Conventions | xi

Documentation Feedback | xiv

Requesting Technical Support | xiv

Self-Help Online Tools and Resources | xv

Creating a Service Request with JTAC | xv

iii

Overview

System Overview | 2

SRX100 Services Gateway Description | 2

About the SRX100 Services Gateway | 2

SRX100 Services Gateway Models | 3

Accessing the SRX100 Services Gateway | 3

SRX100 Services Gateway Features and Functions | 4

Hardware Component Overview | 6

SRX100 Services Gateway LEDs | 6

SRX100 Services Gateway Front Panel LEDs | 6

SRX100 Services Gateway Ethernet Port LEDs | 8

SRX100 Services Gateway Power Supply | 9

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10

Boot Devices | 10

Dual-Root Partitioning Scheme | 10

Chassis Description | 12

2

3

SRX100 Services Gateway Front Panel and Back Panel Views | 12

SRX100 Services Gateway Front Panel | 12

SRX100 Services Gateway Back Panel | 13

SRX100 Services Gateway Built-In Interfaces | 14

Site Planning and Specifications

Planning and Preparing the Site | 18

Site Preparation Checklist for the SRX100 Services Gateway | 18

General Site Guidelines for Installing the SRX100 Services Gateway | 21

SRX100 Services Gateway Specifications | 21

SRX100 Services Gateway Cabinet Requirements | 23

SRX100 Services Gateway Rack Requirements | 24

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services

Gateway | 25

iv

Power Requirements and Specifications | 27

SRX100 Services Gateway Site Electrical Wiring Guidelines | 27

SRX100 Services Gateway Electrical and Power Requirements | 29

SRX100 Services Gateway Power Specifications and Requirements | 29

Cable Specifications and Pinouts | 31

Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31

RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port | 32

RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port | 32

Initial Installation and Configuration

Installation Overview | 35

Installation Overview for the SRX100 Services Gateway | 36

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

SRX100 Services Gateway Autoinstallation Overview | 38

Unpacking the Services Gateway | 40

Unpacking the SRX100 Services Gateway | 40

Verifying Parts Received with the SRX100 Services Gateway | 41

Installing the Mounting Hardware | 43

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43

Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44

Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45

Installing the Services Gateway | 46

Installing the SRX100 Services Gateway in a Rack | 46

Installing the SRX100 Services Gateway on a Desk | 48

Installing the SRX100 Services Gateway on a Wall | 49

Grounding the SRX100 Services Gateway | 52

Grounding the SRX100 Services Gateway | 52

Connecting the SRX100 Services Gateway to External Devices | 55

v

Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55

Connecting the Modem at the SRX100 Services Gateway End | 56

Connecting the Modem to the Console Port on the SRX100 Services Gateway | 57

Connecting to the CLI at the User End for the SRX100 Services Gateway | 58

Providing Power to the SRX100 Services Gateway | 60

Connecting the SRX100 Services Gateway to the Power Supply | 60

Powering On and Powering Off the SRX100 Services Gateway | 61

Powering On the SRX100 Services Gateway | 61

Powering Off the SRX100 Services Gateway | 62

Performing Initial Configuration | 65

SRX100 Services Gateway Software Configuration Overview | 65

Preparing the SRX100 Services Gateway for Configuration | 66

Understanding the Factory Default Configuration | 66

Understanding Built-In Ethernet Ports and Initial Configuration | 67

Mapping the Chassis Cluster Ports | 67

Understanding Management Access | 68

Connecting to the SRX100 Services Gateway Setup Wizard | 69

SRX100 Services Gateway Secure Web Access Overview | 70

Connecting an SRX100 Services Gateway to the CLI Locally | 71

Connecting an SRX100 Services Gateway to the CLI Remotely | 74

4

5

Viewing Factory-Default Settings of the SRX100 Services Gateway | 74

Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83

Performing Initial Software Configuration on the SRX100 Services Gateway Using the J-Web

Interface | 87

Establishing Basic Connectivity | 88

Configuring Basic System Properties | 89

Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version | 92

Maintaining and Troubleshooting Components

Maintaining Components | 95

Maintaining the SRX100 Services Gateway Hardware Components | 95

Troubleshooting Components | 97

vi

Monitoring the SRX100 Services Gateway Chassis Using the CLI | 97

Monitoring the SRX100 Services Gateway Components Using LEDs | 100

Monitoring the SRX100 Services Gateway Using Chassis Alarm Conditions | 102

Monitoring the SRX100 Services Gateway Power System | 103

Using the Reset Config Button on the SRX100 Services Gateway | 104

Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106

Juniper Networks Technical Assistance Center | 107

Replacing Components

Contacting Customer Support and Returning Components | 109

Contacting Customer Support | 109

Return Procedure for the SRX100 Services Gateway | 110

Information You Might Need to Supply to Juniper Networks Technical Assistance Center | 111

Locating the SRX100 Services Gateway Component Serial Number and Agency Labels | 111

Packing the SRX100 Services Gateway and Components for Shipment | 113

Safety and Regulatory Compliance Information

6

General Safety Guidelines and Warnings | 116

SRX100 Services Gateway Definition of Safety Warning Levels | 116

SRX100 Services Gateway General Safety Guidelines and Warnings | 119

General Safety Guidelines and Warnings | 119

Qualified Personnel Warning | 121

Restricted Access Area Warning | 122

Preventing Electrostatic Discharge Damage to the Services Gateway | 124

SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125

Fire Safety Requirements | 127

SRX100 Services Gateway Fire Safety Requirements | 127

Installation Safety Guidelines and Warnings | 129

vii

SRX100 Services Gateway Installation Safety Guidelines and Warnings | 129

Laser and LED Safety Guidelines and Warnings | 136

SRX100 Services Gateway Laser and LED Safety Guidelines and Warnings | 136

Laser and LED Safety Guidelines and Warnings | 136

General Laser Safety Guidelines | 136

Class 1 Laser Product Warning | 137

Class 1 LED Product Warning | 137

Laser Beam Warning | 138

Radiation from Open Port Apertures Warning | 139

Maintenance and Operational Safety Guidelines and Warnings | 141

SRX100 Services Gateway Maintenance and Operational Safety Guidelines and Warnings | 141

Safety Guidelines and Warnings | 142

Battery Handling Warning | 142

Jewelry Removal Warning | 143

Lightning Activity Warning | 145

Operating Temperature Warning | 146

Product Disposal Warning | 148

Electrical Safety Guidelines and Warnings | 150

SRX100 Services Gateway Electrical Safety Guidelines and Warnings | 150

Electrical Safety Guidelines and Warnings | 150

In Case of Electrical Accident | 150

General Electrical Safety Guidelines and Warnings | 150

Agency Approvals and Regulatory Compliance Information | 152

SRX100 Services Gateway Agency Approvals | 152

SRX100 Services Gateway Compliance Statements for EMC Requirements | 153

Canada | 154

European Community | 154

Japan | 154

Korean | 154

United States | 154

viii

SRX100 Services Gateway Compliance Statements for Environmental Requirements | 155

About the Documentation

IN THIS SECTION

Documentation and Release Notes | ix

Using the Examples in This Manual | ix

Documentation Conventions | xi

Documentation Feedback | xiv

Requesting Technical Support | xiv

Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX100 Services Gateway (B and H model numbers). After completing the
installation and basic configuration procedures covered in this guide, refer to the Junos OS documentation
for information about further software configuration.

ix

Documentation and Release Notes

To obtain the most current version of all Juniper Networks®technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.

If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.

Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.

Using the Examples in This Manual

If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.

If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.

If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.

Merging a Full Example

To merge a full example, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.

system {

scripts {

commit {

file ex-script.xsl;

}

}
}
interfaces {

fxp0 {

disable;
unit 0 {

family inet {

address 10.0.0.1/24;

}

}

}
}

x

2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:

[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete

Merging a Snippet

To merge a snippet, follow these steps:

1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.

For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.

commit {

file ex-script-snippet.xsl; }

2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:

[edit]
user@host# edit system scripts
[edit system scripts]

xi

3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:

[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete

For more information about the load command, see CLI Explorer.

Documentation Conventions

Table 1 on page xii defines notice icons used in this guide.

Table 1: Notice Icons

xii

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Caution

Indicates a situation that might result in loss of data or hardware
damage.

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Indicates helpful information.Tip

Alerts you to a recommended use or implementation.Best practice

Table 2 on page xii defines the text and syntax conventions used in this guide.

Table 2: Text and Syntax Conventions

ExamplesDescriptionConvention

Fixed-width text like this

Italic text like this

Represents text that you type.Bold text like this

Represents output that appears on
the terminal screen.

Introduces or emphasizes important

•

new terms.

Identifies guide names.

•

Identifies RFC and Internet draft

•

titles.

To enter configuration mode, type
the configure command:

user@host> configure

user@host> show chassis alarms

No alarms currently active

A policy term is a named structure

•

that defines match conditions and
actions.

Junos OS CLI User Guide

•

RFC 1997, BGP Communities

•

Attribute

Table 2: Text and Syntax Conventions (continued)

xiii

ExamplesDescriptionConvention

Italic text like this

Text like this

< > (angle brackets)

| (pipe symbol)

Represents variables (options for
which you substitute a value) in
commands or configuration
statements.

Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.

variables.

Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.

Configure the machine’s domain
name:

[edit]
root@# set system domain-name

domain-name

To configure a stub area, include

•

the stub statement at the [edit
protocols ospf area area-id]

hierarchy level.

The console port is labeled

•

CONSOLE.

stub <default-metric metric>;Encloses optional keywords or

broadcast | multicast

(string1 | string2 | string3)

# (pound sign)

[ ] (square brackets)

Indention and braces ( { } )

; (semicolon)

GUI Conventions

Indicates a comment specified on the
same line as the configuration
statement to which it applies.

Encloses a variable for which you can
substitute one or more values.

Identifies a level in the configuration
hierarchy.

Identifies a leaf statement at a
configuration hierarchy level.

rsvp { # Required for dynamic MPLS
only

community name members [
community-ids ]

[edit]
routing-options {

static {

route default {

nexthop address;
retain;

}

}

}

Table 2: Text and Syntax Conventions (continued)

xiv

ExamplesDescriptionConvention

Bold text like this

> (bold right angle bracket)

Represents graphical user interface
(GUI) items you click or select.

Separates levels in a hierarchy of
menu selections.

In the Logical Interfaces box, select

•

All Interfaces.

To cancel the configuration, click

•

Cancel.

In the configuration editor hierarchy,
select Protocols>Ospf.

Documentation Feedback

We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:

Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper

•

Networks TechLibrary site, and do one of the following:

Click the thumbs-up icon if the information on the page was helpful to you.

•

Click the thumbs-down icon if the information on the page was not helpful to you or if you have

•

suggestions for improvement, and use the pop-up form to provide feedback.

E-mail—Send your comments to techpubs-comments@juniper.net. Include the document or topic name,

•

URL or page number, and software version (if applicable).

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are

covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.

JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User

•

Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.

Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.

•

JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,

•

365 days a year.

Self-Help Online Tools and Resources

For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:

Find CSC offerings: https://www.juniper.net/customers/support/

•

Search for known bugs: https://prsearch.juniper.net/

•

xv

Find product documentation: https://www.juniper.net/documentation/

•

Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/

•

Download the latest versions of software and review release notes:

•

https://www.juniper.net/customers/csc/software/

Search technical bulletins for relevant hardware and software notifications:

•

https://kb.juniper.net/InfoCenter/

Join and participate in the Juniper Networks Community Forum:

•

https://www.juniper.net/company/communities/

Create a service request online: https://myjuniper.juniper.net

•

To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:

https://entitlementsearch.juniper.net/entitlementsearch/

Creating a Service Request with JTAC

You can create a service request with JTAC on the Web or by telephone.

Visit https://myjuniper.juniper.net.

•

Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

•

For international or direct-dial options in countries without toll-free numbers, see

https://support.juniper.net/support/requesting-support/.

1

PART

Overview

System Overview | 2

Hardware Component Overview | 6

Chassis Description | 12

CHAPTER 1

System Overview

IN THIS CHAPTER

SRX100 Services Gateway Description | 2

SRX100 Services Gateway Features and Functions | 4

SRX100 Services Gateway Description

2

IN THIS SECTION

About the SRX100 Services Gateway | 2

SRX100 Services Gateway Models | 3

Accessing the SRX100 Services Gateway | 3

This topic includes the following sections:

About the SRX100 Services Gateway

The Juniper Networks SRX100 Services Gateway offers features that provide complete functionality and
flexibility for delivering secure Internet and intranet access. The services gateway offers stable, reliable,
and efficient IP routing in addition to switching support and LAN connectivity. The device provides IP
Security (IPsec), virtual private network (VPN), and firewall services for small and medium-sized companies
and enterprise branch and remote offices. The SRX100 Services Gateway can be connected directly to
traditional private networks such as leased lines, Frame Relay, or Multi Protocol Label Switching (MPLS)
or to the public Internet.

The SRX100 Services Gateway runs the Junos operating system (Junos OS).

SRX100 Services Gateway Models

The following are the two models of the SRX100 Services Gateway available with 1 GB memory. For
information on the models with 2 GB memory, see SRX100 Services Gateway Hardware Guide for H2

Model Numbers.

Table 3: SRX100 Services Gateway Models

Model NumberDevice TypeProduct Name

SRX100BLow MemorySRX100 Services Gateway

SRX100HHigh MemorySRX100 Services Gateway

NOTE: You can upgrade from an SRX100 Services Gateway Low Memory version to a High

Memory version through a license key. You need not order a separate High Memory device.

3

NOTE: SRX100H model provides additional security features such as Unified Threat Management

(UTM), which consists of IPS antispam, antivirus, and Web filtering.

NOTE: The SRX100 Services Gateway High Memory model ships with a license key.

All SRX100 Services Gateways run the Junos OS.

Accessing the SRX100 Services Gateway

Two user interfaces are available for monitoring, configuring, troubleshooting, and managing the SRX100
Services Gateway:

J-Web interface: Web-based graphical interface that allows you to operate a services gateway without

•

commands. The J-Web interface provides access to all Junos OS functionality and features.

Junos OS command-line interface (CLI): Juniper Networks command shell that runs on top of a UNIX-based

•

operating system kernel. The CLI is a straightforward command interface. On a single line, you type
commands that are executed when you press the Enter key. The CLI provides command Help and
command completion.

RELATED DOCUMENTATION

SRX100 Services Gateway Specifications | 21

SRX100 Services Gateway Features and Functions | 4
Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version | 92

SRX100 Services Gateway Features and Functions

The SRX100 Services Gateway is a security optimized, fixed processing system that provides the following
features for the Low Memory and High Memory models listed in Table 4 on page 4. For information on
the models with 2 GB memory, see SRX100 Services Gateway Hardware Guide for H2 Model Numbers.

Table 4: SRX100 Services Gateway Hardware Features

4

SRX100 Services Gateway Low
MemoryFeatures

DDR Memory

Memory through a license key)

SRX100 Services Gateway High
Memory

1 GB512 MB (software upgradable to High

30 watts30 wattsPower supply adapter

100 to 240 VAC100 to 240 VACAC input voltage

88Fast Ethernet ports

11Console port

11USB port

44LEDs

1 GB1 GBNAND flash

For more details on Junos OS features and licenses for the SRX100 Services Gateway, see the Junos OS
Administration Guide for Security Devices.

For more information on upgrading an SRX100 Services Gateway Low Memory to High Memory, see

“Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version” on page 92.

RELATED DOCUMENTATION

SRX100 Services Gateway Description | 2

SRX100 Services Gateway Specifications | 21
Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version | 92

5

CHAPTER 2

Hardware Component Overview

IN THIS CHAPTER

SRX100 Services Gateway LEDs | 6

SRX100 Services Gateway Power Supply | 9

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10

SRX100 Services Gateway LEDs

6

IN THIS SECTION

SRX100 Services Gateway Front Panel LEDs | 6

SRX100 Services Gateway Ethernet Port LEDs | 8

This topic includes the following sections:

SRX100 Services Gateway Front Panel LEDs

Figure 1 on page 7 illustrates the front panel LEDs of the SRX100 Services Gateway.

NOTE: The numbers in Figure 1 on page 7 correspond to the numbers in Table 5 on page 7.

Figure 1: SRX100 Services Gateway Front Panel LEDs

Table 5 on page 7 lists the LED indicators on the SRX100 Services Gateway front panel.

Table 5: SRX100 Services Gateway Front Panel LEDs

UsageDescriptionComponentNumber

7

Alarm LED1

Power LED2

The Alarm LED has the
following indicator colors:

Solid red indicates a

•

major alarm.

Solid amber indicates a

•

minor alarm.

Off indicates that there

•

are currently no alarms.

The Power LED has the
following indicator colors:

Solid green indicates

•

that the device is
functioning normally.

Solid amber indicates

•

that the power button
has been pressed and
quickly released. The
device is gracefully
shutting down.

Off indicates that the

•

device is not receiving
power.

The Alarm LED can be
used to gather information
on major or minor alarms
or to determine if the
device is functioning
normally.

The Power LED can be
used to determine if the
device is receiving power.

Table 5: SRX100 Services Gateway Front Panel LEDs (continued)

8

UsageDescriptionComponentNumber

HA LED3

Status LED4

The HA LED has the
following indicator colors:

Solid green indicates

•

that all chassis clustering
links are available.

Solid red indicates that

•

the chassis clustering
links are not working as
expected.

Solid amber indicates

•

that some chassis
clustering links are not
working as expected.

Off indicates that

•

chassis clustering is not
enabled.

The Status LED has the
following indicator colors:

Solid green indicates

•

that the device is
functioning normally.

The HA LED can be used
to determine if chassis
clustering is enabled on the
device.

The Status LED can be
used to determine whether
the device is starting up, is
functioning normally, or
has failed.

Solid amber indicates

•

that the device is
starting up.

Solid red indicates that

•

an error is detected in
the device.

SRX100 Services Gateway Ethernet Port LEDs

On the SRX100 Services Gateway, each Fast Ethernet port has one functional LED on the left side that
indicates Link and Activity. In Figure 2 on page 9, this LED is marked as 1.

Figure 2: SRX100 Services Gateway Ethernet Port LEDs

The Table 6 on page 9 applies only to the TX/RX/LINK LED marked 1. Table 6 on page 9 describes the
states of this LED.

Table 6: SRX100 Services Gateway Built-In Ethernet Port LEDs

DescriptionStateColorFunction

9

BlinkingGreenTX/RX/LINK

Steady

Link is active. Data communication
is taking place.

Link is active. No data
communication is taking place.

Link is inactive.OffUnlit

NOTE: The LED marked as 2 in Figure 2 on page 9 is not functional in this release.

RELATED DOCUMENTATION

SRX100 Services Gateway Specifications | 21

SRX100 Services Gateway Front Panel and Back Panel Views | 12

SRX100 Services Gateway Built-In Interfaces | 14

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10
SRX100 Services Gateway Power Supply | 9

SRX100 Services Gateway Power Supply

The power supply for the SRX100 Services Gateway is external. You must use the power supply adapter
provided by Juniper Networks to provide power to the services gateway.

RELATED DOCUMENTATION

SRX100 Services Gateway Specifications | 21

SRX100 Services Gateway Front Panel and Back Panel Views | 12

SRX100 Services Gateway LEDs | 6

SRX100 Services Gateway Built-In Interfaces | 14

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10

Monitoring the SRX100 Services Gateway Power System | 103
SRX100 Services Gateway Electrical and Power Requirements | 29

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme

IN THIS SECTION

10

Boot Devices | 10

Dual-Root Partitioning Scheme | 10

This topic includes the following sections:

Boot Devices

The SRX100 Services Gateway can boot from the following storage media (in the order of priority):

Internal NAND Flash (default; always present)

•

USB storage key (alternate)

•

Dual-Root Partitioning Scheme

Dual-root partitions allow the SRX100 Services Gateways to remain functional if there is file system
corruption and facilitate easy recovery of the corrupted file system.

The dual-root partitioning scheme keeps the primary and backup Junos OS images in two independently
bootable root partitions. If the primary root partition becomes corrupted, the system will be able to boot
from the backup Junos OS image located in the other root partition and remain fully functional.

When the SRX100 Services Gateway powers up, it tries to boot the Junos OS from the default storage
media. If the device fails to boot from the default storage media, it tries to boot from the alternate storage
media. With the dual-root partitioning scheme, the SRX100 Services Gateway first tries to boot the Junos
OS from the primary root partition and then from the backup root partition on the default storage media.
If both primary and backup root partitions of a media fail to boot, then the device tries to boot from the
next available type of storage media. The SRX100 Services Gateway remains fully functional even if it
boots the Junos OS from the backup root partition of storage media.

NOTE: SRX Series devices that ship from the factory with Junos OS Release 10.0 are formatted

with the dual-root partitioning scheme.

The SRX100 Services Gateways that are running Junos OS Release 9.6 or earlier use the single-root
partitioning scheme. While upgrading these devices to Junos OS Release 10.0, you can choose to format
the storage media with dual-root partitions (strongly recommended) or retain the existing single-root
partitioning.

11

For instructions on upgrading to Junos OS Release 10.0, see the following topics:

Initial Configuration for Security Devices

•

Monitoring and Troubleshooting for Security Devices

•

RELATED DOCUMENTATION

Installation Overview for the SRX100 Services Gateway | 36
SRX100 Services Gateway Software Configuration Overview | 65

CHAPTER 3

g031001

Chassis Description

IN THIS CHAPTER

SRX100 Services Gateway Front Panel and Back Panel Views | 12

SRX100 Services Gateway Built-In Interfaces | 14

SRX100 Services Gateway Front Panel and Back Panel Views

12

IN THIS SECTION

SRX100 Services Gateway Front Panel | 12

SRX100 Services Gateway Back Panel | 13

This topic contains views of the front and back panels of the SRX100 Services Gateway. This topic includes
the following sections:

SRX100 Services Gateway Front Panel

Figure 3 on page 12 shows the front panel of the SRX100 Services Gateway.

Figure 3: SRX100 Services Gateway Front Panel

Table 7 on page 13 lists the front panel components of the services gateway.

g031002

Table 7: SRX100 Services Gateway Front Panel Components

ComponentNumber

Power button1

LEDs: Alarm, Status, Power, HA2

Reset Config button3

Universal serial bus (USB) port4

Console port5

Fast Ethernet ports6

13

For more information on the front panel components, see the following topics:

SRX100 Services Gateway Built-In Interfaces on page 14

•

SRX100 Services Gateway LEDs on page 6

•

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme on page 10

•

SRX100 Services Gateway Back Panel

Figure 4 on page 13 illustrates the back panel of the SRX100 Services Gateway.

Figure 4: SRX100 Services Gateway Back Panel

Table 8 on page 14 lists the components available on the back panel of the SRX100 Services Gateway.

Table 8: SRX100 Services Gateway Back Panel

ComponentNumber

Lock1

Grounding point2

Cable tie holder3

Power supply point4

NOTE: The cable tie holder provides support for holding the power cord on the power supply

point.

The lock provides the option to lock and secure the device to the installation site.

14

RELATED DOCUMENTATION

SRX100 Services Gateway Specifications | 21

SRX100 Services Gateway Built-In Interfaces | 14

SRX100 Services Gateway LEDs | 6

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10
SRX100 Services Gateway Power Supply | 9

SRX100 Services Gateway Built-In Interfaces

Table 9 on page 15 summarizes the interface ports supported on the SRX100 Services Gateway.

Table 9: SRX100 Services Gateway Built-In Hardware Interfaces

15

DescriptionSpecificationsInterface Type

Fast Ethernet

Universal Serial Bus (USB)

The Fast Ethernet ports:

Consist of eight fixed ports

•

Are labeled as port 0/0 to port 0/7

•

on the front panel

Provide link speeds of 10/100

•

Mbps

Operate in full-duplex and

•

half-duplex modes

Support flow control

•

Support autonegotiation

•

Support autosensing

•

The USB port:

Consists of one port

•

Supports the following modes:

•

Full speed

•

High speed

•

Complies with USB revision 2.0

•

The Fast Ethernet ports can be used:

To provide LAN connectivity to

•

hubs, switches, local servers, and
workstations.

To forward incoming data packets

•

to the device.

To receive outgoing data packets

•

from the device.

The USB port can be used:

To support a USB storage device

•

that functions as a secondary boot
device in case of internal flash
failure on startup, if the USB
storage device is installed and
configured

Console

The console port:

Consists of one port

•

Uses an RJ-45 serial cable

•

connector

Supports the RS-232 (EIA-232)

•

standard

NOTE: You must install and

configure the USB storage device
on the USB port to use it as
secondary boot device.
Additionally, the USB device must
have Junos installed.

To provide the USB interfaces that

•

are used to communicate with
many types of Juniper-supported
USB storage devices

The console port can be used:

To provide the console interface.

•

To function as a management port

•

to log into a device directly.

To configure the device using the

•

CLI.

NOTE: The Reset Config button is used to remove the current configuration and reset the device

to the default configuration.

The button is recessed in the front panel to prevent it from being pressed accidentally.

CAUTION: Pressing and holding the Reset Config button for 15 seconds or more

deletes all configurations on the device and loads and commits the factory configuration.

RELATED DOCUMENTATION

SRX100 Services Gateway Specifications | 21

16

SRX100 Services Gateway Front Panel and Back Panel Views | 12

SRX100 Services Gateway LEDs | 6

SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10
SRX100 Services Gateway Power Supply | 9

2

PART

Site Planning and Specifications

Planning and Preparing the Site | 18

Power Requirements and Specifications | 27

Cable Specifications and Pinouts | 31

CHAPTER 4

Planning and Preparing the Site

IN THIS CHAPTER

Site Preparation Checklist for the SRX100 Services Gateway | 18

General Site Guidelines for Installing the SRX100 Services Gateway | 21

SRX100 Services Gateway Specifications | 21

SRX100 Services Gateway Cabinet Requirements | 23

SRX100 Services Gateway Rack Requirements | 24

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

18

Site Preparation Checklist for the SRX100 Services Gateway

The checklist in Table 10 on page 18 summarizes the tasks you need to perform when preparing a site for
installing the SRX100 Services Gateway.

Table 10: Site Preparation Checklist for Services Gateway Installation

Additional

NotesDatePerformed By

Environment

Verify that environmental
factors such as temperature
and humidity do not exceed
device tolerances.

Power

InformationItem or Task

“SRX100 Services
Gateway
Specifications” on
page 21

Table 10: Site Preparation Checklist for Services Gateway Installation (continued)

Additional
InformationItem or Task

19

NotesDatePerformed By

Measure the distance

•

between the external
power sources and the
device installation site.

Locate sites for connection

•

of system grounding.

Calculate the power

•

consumption and
requirements.

Rack Requirements

Verify that your rack meets
the minimum requirements.

Rack Installation

“SRX100 Services
Gateway Site
Electrical Wiring
Guidelines” on
page 27

“SRX100 Services
Gateway Power
Specifications and
Requirements” on
page 29

“SRX100 Services
Gateway Rack
Requirements” on
page 24

Plan the rack location,

•

including required space
clearances.

Secure the rack to the floor

•

and building structure.

Cabinet Requirements

Verify that your cabinet

•

meets the minimum
requirements.

Plan the cabinet location,

•

including required space
clearances.

Wall Installation

“Preparing the
SRX100 Services
Gateway for
Rack-Mount
Installation” on
page 43

“SRX100 Services
Gateway Cabinet
Requirements” on
page 23

Table 10: Site Preparation Checklist for Services Gateway Installation (continued)

Additional
InformationItem or Task

20

NotesDatePerformed By

Verify that the area

•

selected meets the
minimum requirements.

Verify that you have the

•

required hardware to
proceed with the
installation.

Desktop Installation

Verify that the area

•

selected meets the
minimum requirements.

Plan the installation

•

location, including required
space clearances and
airflow requirements.

Cables

Acquire cables and

•

connectors.

Review the maximum

•

distance allowed for each
cable. Choose the length
of cable based on the
distance between the
hardware components
being connected.

Plan the cable routing and

•

management.

“Preparing the
SRX100 Services
Gateway for
Wall-Mount
Installation” on
page 45

“Preparing the
SRX100 Services
Gateway for
Desk-Mount
Installation” on
page 44

“Interface Cable
and Wire
Specifications for
the SRX100
Services Gateway”
on page 31

RELATED DOCUMENTATION

SRX100 Services Gateway Specifications | 21

SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125

Installation Overview for the SRX100 Services Gateway | 36

General Site Guidelines for Installing the SRX100 Services Gateway | 21

SRX100 Services Gateway Cabinet Requirements | 23

SRX100 Services Gateway Rack Requirements | 24
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

General Site Guidelines for Installing the SRX100 Services Gateway

Keep the following precautions in mind to help you plan an acceptable operating environment for your
SRX100 Services Gateway and avoid environmentally caused equipment failures:

For the operating temperature of the services gateway to be optimal, the airflow around the chassis

•

must be unrestricted. Allow sufficient clearance between the front and back of the chassis and adjacent
equipment. Ensure that there is adequate circulation in the installation location.

Follow the ESD procedures to avoid damaging equipment. Static discharge can cause components to

•

fail completely or intermittently over time.

21

NOTE: The SRX100 Services Gateway does not include a fan and does not generate any acoustic

noise.

RELATED DOCUMENTATION

SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125

SRX100 Services Gateway Cabinet Requirements | 23

SRX100 Services Gateway Rack Requirements | 24
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

SRX100 Services Gateway Specifications

The SRX100 Services Gateway chassis is a rigid sheet metal structure that houses all the other hardware
components (see Figure 5 on page 22).

Table 11 on page 22 provides information on the physical specifications of the device.

Table 11: SRX100 Services Gateway Specifications

ValueSpecification

1.38 in. (35 mm)Chassis height

8.5 in. (216 mm)Chassis width

5.79 in. (147 mm)Chassis depth

1.86 lb (844 g)Chassis weight

22

Average power consumption

Temperature

Maximum thermal output

Figure 5: SRX100 Services Gateway

SRX100 Services Gateway Low Memory model: 10 watts

•

SRX100 Services Gateway High Memory model: 10 watts

•

Normal operation ensured in temperature range of 32°F (0°C) to 104°F
(+40°C)

Nonoperating storage temperature in shipping container: –40°F (–40°C)
to 158°F (70°C)

NOTE: The SRX100 Services Gateway operating temperature is 35°C

when installed in a rack.

The maximum thermal values for the two models of services gateways
are as follows:

Low Memory — AC power: 80 BTU/hour (21.5 W)

•

High Memory — AC power: 80 BTU/hour (21.5 W)

•

NOTE: These specifications are estimates and subject to change.

CAUTION: Before removing or installing components of a functioning services gateway,

attach an electrostatic discharge (ESD) strap to an ESD point and place the other end
of the strap around your bare wrist. Failure to use an ESD strap could result in damage
to the services gateway.

RELATED DOCUMENTATION

SRX100 Services Gateway Description | 2

SRX100 Services Gateway Front Panel and Back Panel Views | 12

Monitoring the SRX100 Services Gateway Components Using LEDs | 100
SRX100 Services Gateway Electrical Safety Guidelines and Warnings | 150

23

SRX100 Services Gateway Cabinet Requirements

The SRX100 Services Gateway can be installed in a standard 31.5 in. (800 mm) or larger enclosed cabinet.

Table 12 on page 23 provides the details on cabinet size, clearance, and airflow requirements.

Table 12: SRX100 Services Gateway Cabinet Requirements

Cabinet
Requirements

Cabinet size

Clearance
requirements

Specifications

19 in. (48.3 cm) as defined in Cabinets, Racks, Panels, and Associated Equipment (document
number EIA-310–D) published by the Electronics Industry Association (http://www.eia.org).

You can mount the gateway horizontally in the cabinet.

The cabinet is at least 1 U (1.75 in. or 4.5 cm) high.

•

The outer edges of the mounting brackets extend the width of either chassis to 19 in.

•

(48.3 cm), and the front of the chassis extends approximately 0.5 in. (1.27 cm) beyond
the mounting brackets.

The minimum total clearance inside the cabinet is 30.7 in. (78 cm) between the inside of

•

the front door and the inside of the rear door.

NOTE: The holes for the mounting brackets chassis are spaced 1.25 in. (3.2 cm) apart,

measured from the center of the hole.

Table 12: SRX100 Services Gateway Cabinet Requirements (continued)

Cabinet
Requirements

Specifications

24

Cabinet airflow
requirements

Ensure sufficient ventilation through the cabinet is sufficient to prevent overheating.

•

Ensure adequate cool air supply to dissipate the thermal output of the device.

•

Install the device as close as possible to the front of the cabinet so that the cable

•

management system clears the inside of the front door. Installing the chassis close to the
front of the cabinet maximizes the clearance in the rear of the cabinet for critical airflow.

Route and dress all cables to minimize the blockage of airflow to and from the chassis.

•

NOTE: A cabinet larger than the minimum required provides better airflow and reduces

the chance of overheating.

RELATED DOCUMENTATION

General Site Guidelines for Installing the SRX100 Services Gateway | 21

SRX100 Services Gateway Rack Requirements | 24
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

SRX100 Services Gateway Rack Requirements

The services gateway can be installed in a rack. Many types of racks are acceptable, including front-mount
racks and four-post (telco) racks.

NOTE: The services gateway cannot be center mounted in a rack.

Table 13 on page 24 provides the details of requirements for rack size, clearance, airflow, spacing of

mounting brackets and flange holes, and connecting to the building structure.

Table 13: Rack Requirements for the Services Gateway

SpecificationsRack Requirement

Size

A 19 in. (48.3 cm) rack as defined in Cabinets, Racks, Panels, and Associated Equipment
(document number EIA-310-D) published by the Electronics Industry Association
(http://www.eia.org).

Table 13: Rack Requirements for the Services Gateway (continued)

SpecificationsRack Requirement

25

Clearance

Spacing of Mounting
Bracket and Flange Holes

Connecting to the
Building Structure

The outer edges of the mounting brackets extend the width of either chassis to 19 in.

•

(48.3 cm).

The front of the chassis extends approximately 0.5 in. (1.27 cm) beyond the mounting

•

ears.

Maximum permissible ambient temperature when two devices are placed side by

•

side in a 19 in. rack is 40° C.

The holes within each rack set are spaced at 1 U [1.75 in. (4.5 cm)]. The device can

•

be mounted in any rack that provides holes or hole patterns spaced at 1-U [1.75 in.
(4.5 cm)] increments.

The mounting brackets and front-mount flanges used to attach the chassis to a rack

•

are designed to fasten to holes spaced at rack distances of 1 U (1.75 in.).

The mounting holes in the mounting brackets provided with the device are spaced

•

1.25 in. (3.2 cm) apart (top and bottom mounting hole).

Always secure the rack in which you are installing the services gateway to the structure
of the building. If your geographical area is subject to earthquakes, bolt the rack to the
floor. For maximum stability, also secure the rack to ceiling brackets.

RELATED DOCUMENTATION

General Site Guidelines for Installing the SRX100 Services Gateway | 21

SRX100 Services Gateway Cabinet Requirements | 23
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway

When planning the installation site for the SRX100 Services Gateway, you need to allow sufficient clearance
around the device.

When planning the installation site for the services gateway, consider the following:

For the operating temperature of the services gateway to be optimal, the airflow around the chassis

•

must be unrestricted.

For service personnel to remove and install hardware components, there must be adequate space at the

•

front and back of the device. Allow at least 24 in. (61 cm) both in front of and behind the device.

If you are mounting the device in a rack with other equipment, or if you are placing it on the desktop

•

near other equipment, ensure that the exhaust from other equipment does not blow into the intake
vents of the chassis.

Table 14 on page 26 provides information on the clearance requirements for maintaining the optimum

airflow and the distances for facilitating easy maintenance of the device.

Table 14: Clearance Requirements for the SRX100 Services Gateway

Requirement for ClearanceRecommended ClearanceLocation

26

2.5 in. (6.35 cm)Front of the chassis

2.5 in. (6.35 cm)Rear of the chassis

2.5 in. (6.35 cm)Between front-mounting flange and

rack or cabinet edge

2.5 in. (6.35 cm)Between side of the chassis and any
non-heat-producing surface such as
a wall or cabinet side

0.4 in. (1 cm)Between side of the chassis and
devices that have fans or blowers

Space for service personnel to remove
and install hardware components

Space for service personnel to remove
and install hardware components

Space for cable management and
organization

Space for the cooling system to function
properly and to maintain unrestricted
airflow around the chassis

Space for the cooling system to function
properly and to maintain unrestricted
airflow around the chassis

NOTE: The air vents are provided on the sides of the chassis for the SRX100 Services Gateway.

RELATED DOCUMENTATION

General Site Guidelines for Installing the SRX100 Services Gateway | 21

SRX100 Services Gateway Cabinet Requirements | 23
SRX100 Services Gateway Rack Requirements | 24

CHAPTER 5

Power Requirements and Specifications

IN THIS CHAPTER

SRX100 Services Gateway Site Electrical Wiring Guidelines | 27

SRX100 Services Gateway Electrical and Power Requirements | 29

SRX100 Services Gateway Power Specifications and Requirements | 29

SRX100 Services Gateway Site Electrical Wiring Guidelines

27

Table 15 on page 28 describes the factors you must consider while planning the electrical wiring for the

services gateway at your site.

CAUTION: It is particularly important to provide a properly grounded and shielded

environment and to use electrical surge-suppression devices.

CAUTION: For devices with AC power supplies, an external surge protective device

(SPD) must be used at the AC power source.

Table 15: Site Electrical Wiring Guidelines for the Services Gateway

GuidelineSite Wiring Factor

28

Signaling Limitations

Radio Frequency Interference
(RFI)

Electromagnetic Compatibility
(EMC)

To ensure that signaling functions optimally:

Install wires correctly.

•

Improperly installed wires can emit radio interference.

Do not exceed the recommended distances or pass wires between buildings.

•

The potential for damage from lightning strikes increases if wires exceed
recommended distances or if wires pass between buildings.

Shield all conductors.

•

The electromagnetic pulse (EMP) caused by lightning can damage unshielded
conductors and destroy electronic devices.

To reduce or eliminate the emission of RFI from your site wiring:

Use twisted-pair cable with a good distribution of grounding conductors.

•

Use a high-quality twisted-pair cable with one ground conductor for each data

•

signal when applicable, if you must exceed the recommended distances.

Provide a properly grounded and shielded environment and use electrical
surge-suppression devices.

Strong sources of electromagnetic interference (EMI) can cause the following
damage:

Destroy the signal drivers and receivers in the device

•

Conduct power surges over the lines into the equipment, resulting in an

•

electrical hazard

NOTE: If your site is susceptible to problems with EMC, particularly from

lightning or radio transmitters, you may want to seek expert advice.

CAUTION: To comply with intrabuilding lightning/surge requirements, the intrabuilding

wiring must be shielded. The shielding for the wiring must be grounded at both ends.

RELATED DOCUMENTATION

General Site Guidelines for Installing the SRX100 Services Gateway | 21

Monitoring the SRX100 Services Gateway Power System | 103

SRX100 Services Gateway Electrical and Power Requirements | 29
SRX100 Services Gateway Power Specifications and Requirements | 29

SRX100 Services Gateway Electrical and Power Requirements

This topic provides information on the factors you must consider while planning the electrical wiring and
power availability at your site. These requirements cover the following areas:

Power specifications and requirements for the device

•

Electrical wiring guidelines for the device installation site

•

Power, connection, and power cord specifications for the device

•

Grounding guidelines and specifications for the device

•

29

RELATED DOCUMENTATION

SRX100 Services Gateway Site Electrical Wiring Guidelines | 27

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

Installation Overview for the SRX100 Services Gateway | 36
Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31

SRX100 Services Gateway Power Specifications and Requirements

The AC power system electrical specifications for the SRX100 Services Gateway are listed in

Table 16 on page 29.

Table 16: Power System Electrical Specifications for the SRX100 Services Gateway

SpecificationPower Requirement

100 to 240 VACAC input voltage

50 to 60 HzAC input line frequency

1 A maximumAC system current rating

WARNING: The AC power cord for the services gateway is intended for use with the

device only and not for any other use.

RELATED DOCUMENTATION

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

SRX100 Services Gateway Site Electrical Wiring Guidelines | 27

Monitoring the SRX100 Services Gateway Power System | 103
Maintaining the SRX100 Services Gateway Hardware Components | 95

30

CHAPTER 6

Cable Specifications and Pinouts

IN THIS CHAPTER

Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31

RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port | 32

RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port | 32

Interface Cable and Wire Specifications for the SRX100 Services Gateway

31

Table 17 on page 31 lists the specifications for the cables that connect to ports.

Table 17: Cable and Wire Specifications for Ports

Maximum
LengthCable/Wire RequiredCable SpecificationPort

RS-232 (EIA-232) serial cableConsole port

DB-9/RJ-45 connectors

Ethernet
port

CAT-5e (Category 5) cable or
equivalent suitable for
100BASE-T operation

RJ-45/RJ-45 connectors

RELATED DOCUMENTATION

RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port | 32
RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port | 32

Device
Receptacle

RJ-456 ft (1.83 m)One 6-ft (1.83-m) length with

RJ-45328 ft (100 m)One 15-ft (4.57-m) length with

RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port

Figure 6 on page 32 shows the RJ-45 cable connector pinouts for Ethernet ports.

Figure 6: Ethernet Cable Connector (RJ-45)

Table 18 on page 32 describes the RJ-45 connector pinouts for the Ethernet port.

Table 18: RJ-45 Connector Pinouts for the Services Gateway Ethernet Port

SignalPin

TX+1

32

TX -2

RX+3

Termination network4

Termination network5

RX-6

Termination network7

Termination network8

RELATED DOCUMENTATION

Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port | 32

RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port

Figure 7 on page 33 shows the RJ-45 connector pinouts for the console port.

Figure 7: Console Cable Connector

Table 19 on page 33 describes the RJ-45 connector pinouts for the console port.

Table 19: RJ-45 Connector Pinouts for the Services Gateway Console Port

DescriptionSignalPin

Request to SendRTS1

Data Terminal ReadyDTR2

Transmit DataTXD3

Signal GroundGround4

33

Signal GroundGround5

Receive DataRXD6

Data Set ReadyDSR/DCD7

Clear to SendCTS8

RELATED DOCUMENTATION

Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port | 32

3

PART

Initial Installation and Configuration

Installation Overview | 35

Unpacking the Services Gateway | 40

Installing the Mounting Hardware | 43

Installing the Services Gateway | 46

Grounding the SRX100 Services Gateway | 52

Connecting the SRX100 Services Gateway to External Devices | 55

Providing Power to the SRX100 Services Gateway | 60

Performing Initial Configuration | 65

CHAPTER 7

Installation Overview

IN THIS CHAPTER

Installation Overview for the SRX100 Services Gateway | 36

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

SRX100 Services Gateway Autoinstallation Overview | 38

35

Installation Overview for the SRX100 Services Gateway

After you have prepared your installation site, you are ready to unpack and install the services gateway.
It is important to proceed through the installation process in the order shown in Table 20 on page 36.

Table 20: Installation Process Order for the SRX100 Services Gateway

For More Information, SeeProcessSteps

36

Review the safety guidelines.1

2

3

Verify that you have prepared your site for
the installation of the services gateway using
the checklist.

Follow the instructions for unpacking the
services gateway and verify that the parts
are received.

Prepare the services gateway for installation.4

Install the services gateway.5

“SRX100 Services Gateway Safety
Requirements, Warnings, and Guidelines” on
page 125

“Site Preparation Checklist for the SRX100
Services Gateway” on page 18

“Unpacking the SRX100 Services Gateway”
on page 40

“Preparing the SRX100 Services Gateway for
Rack-Mount Installation” on page 43

“Preparing the SRX100 Services Gateway for
Desk-Mount Installation” on page 44

“Preparing the SRX100 Services Gateway for
Wall-Mount Installation” on page 45

“Installing the SRX100 Services Gateway in
a Rack” on page 46

“Installing the SRX100 Services Gateway on
a Desk” on page 48

“Installing the SRX100 Services Gateway on
a Wall” on page 49

Connect cables to external devices.6

Connect the grounding cable.7

Power on the services gateway.8

“Connecting and Organizing Interface Cables
to the SRX100 Services Gateway” on page 55

“Grounding the SRX100 Services Gateway”
on page 52

“Powering On and Powering Off the SRX100
Services Gateway” on page 61

RELATED DOCUMENTATION

Unpacking the SRX100 Services Gateway | 40

General Site Guidelines for Installing the SRX100 Services Gateway | 21

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43

Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44

Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45

Installing the SRX100 Services Gateway in a Rack | 46

Installing the SRX100 Services Gateway on a Desk | 48

Installing the SRX100 Services Gateway on a Wall | 49
Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55

Required Tools and Parts for Installing and Maintaining the SRX100 Services

37

Gateway

Table 21 on page 37 lists the tools and parts required to install and maintain the SRX100 Services Gateway.

Table 21: Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway

Related TopicTools and PartsTask

Installing the SRX100 Services
Gateway

Connecting the SRX100 Services
Gateway

Gateway

Phillips (+) screwdriver, numbers

•

1 and 3

Tie wrap

•

Electrostatic discharge (ESD)
grounding wrist strap

Phillips (+) screwdriver, number 1Grounding the SRX100 Services

“Installing the SRX100 Services
Gateway in a Rack” on page 46

“Installing the SRX100 Services
Gateway on a Desk” on page 48

“Installing the SRX100 Services
Gateway on a Wall” on page 49

“Connecting the SRX100 Services
Gateway to the Power Supply” on
page 60

“Grounding the SRX100 Services
Gateway” on page 52

Packing the SRX100 Services
Gateway

Electrostatic bag or antistatic mat,

•

for each component

Electrostatic discharge (ESD)

•

grounding wrist strap

“Packing the SRX100 Services
Gateway and Components for
Shipment” on page 113

RELATED DOCUMENTATION

Unpacking the SRX100 Services Gateway | 40

Installing the SRX100 Services Gateway in a Rack | 46

Installing the SRX100 Services Gateway on a Desk | 48

Installing the SRX100 Services Gateway on a Wall | 49

Grounding the SRX100 Services Gateway | 52

Connecting the SRX100 Services Gateway to the Power Supply | 60
Packing the SRX100 Services Gateway and Components for Shipment | 113

SRX100 Services Gateway Autoinstallation Overview

The autoinstallation process begins any time a services gateway is powered on and cannot locate a valid
configuration file in the internal flash. Typically, a configuration file is unavailable when a services gateway
is powered on for the first time or if the configuration file is deleted from the internal flash. The
autoinstallation feature enables you to deploy multiple services gateways from a central location in the
network.

38

If you are setting up many devices, autoinstallation can help automate the configuration process by loading
configuration files onto new or existing devices automatically over the network. You can use either the
J-Web interface or the CLI to configure a device for autoinstallation.

For the autoinstallation process to work, you must store one or more host-specific or default configuration
files on a configuration server in the network and have a service available—typically Dynamic Host
Configuration Protocol (DHCP)—to assign an IP address to the services gateway.

Autoinstallation takes place automatically when you connect an Ethernet port on a new services gateway
to the network and power on the device. To simplify the process, you can explicitly enable autoinstallation
on a device and specify a configuration server, an autoinstallation interface, and a protocol for IP address
acquisition.

For more information about configuring autoinstallation, see the following topics:

Installation and Upgrade Guide

•

Network Monitoring and Troubleshooting

•

RELATED DOCUMENTATION

Connecting the SRX100 Services Gateway to the Power Supply | 60

Grounding the SRX100 Services Gateway | 52
Powering On and Powering Off the SRX100 Services Gateway | 61

39

CHAPTER 8

Unpacking the Services Gateway

IN THIS CHAPTER

Unpacking the SRX100 Services Gateway | 40

Verifying Parts Received with the SRX100 Services Gateway | 41

Unpacking the SRX100 Services Gateway

40

The SRX100 Services Gateway is shipped in a cardboard carton. The carton also contains an accessory
box and the SRX100 Services Gateway Quick Start.

NOTE: The device is maximally protected inside the shipping carton. Do not unpack it until you

are ready to begin installation.

To unpack the SRX100 Services Gateway:

1. Open the box in which the device is shipped.

2. Verify the parts received against the lists in “Verifying Parts Received with the SRX100 Services

Gateway” on page 41.

3. Store the shipping box and packing material in case you need to return or move the device at a later
time.

RELATED DOCUMENTATION

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

Verifying Parts Received with the SRX100 Services Gateway | 41

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43

Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44

Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
Installation Overview for the SRX100 Services Gateway | 36

Verifying Parts Received with the SRX100 Services Gateway

The SRX100 Services Gateway shipment package contains a packing list. Check the parts in the shipment
against the items on the packing list. The packing list specifies the part numbers and descriptions of each
part in your order.

If any part is missing, contact your Juniper Networks customer service representative.

A fully configured SRX100 Services Gateway contains the chassis with installed components, listed in

Table 22 on page 41, and an accessory box, which contains the parts listed in Table 23 on page 41.

NOTE: The parts shipped with your device can vary depending on the configuration you ordered.

41

Table 22: Parts List for a Fully Configured SRX100 Services Gateway

QuantityComponent

1Chassis, with 8xFE ports

1Power supply adapter (30 W)

12-prong power cord

1DB-9 to RJ-45 adapter, straight through, 7 ft

Table 23: Accessory Parts List for the SRX100 Services Gateway

QuantityPart

1Juniper Networks Product Warranty

1End User License Agreement

1Quick Start

1Security Products Safety Guide

1Juniper Compliance Form Letter

Table 23: Accessory Parts List for the SRX100 Services Gateway (continued)

QuantityPart

1Product Registration

NOTE: The mounting kits available for rack, desk, and wall installation of the SRX100 Services

Gateway must be ordered separately. Contact your Juniper Networks customer service
representative for more information.

RELATED DOCUMENTATION

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

42

Unpacking the SRX100 Services Gateway | 40

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43

Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45

CHAPTER 9

Installing the Mounting Hardware

IN THIS CHAPTER

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43

Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44

Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45

Preparing the SRX100 Services Gateway for Rack-Mount Installation

43

You can mount an SRX100 Services Gateway in four-post (telco) racks, enclosed cabinets, and open-frame
racks.

NOTE: The SRX100 Services Gateway cannot be center-mounted in racks.

Before mounting the SRX100 Services Gateway in a rack:

Verify that the installation site meets the requirements described in the site preparation checklist.

•

Verify that the racks or cabinets meet the specific requirements described in “SRX100 Services Gateway

•

Rack Requirements” on page 24.

Place the rack or cabinet in its permanent location, allowing adequate clearance for airflow and

•

maintenance, and secure it to the building structure. For more information, see “Clearance Requirements

for Airflow and Hardware Maintenance of the SRX100 Services Gateway” on page 25.

Remove the services gateway chassis from the shipping carton. For unpacking instructions, see “Unpacking

•

the SRX100 Services Gateway” on page 40.

Verify that you have the following parts available in your rack-mounting kit for the SRX100 Services

•

Gateway:

Rack-mount tray

•

Screws

•

NOTE: The rack-mounting kit is not shipped with the device and must be ordered separately.

RELATED DOCUMENTATION

Unpacking the SRX100 Services Gateway | 40

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

SRX100 Services Gateway Rack Requirements | 24

Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45

44

Preparing the SRX100 Services Gateway for Desk-Mount Installation

You can mount an SRX100 Services Gateway on a desk or other level surface horizontally or vertically.
The four rubber feet attached to the chassis provide stability.

Before mounting an SRX100 Services Gateway on a desk or other level surface:

Verify that the site meets the requirements described in the site preparation checklist.

•

Place the desk in its permanent location, allowing adequate clearance for airflow and maintenance, and

•

secure it to the building structure.

Remove the services gateway chassis from the shipping carton. For unpacking instructions, see “Unpacking

•

the SRX100 Services Gateway” on page 40.

If you are mounting the device vertically on the desk, make sure that the following parts are available

•

in your vertical desk-mounting kit for the SRX100 Services Gateway:

Vertical stand

•

Screws

•

NOTE: The vertical desk-mounting kit is not shipped with the device and must be ordered

separately.

RELATED DOCUMENTATION

Unpacking the SRX100 Services Gateway | 40

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45

Preparing the SRX100 Services Gateway for Wall-Mount Installation

You can mount an SRX100 Services Gateway on a wall. The four rubber feet attached to the chassis provide
stability.

Before mounting an SRX100 Services Gateway on a wall:

Verify that the site meets the requirements described in “Site Preparation Checklist for the SRX100

•

Services Gateway” on page 18.

45

Remove the services gateway chassis from the shipping carton. For unpacking instructions, see “Unpacking

•

the SRX100 Services Gateway” on page 40.

Verify that you have the following parts available in your wall-mounting kit for the SRX100 Services

•

Gateway:

Wall-mounting brackets

•

Screws

•

NOTE: The wall-mounting kit is not shipped with the device and must be ordered separately.

RELATED DOCUMENTATION

Site Preparation Checklist for the SRX100 Services Gateway | 18

Unpacking the SRX100 Services Gateway | 40

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44

CHAPTER 10

Installing the Services Gateway

IN THIS CHAPTER

Installing the SRX100 Services Gateway in a Rack | 46

Installing the SRX100 Services Gateway on a Desk | 48

Installing the SRX100 Services Gateway on a Wall | 49

Installing the SRX100 Services Gateway in a Rack

46

You can front-mount two SRX100 Services Gateways in a rack. Many types of racks are acceptable,
including four-post (telco) racks, enclosed cabinets, and open-frame racks. For more information about
the type of rack or cabinet the SRX100 Services Gateway can be installed into, see “SRX100 Services

Gateway Rack Requirements” on page 24.

NOTE: If you are installing multiple devices in one rack, install the lowest one first and proceed

upward in the rack.

To install the device in a rack:

1. Position the two devices in the rack-mount tray as shown in Figure 8 on page 47.

g031038

g0310 39

Figure 8: Installing the SRX100 Services Gateway in a Rack

2. Use a number-1 Phillips screwdriver to install the screws that secure the device to the rack-mount tray.

3. Have one person grasp the sides of the rack-mount tray, lift it, and position it in the rack.

47

4. Align the bottom hole in each side of the rack-mount tray with a hole in each rack rail as shown in

Figure 9 on page 47, making sure the rack-mount tray is level.

Figure 9: Hanging the SRX100 Services Gateway in a Rack

5. Have a second person install a mounting screw into each of the two aligned holes. Use a number-3
Phillips screwdriver to install the mounting screws.

6. Install the second screw in each side of the rack-mount tray.

7. Verify that the mounting screws on one side of the rack-mount tray are aligned with the mounting
screws on the opposite side and that the tray is level.

NOTE: The rack-mounting kit is not shipped with the device and must be ordered separately.

RELATED DOCUMENTATION

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43

SRX100 Services Gateway Rack Requirements | 24

Connecting the SRX100 Services Gateway to the Power Supply | 60

Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25

SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125

Installing the SRX100 Services Gateway on a Desk | 48

48

Installing the SRX100 Services Gateway on a Wall | 49

Installing the SRX100 Services Gateway on a Desk

You can install the SRX100 Services Gateway on a desk, table, or other level surface. The device is shipped
with the rubber feet attached. The rubber feet are necessary to stabilize the device on the desk.

You can install the device in a horizontal or vertical position.

NOTE: The desk-mounting kit is not shipped with the device and must be ordered separately.

Horizontal Desk Mounting

The horizontal position is the standard installation position and does not require the vertical installation
kit.

To install the device in a horizontal position:

1. Make sure that the rubber feet are attached to the chassis.

2. Place the device on a desk with the Juniper Networks logo embossed on the top cover facing up.

Vertical Desk Mounting

The vertical position requires the vertical installation kit, which consists of a vertical installation stand.

To install the device in a vertical position:

1. Place the device on a flat and level surface with the Juniper Networks logo on the front panel facing
up, as shown in Figure 10 on page 49.

Figure 10: Installing the SRX100 Services Gateway on a Desk

49

2. Attach the vertical stand to the right side of the chassis as shown in Figure 10 on page 49.

3. Place the chassis vertically on the desk with the stand resting on the desk.

RELATED DOCUMENTATION

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44

SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125

Installing the SRX100 Services Gateway in a Rack | 46
Installing the SRX100 Services Gateway on a Wall | 49

Installing the SRX100 Services Gateway on a Wall

You can install the SRX100 Services Gateway on a wall. The device is shipped with the rubber feet attached.
The rubber feet help stabilize the device on the wall and enhance airflow.

NOTE: The wall-mounting kit is not shipped with the device and must be ordered separately.

To install the device on a wall:

1. Place the device on a flat and level surface with the Juniper Networks logo embossed on the top cover
facing up.

2. Position a mounting bracket on each side of the chassis as shown in Figure 11 on page 50.

Figure 11: Installing the SRX100 Services Gateway on a Wall

50

3. Use a number–1 Phillips screwdriver to install the screws that secure the mounting brackets to the
chassis.

4. If you are using wall anchors to support the chassis, install two pairs of anchors on the wall with mounting
brackets attached.

5. Have one person grasp the sides of the device, lift it, and position it on the wall.

6. Have a second person install two pairs of mounting screws through the bracket holes on either side of
the device to secure it to the wall.

7. Verify that the mounting screws on one side are aligned with the mounting screws on the opposite
side and that the device is level (see Figure 12 on page 51).

Figure 12: Hanging the SRX100 Services Gateway on a Wall

51

RELATED DOCUMENTATION

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45

SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125

Installing the SRX100 Services Gateway on a Desk | 48

Installing the SRX100 Services Gateway in a Rack | 46
Connecting the SRX100 Services Gateway to the Power Supply | 60

CHAPTER 11

Grounding the SRX100 Services Gateway

IN THIS CHAPTER

Grounding the SRX100 Services Gateway | 52

Grounding the SRX100 Services Gateway

To meet safety and electromagnetic interference (EMI) requirements and to ensure proper operation, the
SRX100 Services Gateway must be adequately grounded before power is connected.

52

Figure 13 on page 52 illustrates how a grounding cable connects to the services gateway.

Figure 13: Grounding the SRX100 Services Gateway

You ground the device by connecting a grounding cable to earth ground and then attaching it to the chassis
grounding points using one M3 screw.

CAUTION: Before device installation begins, a licensed electrician must attach a cable

lug to the grounding and power cables that you use. A cable with an incorrectly attached
lug can damage the device (for example, by causing a short circuit).

Table 24 on page 53 lists the grounding components of the SRX100 Services Gateway.

Table 24: SRX100 Services Gateway Grounding Components

ComponentNumber

Grounding point on the chassis1

Grounding lug2

Grounding screw (M3 screw)3

Table 25 on page 53 lists the specifications of the grounding cable used with the device.

Table 25: Grounding Cable Specifications for the Services Gateway

SpecificationGrounding Requirement

14 AWG single-strand wire cableGrounding cable

53

Up to 4 AAmperage of grounding cable

Ring-type, vinyl-insulated TV14-6R lug or equivalentGrounding lug

To ground the device:

1. Connect the grounding cable to a proper earth ground.

2. Verify that a licensed electrician has attached the cable lug to the grounding cable.

3. Place the grounding cable lug over the grounding point on the middle rear of the chassis.

4. Secure the grounding cable lug to the grounding point with the screw as shown in Figure 13 on page 52.

5. Dress the grounding cable and verify that it does not touch or block access to the services gateway
components and that it does not drape where people could trip on it.

NOTE: The device should be permanently connected to ground during operation.

RELATED DOCUMENTATION

Connecting the SRX100 Services Gateway to the Power Supply | 60

Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55

SRX100 Services Gateway General Safety Guidelines and Warnings | 119

Powering On and Powering Off the SRX100 Services Gateway | 61

Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106

54

CHAPTER 12

Connecting the SRX100 Services Gateway to External Devices

IN THIS CHAPTER

Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55

Connecting the Modem at the SRX100 Services Gateway End | 56

Connecting the Modem to the Console Port on the SRX100 Services Gateway | 57

Connecting to the CLI at the User End for the SRX100 Services Gateway | 58

55

Connecting and Organizing Interface Cables to the SRX100 Services Gateway

You can connect the interfaces installed in the services gateway to various network media. Each type of
interface on the services gateway uses a particular medium to transmit data. You must configure each
network interface before it can operate on the device.

To connect and organize an interface cable for the device:

1. Have ready a length of the type of cable used by the interface.

2. Insert the cable connector into the cable connector port on the interface faceplate.

3. Arrange network cables as follows to prevent them from dislodging or developing stress points:

Secure cables so that they are not supporting their own weight as they hang to the floor.

•

Place excess cable out of the way in neatly coiled loops.

•

Use fasteners to maintain the shape of cable loops.

•

RELATED DOCUMENTATION

Connecting the SRX100 Services Gateway to the Power Supply | 60

Grounding the SRX100 Services Gateway | 52

Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
SRX100 Services Gateway Installation Safety Guidelines and Warnings | 129

Connecting the Modem at the SRX100 Services Gateway End

NOTE: These instructions use Hayes-compatible modem commands to configure the modem.

If your modem is not Hayes-compatible, refer to the documentation for your modem and enter
the equivalent modem commands.

To configure the modem on the services gateway end:

1. Connect the modem to a PC or laptop computer.

56

2. Power on the modem.

3. From the PC or laptop computer, start your asynchronous terminal emulation application (such as
Microsoft Windows HyperTerminal), and select the COM port to which the modem is connected (for
example, COM1).

4. Configure the port settings as shown in Table 26 on page 56.

Table 26: Port Settings for Configuring the Modem on the Services Gateway End

ValuePort Setting

9600Bits per second

8Data bits

NoneParity

1Stop bits

NoneFlow control

5. In the HyperTerminal window, enter AT.

An OK response verifies that the modem can communicate successfully with the COM port on the PC
or laptop.

For more information on the AT commands, see Administration Guide for Security Devices.

6. Configure the modem to answer a call on the first ring by entering ATS0=1.

7. Configure the modem to accept modem control DTR signals by entering AT&D1.

8. Disable flow control by entering AT&K0.

9. Save modem settings by entering AT&W.

RELATED DOCUMENTATION

Connecting the Modem to the Console Port on the SRX100 Services Gateway | 57

57

Connecting to the CLI at the User End for the SRX100 Services Gateway | 58

Connecting the Modem to the Console Port on the SRX100 Services Gateway

To connect the dial-up modem to the console port on the services gateway:

1. Turn off power to the services gateway.

2. Turn off power to the modem.

3. Plug one end of the Ethernet cable supplied with your services gateway into the console port on the
services gateway.

4. Plug the other end of the CAT-5e cable (Ethernet cable) into the RJ-45 to DB-9 serial port adapter
supplied with your services gateway.

5. Connect the serial port adapter to a separately purchased DB-9 female to DB-25 male adapter or other
adapter appropriate for your modem.

6. Plug the modem adapter into the DB-25 connector on the modem.

7. Connect the modem to your telephone network.

8. Turn on the power to the modem.

9. Power on the services gateway by pressing the Power button on the front panel. Verify that the Power
LED on the front panel turns green.

NOTE: Most modems have an RS-232 DB-25 connector. You must separately purchase an

adapter to connect your modem to the RJ-45 to DB-9 adapter and the Ethernet cable supplied
with the services gateway.

RELATED DOCUMENTATION

58

Connecting the Modem at the SRX100 Services Gateway End | 56
Connecting to the CLI at the User End for the SRX100 Services Gateway | 58

Connecting to the CLI at the User End for the SRX100 Services Gateway

To remotely connect to the CLI through a dial-up modem connected to the console port on the services
gateway:

1. Connect a modem at your remote location to a management device such as a PC or laptop computer.

2. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal)
on the PC or laptop computer.

3. Select the COM port to which the modem is connected (for example, COM1).

4. Configure the port settings shown in Table 27 on page 58.

Table 27: Port Settings for Connecting to the CLI at User End

ValuePort Setting

9600Bits per second

8Data bits

Table 27: Port Settings for Connecting to the CLI at User End (continued)

ValuePort Setting

NoneParity

1Stop bits

NoneFlow control

5. In the HyperTerminal window, enter AT.

An OK response verifies that the modem can communicate successfully with the COM port on the PC
or laptop.

For more information on the AT commands, see Administration Guide for Security Devices.

6. Dial the modem that is connected to the console port on the services gateway by entering ATDT
remote-modem-number. For example, if the number of the modem connected to the console port on
the services gateway is 0013033033030, enter ATDT 0013033033030.

59

The services gateway login prompt appears.

7. Log in as the user root. No password is required at initial connection, but you must assign a root
password before committing any configuration settings.

RELATED DOCUMENTATION

Connecting the Modem at the SRX100 Services Gateway End | 56
Connecting the Modem to the Console Port on the SRX100 Services Gateway | 57

CHAPTER 13

Providing Power to the SRX100 Services Gateway

IN THIS CHAPTER

Connecting the SRX100 Services Gateway to the Power Supply | 60

Powering On and Powering Off the SRX100 Services Gateway | 61

Connecting the SRX100 Services Gateway to the Power Supply

60

To connect the device to the power supply:

CAUTION: Before connecting the device to the power supply, attach an ESD strap to

an ESD point and place the other end of the strap around your bare wrist.

1. Plug the DC connector end of the power cable into the power connector on the back of the device
(see Figure 14 on page 60).

2. Plug the AC adapter end of the power cable into an AC power outlet.

Figure 14: Connecting the Services Gateway to the Power Supply

NOTE: The device must be connected to earth ground during normal operation. The protective

earthing terminal on the rear of the chassis is provided to connect the device to ground.

CAUTION: We recommend using a surge protector for the power connection.

NOTE: Use the cable tie holder to secure the power cord on to the power supply point.

NOTE: We strongly recommend that you use only the 3-prong power cord supplied with your

services gateway. If you are using a 2-prong power cord, then ensure that your device is
adequately grounded using the grounding point available on the back panel of the chassis.

61

RELATED DOCUMENTATION

Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37

Grounding the SRX100 Services Gateway | 52

Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55
SRX100 Services Gateway General Safety Guidelines and Warnings | 119

Powering On and Powering Off the SRX100 Services Gateway

This topic describes the following procedures:

Powering On the SRX100 Services Gateway | 61

Powering Off the SRX100 Services Gateway | 62

Powering On the SRX100 Services Gateway

To power on the services gateway:

1. Ensure that you have connected the power supply to the device.

2. Insert the plug of the power supply adapter into an AC power source receptacle.

3. Turn on the power to the AC power receptacle.

The device starts automatically as the power supply completes its startup sequence. The Power LED lights
during startup and remains on when the device is operating normally.

NOTE: After the power supply is turned on, it can take up to 60 seconds for status

indicators—such as the Status and Power LEDs—to show that the power supply is functioning
normally. Ignore error indicators that appear during the first 60 seconds.

NOTE: If the system is completely powered off when you turn on the power supply, the device

starts as the power supply completes its startup sequence. If the device finishes starting and
you need to power off the system again, first issue the CLI request system power-off command.

62

SEE ALSO

SRX100 Services Gateway LEDs | 6

Grounding the SRX100 Services Gateway | 52

Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106

Powering Off the SRX100 Services Gateway

You can power off the services gateway in one of the following ways:

Graceful shutdown—Press and immediately release the Power button. The device begins gracefully

•

shutting down the operating system and then powers itself off.

WARNING: Use the graceful shutdown method to power off or reboot the services

gateway.

Forced shutdown—Press the Power button and hold it for ten seconds. The device immediately powers

•

itself off without shutting down the operating system.

WARNING: Use the forced shutdown method as a last resort to recover the services

gateway if the services gateway operating system is not responding to the graceful
shutdown method.

For more information on power button, see “SRX100 Services Gateway LEDs” on page 6.

WARNING: Do not press the Power button while the device is shutting down.

CAUTION: Forced shutdown can result in data loss and corruption of the file system.

63

NOTE: To remove power completely from the device, unplug the power cord or switch off the

AC power source.

After powering off a power supply, wait at least 10 seconds before turning it back on. After
powering on a power supply, wait at least 10 seconds before turning it off.

The power button on the services gateway is a standby power switch, which will not turn off
the input power to the services gateway.

TIP: When you are powering off the device, the CLI displays the following message: Turning

the system power off. You can now safely remove the power cable to completely power off the

device.

NOTE: You can use the request system reboot CLI command to schedule a reboot to the services

gateway using request system reboot.

For more information about halting, powering off, or rebooting the services gateway using the CLI, see
the following topics:

Initial Configuration for Security Devices

•

Monitoring and Troubleshooting for Security Devices

•

SEE ALSO

SRX100 Services Gateway LEDs | 6

Grounding the SRX100 Services Gateway | 52

Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106

RELATED DOCUMENTATION

Connecting the SRX100 Services Gateway to the Power Supply | 60

Grounding the SRX100 Services Gateway | 52

Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106

64

CHAPTER 14

Performing Initial Configuration

IN THIS CHAPTER

SRX100 Services Gateway Software Configuration Overview | 65

Connecting to the SRX100 Services Gateway Setup Wizard | 69

SRX100 Services Gateway Secure Web Access Overview | 70

Connecting an SRX100 Services Gateway to the CLI Locally | 71

Connecting an SRX100 Services Gateway to the CLI Remotely | 74

Viewing Factory-Default Settings of the SRX100 Services Gateway | 74

Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83

65

Performing Initial Software Configuration on the SRX100 Services Gateway Using the J-Web Interface | 87

Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version | 92

SRX100 Services Gateway Software Configuration Overview

IN THIS SECTION

Preparing the SRX100 Services Gateway for Configuration | 66

Understanding the Factory Default Configuration | 66

Understanding Built-In Ethernet Ports and Initial Configuration | 67

Mapping the Chassis Cluster Ports | 67

Understanding Management Access | 68

This topic includes the following sections:

Preparing the SRX100 Services Gateway for Configuration

The Juniper Networks Junos operating system (Junos OS) is preinstalled on the SRX100 Services Gateway.
When the services gateway is powered on, it is ready to be configured.

You can perform the initial software configuration of the services gateway by using either the browser-based
setup wizard or the command-line interface (CLI).

Before configuring the device, gather the configuration information required to deploy the device in your
network. At minimum, the setup wizard requires the following information:

Device name to be used on the network

•

Password for the root user

•

Time information for the services gateway location:

•

Local time zone

•

Name or IP address of a Network Time Protocol (NTP) server, if NTP is used to set the time on the

•

services gateway

66

Local date and time if an NTP server is not used to set the time

•

Understanding the Factory Default Configuration

Your services gateway comes configured with a default factory configuration. This configuration sets up
the following network topology:

Interface fe-0/0/0 (port 0/0) is configured for Internet access. A DHCP client running on the interface

•

enables the interface to receive its network settings—IP address, default gateway, and DNS servers—from
an Internet service provider (ISP).

Interfaces fe-0/0/1 through fe-0/0/7 (port 0/1 through port 0/7) are configured as switched interfaces

•

in a common VLAN on which the IP address 192.168.1.1/24 is configured.

A DHCP server is active on interfaces fe-0/0/1 through fe-0/0/7. The DHCP server assigns IP addresses

•

in the 192.168.1.0/24 network to connected devices.

The default configuration also includes the following security configuration:

Two security zones are created: trust and untrust.

•

Interface fe-0/0/0 is in the untrust zone, while interfaces fe-0/01 through fe-0/0/7 are in the trust

•

zone.

A security policy is created that permits outbound traffic from the trust zone to the untrust zone. Inbound

•

traffic originating in the untrust zone is blocked.

Source Network Address Translation (NAT) is configured on the trust zone.

•

Understanding Built-In Ethernet Ports and Initial Configuration

During the initial configuration of the services gateway, how you use the built-in Ethernet ports (ports 0/0
through 0/7) depends on the initial configuration you are performing:

Configuration using autoinstallation—Use built-in Ethernet port 0/0 to connect to the DHCP server. A

•

DHCP client is configured on this interface, allowing the services gateway to receive its IP address from
the DHCP server.

Configuration using the setup wizard—Use the following built-in Ethernet ports:

•

Port 0/1—Connect your management device to this port. A DHCP server running on this interface

•

automatically assigns your management device an IP address in the same subnetwork as the interface,
allowing your management device to communicate with the services gateway through this interface.

Port 0/0—Connect your services gateway to the Internet on this port if you plan to download purchased

•

software licenses through the setup wizard. A DHCP client running on this interface allows it to receive
its network settings from the ISP.

67

NOTE: Downloading of purchased licenses from the setup wizard is available only in Junos

OS Release 11.2R3 or later.

Configuration of a chassis cluster—Perform the initial configuration of the chassis cluster using a console

•

connection. Before you perform the initial configuration, connect the built-in Ethernet ports as follows:

Port 0/6—Connect to the out-of-band management network for management of the device. When

•

you enable chassis clustering as part of configuring the chassis cluster, the management interface
(fxp0) is automatically created on this port.

Port 0/7—Connect to the other device in the chassis cluster. When you enable chassis clustering, the

•

control interface between the two devices (fxp1) is automatically created on this port.

You must also make another connection between the two devices for the fabric link. You can use any
available Fast Ethernet port for this connection. You must configure the interface you choose as the
fabric link. For more information on configuring chassis clusters, see the Security Basics.

Mapping the Chassis Cluster Ports

On the SRX100 Services Gateway, the fxp1 port is not user configurable when the services gateway is
operating in chassis cluster mode.

The fxp0 port is dedicated as the out-of-band management interface for each of the devices in the chassis
cluster setup and the fxp1 port is dedicated as the chassis-cluster control port.

Table 28 on page 68 shows the mapping of the chassis cluster ports.

Table 28: Mapping the Chassis Cluster Ports on an SRX100 Services Gateway

Management InterfaceFE Ports on SRX100 Services Gateway

fxp0 (management port)fe-0/0/6

fxp1 (control port)fe-0/0/7

The Junos OS automatically creates the fxp0 and fxp1 interfaces on these ports when the SRX100 Services
Gateway is operating in chassis cluster mode.

For more information, see the following guides:

Interfaces for Security Devices

•

Security Basics

•

Understanding Management Access

68

Telnet allows you to connect to the services gateway and access the CLI to execute commands from a
remote system. The Telnet CLI connections are not encrypted and therefore can be intercepted.

NOTE: Telnet access to the root user is prohibited. You must use more secure methods, such

as SSH, to log in as root.

SSH provides the following features:

Allows you to connect to the device and access the CLI to execute commands from a remote system

•

Encrypts traffic so that it cannot be intercepted (unlike Telnet)

•

Can be configured so that connections are authenticated by a digital certificate

•

Uses public–private key technology for both connection and authentication

•

The SSH client software must be installed on the machine where the client application runs. If the SSH
private key is encrypted (for greater security), the SSH client must be able to access the passphrase used
to decrypt the key.

For information about obtaining SSH software, see http://www.ssh.com and http://www.openssh.com.

If you are using a Junos XML management protocol server to configure and monitor devices, you can
activate cleartext access on the device to allow unencrypted text to be sent directly over a Transmission
Line Protocol (TCP) connection without using any additional protocol (such as SSH, SSL, or Telnet). For
more information about the Junos XML management protocol application programming interface (API),
see the NETCONF XML Management Protocol Guide.

NOTE: Information sent in cleartext is not encrypted and therefore can be intercepted.

g031007

If the device is operating in a Common Criteria environment, see the Configuration Guides for Junos OS

Public Sector Certifications.

RELATED DOCUMENTATION

Connecting to the SRX100 Services Gateway Setup Wizard | 69

Connecting the SRX100 Services Gateway to the CLI

Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83
SRX100 Services Gateway Secure Web Access Overview | 70

69

Connecting to the SRX100 Services Gateway Setup Wizard

If you plan to use the setup wizard to perform the initial configuration of the services gateway, you must
connect your management device (such as a laptop or desktop computer) to one of the built-in Ethernet
ports 0/1 through 0/7 on the services gateway as shown in Figure 15 on page 69. Do not use built-in
Ethernet port 0/0.

Figure 15: Connecting to the Ethernet Port on an SRX100 Services Gateway

To enable communication between the management device and the services gateway, ports 0/1 through
0/7 are preconfigured with the IP address 192.168.1.1 and use DHCP to assign an IP address in the

192.168.1.0/24 network to any connected device.

To connect a management device to the built-in Ethernet ports:

1. Ensure that the IP address for the Ethernet port on the management device is configured in one of the
following ways:

The IP address is assigned by DHCP.

•

The IP address is on the 192.168.1.0/24 subnetwork (but is not 192.168.1.1).

•

2. Turn off the management device.

3. Plug one end of the CAT-5e (Ethernet cable) into the Ethernet port on the management device.

4. Connect the other end of the Ethernet cable to a built-in Fast Ethernet port (any of ports 0/1 through
0/7) on the services gateway. If the services gateway has not already been powered on, power it on
now.

70

5.

Wait until the Status LED on the front panel of the services gateway turns solid green.

6. Turn on the power to the management device. The services gateway assigns an IP address to the
management device within the 192.168.1.0/24 subnetwork if the management device is configured
to use DHCP.

7. To access the setup wizard, open a Web browser on the management device and enter the IP address

192.168.1.1 in the address field.

RELATED DOCUMENTATION

Connecting the SRX100 Services Gateway to the CLI

SRX100 Services Gateway Software Configuration Overview | 65
SRX100 Services Gateway Secure Web Access Overview | 70

SRX100 Services Gateway Secure Web Access Overview

You can manage a services gateway remotely through the J-Web interface. To communicate with the
services gateway, the J-Web interface uses Hypertext Transfer Protocol (HTTP). HTTP allows easy Web

access but no encryption. The data that is transmitted between the Web browser and the services gateway
by means of HTTP is vulnerable to interception and attack. To enable secure Web access, the services
gateway supports HTTP over Secure Sockets Layer (HTTPS). You can enable HTTP or HTTPS access on
specific interfaces and ports as needed.

The services gateway uses the SSL protocol to provide secure management of services gateways through
the J-Web. SSL uses public-private key technology that requires a paired private key and an authentication
certificate for providing the SSL service. SSL encrypts communication between your device and the Web
browser with a session key negotiated by the SSL server certificate.

An SSL certificate includes identifying information such as a public key and a signature made by a certificate
authority (CA). When you access the services gateway through HTTPS, an SSL handshake authenticates
the server and the client and begins a secure session. If the information does not match or if the certificate
has expired, your access to the services gateway through HTTPS is restricted.

Without SSL encryption, communication between your services gateway and the browser is sent in the
open and can be intercepted. We recommend that you enable HTTPS access on your WAN interfaces.

71

RELATED DOCUMENTATION

SRX100 Services Gateway Software Configuration Overview | 65

Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83
Performing Initial Software Configuration on the SRX100 Services Gateway Using the J-Web

Interface | 87

Connecting an SRX100 Services Gateway to the CLI Locally

If you plan to use the CLI to configure the SRX100 Services Gateway, you must connect through the
console port, as shown in Figure 16 on page 72.

Figure 16: Connecting to the Console Port on an SRX100 Services Gateway

72

NOTE: Figure 16 on page 72 shows a connection to a local management device. A remote

connection to the services gateway through a modem requires the cable and connector shown
(provided in the services gateway accessory box), plus a DB-9 plug to DB-25 plug (or similar)
adapter for your modem, which you must purchase separately.

To connect to the CLI using a local management device through the console port on the services gateway:

1. Turn off power to the services gateway.

2. Turn off power to the management device, such as a PC or laptop computer, that you are using to
access the CLI.

3. Plug one end of the Ethernet cable supplied with your services gateway into the RJ-45 to DB-9 serial
port adapter supplied with your services gateway (see Figure 16 on page 72).

4. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device (see

Figure 16 on page 72).

5. Connect the other end of the Ethernet cable to the console port on the services gateway (see

Figure 16 on page 72).

6. Turn on the power to the management device.

7. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal)
and select the appropriate COM port to use (for example, COM1).

8. Configure the port settings shown in Table 29 on page 73.

Table 29: Console Port Settings for the SRX100 Services Gateway

ValuePort Settings

9600Bits per second

8Data bits

NoneParity

1Stop bits

NoneFlow control

73

9. Power on the services gateway by pressing the Power button on the front panel. Verify that the Power
LED on the front panel turns green.

The terminal emulation screen on your management device displays the startup sequence. When the
services gateway has finished starting up, a login prompt appears.

10. Log in as the user root. No password is required at initial connection, but you must assign a root
password before committing any configuration settings.

RELATED DOCUMENTATION

SRX100 Services Gateway Basic Connectivity Overview

Connecting to the SRX100 Services Gateway Setup Wizard | 69

Connecting an SRX100 Services Gateway to the CLI Remotely | 74

Displaying Basic Connectivity Configurations for the SRX100 Services Gateway

Connecting the Modem at the SRX100 Services Gateway End | 56

Connecting an SRX100 Services Gateway to the CLI Remotely

You can connect an SRX100 Services Gateway to the CLI from a remote location through two dial-up
modems:

A modem that is connected to the console port on the services gateway

•

A second modem connected to a remote management device

•

The modem connection allows you to remotely perform the same console operations you can perform
locally.

RELATED DOCUMENTATION

SRX100 Services Gateway Basic Connectivity Overview

Connecting to the SRX100 Services Gateway Setup Wizard | 69

74

Connecting an SRX100 Services Gateway to the CLI Locally | 71

Displaying Basic Connectivity Configurations for the SRX100 Services Gateway

Connecting the Modem at the SRX100 Services Gateway End | 56

Viewing Factory-Default Settings of the SRX100 Services Gateway

To view the factory-default configuration of the services gateway using the CLI:

1. Verify that the services gateway is powered on.

2. Log in as the root user and provide your credentials.

3. In shell mode, navigate to the /etc/config folder.

% cd /etc/config

4. View the list of default config files.

% ls

The following sample output displays the list of factory-default configuration files:

j-series-defaults.conf srx210h-defaults.conf
jsrxsme-series-defaults.conf srx210h-factory.conf

jsrxsme-series-factory.conf srx210h-poe-defaults.conf
junos-defaults.conf srx210h-poe-factory.conf
junos-factory.conf srx210he-defaults.conf
junos-fips-defaults.conf srx210he-factory.conf
ptx-series-defaults.conf srx210he-poe-defaults.conf
srx100-8xfe-factory.conf srx210he-poe-factory.conf
srx100b-defaults.conf srx210he2-defaults.conf
srx100b-factory.conf srx210he2-factory.conf
srx100h-defaults.conf srx210he2-poe-defaults.conf
srx100h-factory.conf srx210he2-poe-factory.conf
srx100h2-defaults.conf srx220-8xge-factory.conf
srx100h2-factory.conf srx220-poe-8xge-factory.conf
srx110-8xfe-vdsl-factory.conf srx220h-defaults.conf
srx110-8xfe-vdsl-wl-factory.conf srx220h-factory.conf
srx110-8xfe-wl-factory.conf srx220h-poe-defaults.conf
srx110b-defaults.conf srx220h-poe-factory.conf
srx110b-va-defaults.conf srx220h2-defaults.conf
srx110b-va-factory.conf srx220h2-factory.conf
srx110b-vb-defaults.conf srx220h2-poe-defaults.conf
srx110b-vb-factory.conf srx220h2-poe-factory.conf
srx110b-wl-defaults.conf srx240-16xge-factory.conf
srx110b-wl-factory.conf srx240-poe-16xge-factory.conf
srx110h-defaults.conf srx240b-factory.conf
srx110h-va-defaults.conf srx240b2-factory.conf
srx110h-va-factory.conf srx240h-dc-defaults.conf
srx110h-va-wl-defaults.conf srx240h-dc-factory.conf
srx110h-va-wl-factory.conf srx240h-defaults.conf
srx110h-vb-defaults.conf srx240h-factory.conf
srx110h-vb-factory.conf srx240h-poe-defaults.conf
srx110h-vb-wl-defaults.conf srx240h-poe-factory.conf
srx110h-vb-wl-factory.conf srx240h2-dc-defaults.conf
srx110h-wl-defaults.conf srx240h2-dc-factory.conf
srx110h-wl-factory.conf srx240h2-defaults.conf
srx110h2-va-defaults.conf srx240h2-factory.conf
srx110h2-va-factory.conf srx240h2-poe-defaults.conf
srx110h2-vb-defaults.conf srx240h2-poe-factory.conf
srx110h2-vb-factory.conf srx550-6xge-factory.conf
srx210-2xge-6xfe-factory.conf srx550-defaults.conf
srx210-poe-2xge-6xfe-factory.conf srx550-factory.conf
srx210b-defaults.conf srx650-4xge-factory.conf
srx210b-factory.conf srx650-defaults.conf
srx210be-defaults.conf srx650-factory.conf
srx210be-factory.conf

75

5. View the required default config file.

% vi config file name

For example, enter the following command to view the default configuration file for the SRX240 Services
Gateway.

% vi srx240-poe-16xge-factory.conf

The following sample output displays the factory-default configuration on an SRX240 Services Gateway:

##
## $Id: $
##
## Copyright (c) 2009, Juniper Networks, Inc.
## All rights reserved.
##
system {
autoinstallation {
delete-upon-commit;
traceoptions {
level verbose;
flag {
all;
}
}
interfaces {
ge-0/0/0 {
bootp;
}
}
}
services {
ssh;
telnet;
dhcp {
router {

192.168.1.1;
}
pool 192.168.1.0/24 {
address-range low 192.168.1.2 high 192.168.1.254;
}
propagate-settings ge-0/0/0.0;
}
web-management {
http {
interface [ vlan.0 ];
}

76

https {
system-generated-certificate;
interface [ vlan.0 ];
}
}
xnm-clear-text;
}
name-server {

208.67.222.222;

208.67.220.220;
}
syslog {
archive size 100k files 3;
}
}

interfaces {
ge-0/0/0 {
unit 0;
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

77

}
}

ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {

vlan {
members vlan-trust;
}
}

}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

78

}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/8 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/9 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

79

}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/11 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/12 {

unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/13 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
ge-0/0/14 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

80

}
}
ge-0/0/15 {
unit 0 {
family ethernet-switching {
vlan {
members vlan-trust;
}
}

}
}
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
}

}
}
}

poe {
interface all;
}

security {
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}

81

land;
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
vlan.0;
}
}
security-zone untrust {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
}
}
}
}
screen untrust-screen;
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}

82

}
}
}
vlans {
vlan-trust {
vlan-id 3;
l3-interface vlan.0;
}
}
protocols {
stp;
}

RELATED DOCUMENTATION

83

SRX100 Services Gateway Autoinstallation Overview | 38
Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83

Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI

This procedure connects the device to the network but does not enable it to forward traffic. For complete
information about enabling the device to forward traffic, including examples, see Security Basics.

To configure the software:

1. Verify that the device is powered on.

2. Log in as the root user. There is no password.

3. Start the CLI.

root# cli
root@>

4. Enter configuration mode.

configure

[edit]
root@#

5. Set the root authentication password by entering a cleartext password, an encrypted password, or an
SSH public key string (DSA or RSA).

[edit]
root@# set system root-authentication plain-text-password
New password: password
Retype new password: password

6. Configure an administrator account on the device.

84

[edit]
root@# set system login user admin class super-user authentication plain-text-password

7. Commit the configuration to activate it on the device.

[edit]
root@# commit

8. Log in as the administrative user you configured in Step 6.

9. Configure the name of the device. If the name includes spaces, enclose the name in quotation marks
(“ ”).

configure

[edit]
admin@# set system host-name host-name

10. Configure the traffic interface.

[edit]
admin@# set interfaces fe-0/0/1 unit 0 family inet address address/prefix-length

11. Configure the default route.

[edit]
admin@# set routing-options static route 0.0.0.0/0 next-hop gateway

12. Configure basic security zones and bind them to traffic interfaces.

[edit]
admin@# set security zones security-zone untrust interfaces fe-0/0/1

13. Configure basic security policies.

[edit]
admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any

destination-address any application any

root@# set security policies from-zone trust to-zone untrust policy policy-name then permit

85

14. Create a NAT rule for source translation of all Internet bound traffic.

[edit]
admin@# set security nat source rule-set interface-nat from zone trust
admin@# set security nat source rule-set interface-nat to zone untrust
admin@# set security nat source rule-set interface-nat rule rule1 match source-address 0.0.0.0/0

destination-address 0.0.0.0/0

admin@# set security nat source rule-set interface-nat rule rule1 then source-nat interface

15. Check the configuration for validity.

[edit]
admin@# commit check
configuration check succeeds

16. Commit the configuration to activate it on the device.

[edit]
admin@# commit
commit complete

17. Optionally, display the configuration to verify that it is correct.