Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
SRX100 Services Gateway Hardware Guide for B and H Model Numbers
The information in this document is current as of the date on the title page.
ii
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.
Table of Contents
1
About the Documentation | ix
Documentation and Release Notes | ix
Using the Examples in This Manual | ix
Merging a Full Example | x
Merging a Snippet | xi
Documentation Conventions | xi
Documentation Feedback | xiv
Requesting Technical Support | xiv
Self-Help Online Tools and Resources | xv
Creating a Service Request with JTAC | xv
iii
Overview
System Overview | 2
SRX100 Services Gateway Description | 2
About the SRX100 Services Gateway | 2
SRX100 Services Gateway Models | 3
Accessing the SRX100 Services Gateway | 3
SRX100 Services Gateway Features and Functions | 4
Preparing the SRX100 Services Gateway for Configuration | 66
Understanding the Factory Default Configuration | 66
Understanding Built-In Ethernet Ports and Initial Configuration | 67
Mapping the Chassis Cluster Ports | 67
Understanding Management Access | 68
Connecting to the SRX100 Services Gateway Setup Wizard | 69
SRX100 Services Gateway Secure Web Access Overview | 70
Connecting an SRX100 Services Gateway to the CLI Locally | 71
Connecting an SRX100 Services Gateway to the CLI Remotely | 74
4
5
Viewing Factory-Default Settings of the SRX100 Services Gateway | 74
Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83
Performing Initial Software Configuration on the SRX100 Services Gateway Using the J-Web
Interface | 87
Establishing Basic Connectivity | 88
Configuring Basic System Properties | 89
Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version | 92
Maintaining and Troubleshooting Components
Maintaining Components | 95
Maintaining the SRX100 Services Gateway Hardware Components | 95
Troubleshooting Components | 97
vi
Monitoring the SRX100 Services Gateway Chassis Using the CLI | 97
Monitoring the SRX100 Services Gateway Components Using LEDs | 100
Monitoring the SRX100 Services Gateway Using Chassis Alarm Conditions | 102
Monitoring the SRX100 Services Gateway Power System | 103
Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106
Juniper Networks Technical Assistance Center | 107
Replacing Components
Contacting Customer Support and Returning Components | 109
Contacting Customer Support | 109
Return Procedure for the SRX100 Services Gateway | 110
Information You Might Need to Supply to Juniper Networks Technical Assistance Center | 111
Locating the SRX100 Services Gateway Component Serial Number and Agency Labels | 111
Packing the SRX100 Services Gateway and Components for Shipment | 113
Safety and Regulatory Compliance Information
6
General Safety Guidelines and Warnings | 116
SRX100 Services Gateway Definition of Safety Warning Levels | 116
SRX100 Services Gateway General Safety Guidelines and Warnings | 119
General Safety Guidelines and Warnings | 119
Qualified Personnel Warning | 121
Restricted Access Area Warning | 122
Preventing Electrostatic Discharge Damage to the Services Gateway | 124
SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125
Fire Safety Requirements | 127
SRX100 Services Gateway Fire Safety Requirements | 127
Installation Safety Guidelines and Warnings | 129
vii
SRX100 Services Gateway Installation Safety Guidelines and Warnings | 129
Laser and LED Safety Guidelines and Warnings | 136
SRX100 Services Gateway Laser and LED Safety Guidelines and Warnings | 136
Laser and LED Safety Guidelines and Warnings | 136
General Laser Safety Guidelines | 136
Class 1 Laser Product Warning | 137
Class 1 LED Product Warning | 137
Laser Beam Warning | 138
Radiation from Open Port Apertures Warning | 139
Maintenance and Operational Safety Guidelines and Warnings | 141
SRX100 Services Gateway Maintenance and Operational Safety Guidelines and Warnings | 141
Safety Guidelines and Warnings | 142
Battery Handling Warning | 142
Jewelry Removal Warning | 143
Lightning Activity Warning | 145
Operating Temperature Warning | 146
Product Disposal Warning | 148
Electrical Safety Guidelines and Warnings | 150
SRX100 Services Gateway Electrical Safety Guidelines and Warnings | 150
Electrical Safety Guidelines and Warnings | 150
In Case of Electrical Accident | 150
General Electrical Safety Guidelines and Warnings | 150
Agency Approvals and Regulatory Compliance Information | 152
SRX100 Services Gateway Agency Approvals | 152
SRX100 Services Gateway Compliance Statements for EMC Requirements | 153
Canada | 154
European Community | 154
Japan | 154
Korean | 154
United States | 154
viii
SRX100 Services Gateway Compliance Statements for Environmental Requirements | 155
About the Documentation
IN THIS SECTION
Documentation and Release Notes | ix
Using the Examples in This Manual | ix
Documentation Conventions | xi
Documentation Feedback | xiv
Requesting Technical Support | xiv
Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX100 Services Gateway (B and H model numbers). After completing the
installation and basic configuration procedures covered in this guide, refer to the Junos OS documentation
for information about further software configuration.
ix
Documentation and Release Notes
To obtain the most current version of all Juniper Networks®technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
x
2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:
[edit]
user@host# edit system scripts
[edit system scripts]
xi
3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see CLI Explorer.
Documentation Conventions
Table 1 on page xii defines notice icons used in this guide.
Table 1: Notice Icons
xii
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Caution
Indicates a situation that might result in loss of data or hardware
damage.
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page xii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
Fixed-width text like this
Italic text like this
Represents text that you type.Bold text like this
Represents output that appears on
the terminal screen.
Introduces or emphasizes important
•
new terms.
Identifies guide names.
•
Identifies RFC and Internet draft
•
titles.
To enter configuration mode, type
the configure command:
user@host> configure
user@host> show chassis alarms
No alarms currently active
A policy term is a named structure
•
that defines match conditions and
actions.
Junos OS CLI User Guide
•
RFC 1997, BGP Communities
•
Attribute
Table 2: Text and Syntax Conventions (continued)
xiii
ExamplesDescriptionConvention
Italic text like this
Text like this
< > (angle brackets)
| (pipe symbol)
Represents variables (options for
which you substitute a value) in
commands or configuration
statements.
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.
variables.
Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.
Configure the machine’s domain
name:
[edit]
root@# set system domain-name
domain-name
To configure a stub area, include
•
the stub statement at the [edit
protocols ospf area area-id]
hierarchy level.
The console port is labeled
•
CONSOLE.
stub <default-metric metric>;Encloses optional keywords or
broadcast | multicast
(string1 | string2 | string3)
# (pound sign)
[ ] (square brackets)
Indention and braces ( { } )
; (semicolon)
GUI Conventions
Indicates a comment specified on the
same line as the configuration
statement to which it applies.
Encloses a variable for which you can
substitute one or more values.
Identifies a level in the configuration
hierarchy.
Identifies a leaf statement at a
configuration hierarchy level.
rsvp { # Required for dynamic MPLS
only
community name members [
community-ids ]
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
Table 2: Text and Syntax Conventions (continued)
xiv
ExamplesDescriptionConvention
Bold text like this
> (bold right angle bracket)
Represents graphical user interface
(GUI) items you click or select.
Separates levels in a hierarchy of
menu selections.
In the Logical Interfaces box, select
•
All Interfaces.
To cancel the configuration, click
•
Cancel.
In the configuration editor hierarchy,
select Protocols>Ospf.
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:
Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper
•
Networks TechLibrary site, and do one of the following:
Click the thumbs-up icon if the information on the page was helpful to you.
•
Click the thumbs-down icon if the information on the page was not helpful to you or if you have
•
suggestions for improvement, and use the pop-up form to provide feedback.
E-mail—Send your comments to techpubs-comments@juniper.net. Include the document or topic name,
•
URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.
JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User
•
Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,
•
365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:
SRX100 Services Gateway Features and Functions | 4
SRX100 Services Gateway Description
2
IN THIS SECTION
About the SRX100 Services Gateway | 2
SRX100 Services Gateway Models | 3
Accessing the SRX100 Services Gateway | 3
This topic includes the following sections:
About the SRX100 Services Gateway
The Juniper Networks SRX100 Services Gateway offers features that provide complete functionality and
flexibility for delivering secure Internet and intranet access. The services gateway offers stable, reliable,
and efficient IP routing in addition to switching support and LAN connectivity. The device provides IP
Security (IPsec), virtual private network (VPN), and firewall services for small and medium-sized companies
and enterprise branch and remote offices. The SRX100 Services Gateway can be connected directly to
traditional private networks such as leased lines, Frame Relay, or Multi Protocol Label Switching (MPLS)
or to the public Internet.
The SRX100 Services Gateway runs the Junos operating system (Junos OS).
SRX100 Services Gateway Models
The following are the two models of the SRX100 Services Gateway available with 1 GB memory. For
information on the models with 2 GB memory, see SRX100 Services Gateway Hardware Guide for H2
Model Numbers.
Table 3: SRX100 Services Gateway Models
Model NumberDevice TypeProduct Name
SRX100BLow MemorySRX100 Services Gateway
SRX100HHigh MemorySRX100 Services Gateway
NOTE: You can upgrade from an SRX100 Services Gateway Low Memory version to a High
Memory version through a license key. You need not order a separate High Memory device.
3
NOTE: SRX100H model provides additional security features such as Unified Threat Management
(UTM), which consists of IPS antispam, antivirus, and Web filtering.
NOTE: The SRX100 Services Gateway High Memory model ships with a license key.
All SRX100 Services Gateways run the Junos OS.
Accessing the SRX100 Services Gateway
Two user interfaces are available for monitoring, configuring, troubleshooting, and managing the SRX100
Services Gateway:
J-Web interface: Web-based graphical interface that allows you to operate a services gateway without
•
commands. The J-Web interface provides access to all Junos OS functionality and features.
Junos OS command-line interface (CLI): Juniper Networks command shell that runs on top of a UNIX-based
•
operating system kernel. The CLI is a straightforward command interface. On a single line, you type
commands that are executed when you press the Enter key. The CLI provides command Help and
command completion.
RELATED DOCUMENTATION
SRX100 Services Gateway Specifications | 21
SRX100 Services Gateway Features and Functions | 4
Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version | 92
SRX100 Services Gateway Features and Functions
The SRX100 Services Gateway is a security optimized, fixed processing system that provides the following
features for the Low Memory and High Memory models listed in Table 4 on page 4. For information on
the models with 2 GB memory, see SRX100 Services Gateway Hardware Guide for H2 Model Numbers.
Table 4: SRX100 Services Gateway Hardware Features
4
SRX100 Services Gateway Low
MemoryFeatures
DDR Memory
Memory through a license key)
SRX100 Services Gateway High
Memory
1 GB512 MB (software upgradable to High
30 watts30 wattsPower supply adapter
100 to 240 VAC100 to 240 VACAC input voltage
88Fast Ethernet ports
11Console port
11USB port
44LEDs
1 GB1 GBNAND flash
For more details on Junos OS features and licenses for the SRX100 Services Gateway, see the Junos OSAdministration Guide for Security Devices.
For more information on upgrading an SRX100 Services Gateway Low Memory to High Memory, see
“Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version” on page 92.
RELATED DOCUMENTATION
SRX100 Services Gateway Description | 2
SRX100 Services Gateway Specifications | 21
Upgrading the SRX100 Services Gateway Low Memory Version to a High Memory Version | 92
Figure 1 on page 7 illustrates the front panel LEDs of the SRX100 Services Gateway.
NOTE: The numbers in Figure 1 on page 7 correspond to the numbers in Table 5 on page 7.
Figure 1: SRX100 Services Gateway Front Panel LEDs
Table 5 on page 7 lists the LED indicators on the SRX100 Services Gateway front panel.
Table 5: SRX100 Services Gateway Front Panel LEDs
UsageDescriptionComponentNumber
7
Alarm LED1
Power LED2
The Alarm LED has the
following indicator colors:
Solid red indicates a
•
major alarm.
Solid amber indicates a
•
minor alarm.
Off indicates that there
•
are currently no alarms.
The Power LED has the
following indicator colors:
Solid green indicates
•
that the device is
functioning normally.
Solid amber indicates
•
that the power button
has been pressed and
quickly released. The
device is gracefully
shutting down.
Off indicates that the
•
device is not receiving
power.
The Alarm LED can be
used to gather information
on major or minor alarms
or to determine if the
device is functioning
normally.
The Power LED can be
used to determine if the
device is receiving power.
Table 5: SRX100 Services Gateway Front Panel LEDs (continued)
8
UsageDescriptionComponentNumber
HA LED3
Status LED4
The HA LED has the
following indicator colors:
Solid green indicates
•
that all chassis clustering
links are available.
Solid red indicates that
•
the chassis clustering
links are not working as
expected.
Solid amber indicates
•
that some chassis
clustering links are not
working as expected.
Off indicates that
•
chassis clustering is not
enabled.
The Status LED has the
following indicator colors:
Solid green indicates
•
that the device is
functioning normally.
The HA LED can be used
to determine if chassis
clustering is enabled on the
device.
The Status LED can be
used to determine whether
the device is starting up, is
functioning normally, or
has failed.
Solid amber indicates
•
that the device is
starting up.
Solid red indicates that
•
an error is detected in
the device.
SRX100 Services Gateway Ethernet Port LEDs
On the SRX100 Services Gateway, each Fast Ethernet port has one functional LED on the left side that
indicates Link and Activity. In Figure 2 on page 9, this LED is marked as 1.
Figure 2: SRX100 Services Gateway Ethernet Port LEDs
The Table 6 on page 9 applies only to the TX/RX/LINK LED marked 1. Table 6 on page 9 describes the
states of this LED.
Table 6: SRX100 Services Gateway Built-In Ethernet Port LEDs
DescriptionStateColorFunction
9
BlinkingGreenTX/RX/LINK
Steady
Link is active. Data communication
is taking place.
Link is active. No data
communication is taking place.
Link is inactive.OffUnlit
NOTE: The LED marked as 2 in Figure 2 on page 9 is not functional in this release.
RELATED DOCUMENTATION
SRX100 Services Gateway Specifications | 21
SRX100 Services Gateway Front Panel and Back Panel Views | 12
SRX100 Services Gateway Built-In Interfaces | 14
SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10
SRX100 Services Gateway Power Supply | 9
SRX100 Services Gateway Power Supply
The power supply for the SRX100 Services Gateway is external. You must use the power supply adapter
provided by Juniper Networks to provide power to the services gateway.
RELATED DOCUMENTATION
SRX100 Services Gateway Specifications | 21
SRX100 Services Gateway Front Panel and Back Panel Views | 12
Monitoring the SRX100 Services Gateway Power System | 103
SRX100 Services Gateway Electrical and Power Requirements | 29
SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme
IN THIS SECTION
10
Boot Devices | 10
Dual-Root Partitioning Scheme | 10
This topic includes the following sections:
Boot Devices
The SRX100 Services Gateway can boot from the following storage media (in the order of priority):
Internal NAND Flash (default; always present)
•
USB storage key (alternate)
•
Dual-Root Partitioning Scheme
Dual-root partitions allow the SRX100 Services Gateways to remain functional if there is file system
corruption and facilitate easy recovery of the corrupted file system.
The dual-root partitioning scheme keeps the primary and backup Junos OS images in two independently
bootable root partitions. If the primary root partition becomes corrupted, the system will be able to boot
from the backup Junos OS image located in the other root partition and remain fully functional.
When the SRX100 Services Gateway powers up, it tries to boot the Junos OS from the default storage
media. If the device fails to boot from the default storage media, it tries to boot from the alternate storage
media. With the dual-root partitioning scheme, the SRX100 Services Gateway first tries to boot the Junos
OS from the primary root partition and then from the backup root partition on the default storage media.
If both primary and backup root partitions of a media fail to boot, then the device tries to boot from the
next available type of storage media. The SRX100 Services Gateway remains fully functional even if it
boots the Junos OS from the backup root partition of storage media.
NOTE: SRX Series devices that ship from the factory with Junos OS Release 10.0 are formatted
with the dual-root partitioning scheme.
The SRX100 Services Gateways that are running Junos OS Release 9.6 or earlier use the single-root
partitioning scheme. While upgrading these devices to Junos OS Release 10.0, you can choose to format
the storage media with dual-root partitions (strongly recommended) or retain the existing single-root
partitioning.
11
For instructions on upgrading to Junos OS Release 10.0, see the following topics:
Initial Configuration for Security Devices
•
Monitoring and Troubleshooting for Security Devices
•
RELATED DOCUMENTATION
Installation Overview for the SRX100 Services Gateway | 36
SRX100 Services Gateway Software Configuration Overview | 65
CHAPTER 3
g031001
Chassis Description
IN THIS CHAPTER
SRX100 Services Gateway Front Panel and Back Panel Views | 12
SRX100 Services Gateway Built-In Interfaces | 14
SRX100 Services Gateway Front Panel and Back Panel Views
12
IN THIS SECTION
SRX100 Services Gateway Front Panel | 12
SRX100 Services Gateway Back Panel | 13
This topic contains views of the front and back panels of the SRX100 Services Gateway. This topic includes
the following sections:
SRX100 Services Gateway Front Panel
Figure 3 on page 12 shows the front panel of the SRX100 Services Gateway.
Figure 3: SRX100 Services Gateway Front Panel
Table 7 on page 13 lists the front panel components of the services gateway.
g031002
Table 7: SRX100 Services Gateway Front Panel Components
ComponentNumber
Power button1
LEDs: Alarm, Status, Power, HA2
Reset Config button3
Universal serial bus (USB) port4
Console port5
Fast Ethernet ports6
13
For more information on the front panel components, see the following topics:
SRX100 Services Gateway Built-In Interfaces on page 14
•
SRX100 Services Gateway LEDs on page 6
•
SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme on page 10
•
SRX100 Services Gateway Back Panel
Figure 4 on page 13 illustrates the back panel of the SRX100 Services Gateway.
Figure 4: SRX100 Services Gateway Back Panel
Table 8 on page 14 lists the components available on the back panel of the SRX100 Services Gateway.
Table 8: SRX100 Services Gateway Back Panel
ComponentNumber
Lock1
Grounding point2
Cable tie holder3
Power supply point4
NOTE: The cable tie holder provides support for holding the power cord on the power supply
point.
The lock provides the option to lock and secure the device to the installation site.
14
RELATED DOCUMENTATION
SRX100 Services Gateway Specifications | 21
SRX100 Services Gateway Built-In Interfaces | 14
SRX100 Services Gateway LEDs | 6
SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10
SRX100 Services Gateway Power Supply | 9
SRX100 Services Gateway Built-In Interfaces
Table 9 on page 15 summarizes the interface ports supported on the SRX100 Services Gateway.
that functions as a secondary boot
device in case of internal flash
failure on startup, if the USB
storage device is installed and
configured
Console
The console port:
Consists of one port
•
Uses an RJ-45 serial cable
•
connector
Supports the RS-232 (EIA-232)
•
standard
NOTE: You must install and
configure the USB storage device
on the USB port to use it as
secondary boot device.
Additionally, the USB device must
have Junos installed.
To provide the USB interfaces that
•
are used to communicate with
many types of Juniper-supported
USB storage devices
The console port can be used:
To provide the console interface.
•
To function as a management port
•
to log into a device directly.
To configure the device using the
•
CLI.
NOTE: The Reset Config button is used to remove the current configuration and reset the device
to the default configuration.
The button is recessed in the front panel to prevent it from being pressed accidentally.
CAUTION: Pressing and holding the Reset Config button for 15 seconds or more
deletes all configurations on the device and loads and commits the factory configuration.
RELATED DOCUMENTATION
SRX100 Services Gateway Specifications | 21
16
SRX100 Services Gateway Front Panel and Back Panel Views | 12
SRX100 Services Gateway LEDs | 6
SRX100 Services Gateway Boot Devices and Dual-Root Partitioning Scheme | 10
SRX100 Services Gateway Power Supply | 9
2
PART
Site Planning and Specifications
Planning and Preparing the Site | 18
Power Requirements and Specifications | 27
Cable Specifications and Pinouts | 31
CHAPTER 4
Planning and Preparing the Site
IN THIS CHAPTER
Site Preparation Checklist for the SRX100 Services Gateway | 18
General Site Guidelines for Installing the SRX100 Services Gateway | 21
SRX100 Services Gateway Specifications | 21
SRX100 Services Gateway Cabinet Requirements | 23
SRX100 Services Gateway Rack Requirements | 24
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
18
Site Preparation Checklist for the SRX100 Services Gateway
The checklist in Table 10 on page 18 summarizes the tasks you need to perform when preparing a site for
installing the SRX100 Services Gateway.
Table 10: Site Preparation Checklist for Services Gateway Installation
Additional
NotesDatePerformed By
Environment
Verify that environmental
factors such as temperature
and humidity do not exceed
device tolerances.
Power
InformationItem or Task
“SRX100 Services
Gateway
Specifications” on
page 21
Table 10: Site Preparation Checklist for Services Gateway Installation (continued)
Additional
InformationItem or Task
19
NotesDatePerformed By
Measure the distance
•
between the external
power sources and the
device installation site.
Locate sites for connection
•
of system grounding.
Calculate the power
•
consumption and
requirements.
Rack Requirements
Verify that your rack meets
the minimum requirements.
Rack Installation
“SRX100 Services
Gateway Site
Electrical Wiring
Guidelines” on
page 27
“SRX100 Services
Gateway Power
Specifications and
Requirements” on
page 29
“SRX100 Services
Gateway Rack
Requirements” on
page 24
Plan the rack location,
•
including required space
clearances.
Secure the rack to the floor
•
and building structure.
Cabinet Requirements
Verify that your cabinet
•
meets the minimum
requirements.
Plan the cabinet location,
•
including required space
clearances.
Wall Installation
“Preparing the
SRX100 Services
Gateway for
Rack-Mount
Installation” on
page 43
“SRX100 Services
Gateway Cabinet
Requirements” on
page 23
Table 10: Site Preparation Checklist for Services Gateway Installation (continued)
Additional
InformationItem or Task
20
NotesDatePerformed By
Verify that the area
•
selected meets the
minimum requirements.
Verify that you have the
•
required hardware to
proceed with the
installation.
Desktop Installation
Verify that the area
•
selected meets the
minimum requirements.
Plan the installation
•
location, including required
space clearances and
airflow requirements.
Cables
Acquire cables and
•
connectors.
Review the maximum
•
distance allowed for each
cable. Choose the length
of cable based on the
distance between the
hardware components
being connected.
Plan the cable routing and
•
management.
“Preparing the
SRX100 Services
Gateway for
Wall-Mount
Installation” on
page 45
“Preparing the
SRX100 Services
Gateway for
Desk-Mount
Installation” on
page 44
“Interface Cable
and Wire
Specifications for
the SRX100
Services Gateway”
on page 31
RELATED DOCUMENTATION
SRX100 Services Gateway Specifications | 21
SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125
Installation Overview for the SRX100 Services Gateway | 36
General Site Guidelines for Installing the SRX100 Services Gateway | 21
SRX100 Services Gateway Cabinet Requirements | 23
SRX100 Services Gateway Rack Requirements | 24
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
General Site Guidelines for Installing the SRX100 Services Gateway
Keep the following precautions in mind to help you plan an acceptable operating environment for your
SRX100 Services Gateway and avoid environmentally caused equipment failures:
For the operating temperature of the services gateway to be optimal, the airflow around the chassis
•
must be unrestricted. Allow sufficient clearance between the front and back of the chassis and adjacent
equipment. Ensure that there is adequate circulation in the installation location.
Follow the ESD procedures to avoid damaging equipment. Static discharge can cause components to
•
fail completely or intermittently over time.
21
NOTE: The SRX100 Services Gateway does not include a fan and does not generate any acoustic
noise.
RELATED DOCUMENTATION
SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125
SRX100 Services Gateway Cabinet Requirements | 23
SRX100 Services Gateway Rack Requirements | 24
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
SRX100 Services Gateway Specifications
The SRX100 Services Gateway chassis is a rigid sheet metal structure that houses all the other hardware
components (see Figure 5 on page 22).
Table 11 on page 22 provides information on the physical specifications of the device.
SRX100 Services Gateway High Memory model: 10 watts
•
Normal operation ensured in temperature range of 32°F (0°C) to 104°F
(+40°C)
Nonoperating storage temperature in shipping container: –40°F (–40°C)
to 158°F (70°C)
NOTE: The SRX100 Services Gateway operating temperature is 35°C
when installed in a rack.
The maximum thermal values for the two models of services gateways
are as follows:
Low Memory — AC power: 80 BTU/hour (21.5 W)
•
High Memory — AC power: 80 BTU/hour (21.5 W)
•
NOTE: These specifications are estimates and subject to change.
CAUTION: Before removing or installing components of a functioning services gateway,
attach an electrostatic discharge (ESD) strap to an ESD point and place the other end
of the strap around your bare wrist. Failure to use an ESD strap could result in damage
to the services gateway.
RELATED DOCUMENTATION
SRX100 Services Gateway Description | 2
SRX100 Services Gateway Front Panel and Back Panel Views | 12
Monitoring the SRX100 Services Gateway Components Using LEDs | 100
SRX100 Services Gateway Electrical Safety Guidelines and Warnings | 150
23
SRX100 Services Gateway Cabinet Requirements
The SRX100 Services Gateway can be installed in a standard 31.5 in. (800 mm) or larger enclosed cabinet.
Table 12 on page 23 provides the details on cabinet size, clearance, and airflow requirements.
19 in. (48.3 cm) as defined in Cabinets, Racks, Panels, and Associated Equipment (document
number EIA-310–D) published by the Electronics Industry Association (http://www.eia.org).
You can mount the gateway horizontally in the cabinet.
The cabinet is at least 1 U (1.75 in. or 4.5 cm) high.
•
The outer edges of the mounting brackets extend the width of either chassis to 19 in.
•
(48.3 cm), and the front of the chassis extends approximately 0.5 in. (1.27 cm) beyond
the mounting brackets.
The minimum total clearance inside the cabinet is 30.7 in. (78 cm) between the inside of
•
the front door and the inside of the rear door.
NOTE: The holes for the mounting brackets chassis are spaced 1.25 in. (3.2 cm) apart,
Ensure sufficient ventilation through the cabinet is sufficient to prevent overheating.
•
Ensure adequate cool air supply to dissipate the thermal output of the device.
•
Install the device as close as possible to the front of the cabinet so that the cable
•
management system clears the inside of the front door. Installing the chassis close to the
front of the cabinet maximizes the clearance in the rear of the cabinet for critical airflow.
Route and dress all cables to minimize the blockage of airflow to and from the chassis.
•
NOTE: A cabinet larger than the minimum required provides better airflow and reduces
the chance of overheating.
RELATED DOCUMENTATION
General Site Guidelines for Installing the SRX100 Services Gateway | 21
SRX100 Services Gateway Rack Requirements | 24
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
SRX100 Services Gateway Rack Requirements
The services gateway can be installed in a rack. Many types of racks are acceptable, including front-mount
racks and four-post (telco) racks.
NOTE: The services gateway cannot be center mounted in a rack.
Table 13 on page 24 provides the details of requirements for rack size, clearance, airflow, spacing of
mounting brackets and flange holes, and connecting to the building structure.
Table 13: Rack Requirements for the Services Gateway
SpecificationsRack Requirement
Size
A 19 in. (48.3 cm) rack as defined in Cabinets, Racks, Panels, and Associated Equipment
(document number EIA-310-D) published by the Electronics Industry Association
(http://www.eia.org).
Table 13: Rack Requirements for the Services Gateway (continued)
SpecificationsRack Requirement
25
Clearance
Spacing of Mounting
Bracket and Flange Holes
Connecting to the
Building Structure
The outer edges of the mounting brackets extend the width of either chassis to 19 in.
•
(48.3 cm).
The front of the chassis extends approximately 0.5 in. (1.27 cm) beyond the mounting
•
ears.
Maximum permissible ambient temperature when two devices are placed side by
•
side in a 19 in. rack is 40° C.
The holes within each rack set are spaced at 1 U [1.75 in. (4.5 cm)]. The device can
•
be mounted in any rack that provides holes or hole patterns spaced at 1-U [1.75 in.
(4.5 cm)] increments.
The mounting brackets and front-mount flanges used to attach the chassis to a rack
•
are designed to fasten to holes spaced at rack distances of 1 U (1.75 in.).
The mounting holes in the mounting brackets provided with the device are spaced
•
1.25 in. (3.2 cm) apart (top and bottom mounting hole).
Always secure the rack in which you are installing the services gateway to the structure
of the building. If your geographical area is subject to earthquakes, bolt the rack to the
floor. For maximum stability, also secure the rack to ceiling brackets.
RELATED DOCUMENTATION
General Site Guidelines for Installing the SRX100 Services Gateway | 21
SRX100 Services Gateway Cabinet Requirements | 23
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
Clearance Requirements for Airflow and Hardware Maintenance of the
SRX100 Services Gateway
When planning the installation site for the SRX100 Services Gateway, you need to allow sufficient clearance
around the device.
When planning the installation site for the services gateway, consider the following:
For the operating temperature of the services gateway to be optimal, the airflow around the chassis
•
must be unrestricted.
For service personnel to remove and install hardware components, there must be adequate space at the
•
front and back of the device. Allow at least 24 in. (61 cm) both in front of and behind the device.
If you are mounting the device in a rack with other equipment, or if you are placing it on the desktop
•
near other equipment, ensure that the exhaust from other equipment does not blow into the intake
vents of the chassis.
Table 14 on page 26 provides information on the clearance requirements for maintaining the optimum
airflow and the distances for facilitating easy maintenance of the device.
Table 14: Clearance Requirements for the SRX100 Services Gateway
Requirement for ClearanceRecommended ClearanceLocation
26
2.5 in. (6.35 cm)Front of the chassis
2.5 in. (6.35 cm)Rear of the chassis
2.5 in. (6.35 cm)Between front-mounting flange and
rack or cabinet edge
2.5 in. (6.35 cm)Between side of the chassis and any
non-heat-producing surface such as
a wall or cabinet side
0.4 in. (1 cm)Between side of the chassis and
devices that have fans or blowers
Space for service personnel to remove
and install hardware components
Space for service personnel to remove
and install hardware components
Space for cable management and
organization
Space for the cooling system to function
properly and to maintain unrestricted
airflow around the chassis
Space for the cooling system to function
properly and to maintain unrestricted
airflow around the chassis
NOTE: The air vents are provided on the sides of the chassis for the SRX100 Services Gateway.
RELATED DOCUMENTATION
General Site Guidelines for Installing the SRX100 Services Gateway | 21
SRX100 Services Gateway Site Electrical Wiring Guidelines | 27
SRX100 Services Gateway Electrical and Power Requirements | 29
SRX100 Services Gateway Power Specifications and Requirements | 29
SRX100 Services Gateway Site Electrical Wiring Guidelines
27
Table 15 on page 28 describes the factors you must consider while planning the electrical wiring for the
services gateway at your site.
CAUTION: It is particularly important to provide a properly grounded and shielded
environment and to use electrical surge-suppression devices.
CAUTION: For devices with AC power supplies, an external surge protective device
(SPD) must be used at the AC power source.
Table 15: Site Electrical Wiring Guidelines for the Services Gateway
GuidelineSite Wiring Factor
28
Signaling Limitations
Radio Frequency Interference
(RFI)
Electromagnetic Compatibility
(EMC)
To ensure that signaling functions optimally:
Install wires correctly.
•
Improperly installed wires can emit radio interference.
Do not exceed the recommended distances or pass wires between buildings.
•
The potential for damage from lightning strikes increases if wires exceed
recommended distances or if wires pass between buildings.
Shield all conductors.
•
The electromagnetic pulse (EMP) caused by lightning can damage unshielded
conductors and destroy electronic devices.
To reduce or eliminate the emission of RFI from your site wiring:
Use twisted-pair cable with a good distribution of grounding conductors.
•
Use a high-quality twisted-pair cable with one ground conductor for each data
•
signal when applicable, if you must exceed the recommended distances.
Provide a properly grounded and shielded environment and use electrical
surge-suppression devices.
Strong sources of electromagnetic interference (EMI) can cause the following
damage:
Destroy the signal drivers and receivers in the device
•
Conduct power surges over the lines into the equipment, resulting in an
•
electrical hazard
NOTE: If your site is susceptible to problems with EMC, particularly from
lightning or radio transmitters, you may want to seek expert advice.
CAUTION: To comply with intrabuilding lightning/surge requirements, the intrabuilding
wiring must be shielded. The shielding for the wiring must be grounded at both ends.
RELATED DOCUMENTATION
General Site Guidelines for Installing the SRX100 Services Gateway | 21
Monitoring the SRX100 Services Gateway Power System | 103
SRX100 Services Gateway Electrical and Power Requirements | 29
SRX100 Services Gateway Power Specifications and Requirements | 29
SRX100 Services Gateway Electrical and Power Requirements
This topic provides information on the factors you must consider while planning the electrical wiring and
power availability at your site. These requirements cover the following areas:
Power specifications and requirements for the device
•
Electrical wiring guidelines for the device installation site
•
Power, connection, and power cord specifications for the device
•
Grounding guidelines and specifications for the device
•
29
RELATED DOCUMENTATION
SRX100 Services Gateway Site Electrical Wiring Guidelines | 27
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
Installation Overview for the SRX100 Services Gateway | 36
Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
SRX100 Services Gateway Power Specifications and Requirements
The AC power system electrical specifications for the SRX100 Services Gateway are listed in
Table 16 on page 29.
Table 16: Power System Electrical Specifications for the SRX100 Services Gateway
SpecificationPower Requirement
100 to 240 VACAC input voltage
50 to 60 HzAC input line frequency
1 A maximumAC system current rating
WARNING: The AC power cord for the services gateway is intended for use with the
device only and not for any other use.
RELATED DOCUMENTATION
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
SRX100 Services Gateway Site Electrical Wiring Guidelines | 27
Monitoring the SRX100 Services Gateway Power System | 103
Maintaining the SRX100 Services Gateway Hardware Components | 95
30
CHAPTER 6
Cable Specifications and Pinouts
IN THIS CHAPTER
Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port | 32
RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port | 32
Interface Cable and Wire Specifications for the SRX100 Services Gateway
31
Table 17 on page 31 lists the specifications for the cables that connect to ports.
Table 17: Cable and Wire Specifications for Ports
Maximum
LengthCable/Wire RequiredCable SpecificationPort
RS-232 (EIA-232) serial cableConsole port
DB-9/RJ-45 connectors
Ethernet
port
CAT-5e (Category 5) cable or
equivalent suitable for
100BASE-T operation
RJ-45/RJ-45 connectors
RELATED DOCUMENTATION
RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port | 32
RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port | 32
Device
Receptacle
RJ-456 ft (1.83 m)One 6-ft (1.83-m) length with
RJ-45328 ft (100 m)One 15-ft (4.57-m) length with
RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port
Figure 6 on page 32 shows the RJ-45 cable connector pinouts for Ethernet ports.
Figure 6: Ethernet Cable Connector (RJ-45)
Table 18 on page 32 describes the RJ-45 connector pinouts for the Ethernet port.
Table 18: RJ-45 Connector Pinouts for the Services Gateway Ethernet Port
SignalPin
TX+1
32
TX -2
RX+3
Termination network4
Termination network5
RX-6
Termination network7
Termination network8
RELATED DOCUMENTATION
Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port | 32
RJ-45 Connector Pinouts for the SRX100 Services Gateway Console Port
Figure 7 on page 33 shows the RJ-45 connector pinouts for the console port.
Figure 7: Console Cable Connector
Table 19 on page 33 describes the RJ-45 connector pinouts for the console port.
Table 19: RJ-45 Connector Pinouts for the Services Gateway Console Port
DescriptionSignalPin
Request to SendRTS1
Data Terminal ReadyDTR2
Transmit DataTXD3
Signal GroundGround4
33
Signal GroundGround5
Receive DataRXD6
Data Set ReadyDSR/DCD7
Clear to SendCTS8
RELATED DOCUMENTATION
Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
RJ-45 Connector Pinouts for the SRX100 Services Gateway Ethernet Port | 32
3
PART
Initial Installation and Configuration
Installation Overview | 35
Unpacking the Services Gateway | 40
Installing the Mounting Hardware | 43
Installing the Services Gateway | 46
Grounding the SRX100 Services Gateway | 52
Connecting the SRX100 Services Gateway to External Devices | 55
Providing Power to the SRX100 Services Gateway | 60
Performing Initial Configuration | 65
CHAPTER 7
Installation Overview
IN THIS CHAPTER
Installation Overview for the SRX100 Services Gateway | 36
Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37
Installation Overview for the SRX100 Services Gateway
After you have prepared your installation site, you are ready to unpack and install the services gateway.
It is important to proceed through the installation process in the order shown in Table 20 on page 36.
Table 20: Installation Process Order for the SRX100 Services Gateway
For More Information, SeeProcessSteps
36
Review the safety guidelines.1
2
3
Verify that you have prepared your site for
the installation of the services gateway using
the checklist.
Follow the instructions for unpacking the
services gateway and verify that the parts
are received.
Prepare the services gateway for installation.4
Install the services gateway.5
“SRX100 Services Gateway Safety
Requirements, Warnings, and Guidelines” on
page 125
“Site Preparation Checklist for the SRX100
Services Gateway” on page 18
“Unpacking the SRX100 Services Gateway”
on page 40
“Preparing the SRX100 Services Gateway for
Rack-Mount Installation” on page 43
“Preparing the SRX100 Services Gateway for
Desk-Mount Installation” on page 44
“Preparing the SRX100 Services Gateway for
Wall-Mount Installation” on page 45
“Installing the SRX100 Services Gateway in
a Rack” on page 46
“Installing the SRX100 Services Gateway on
a Desk” on page 48
“Installing the SRX100 Services Gateway on
a Wall” on page 49
Connect cables to external devices.6
Connect the grounding cable.7
Power on the services gateway.8
“Connecting and Organizing Interface Cables
to the SRX100 Services Gateway” on page 55
“Grounding the SRX100 Services Gateway”
on page 52
“Powering On and Powering Off the SRX100
Services Gateway” on page 61
RELATED DOCUMENTATION
Unpacking the SRX100 Services Gateway | 40
General Site Guidelines for Installing the SRX100 Services Gateway | 21
Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
Installing the SRX100 Services Gateway in a Rack | 46
Installing the SRX100 Services Gateway on a Desk | 48
Installing the SRX100 Services Gateway on a Wall | 49
Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55
Required Tools and Parts for Installing and Maintaining the SRX100 Services
37
Gateway
Table 21 on page 37 lists the tools and parts required to install and maintain the SRX100 Services Gateway.
Table 21: Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway
Phillips (+) screwdriver, number 1Grounding the SRX100 Services
“Installing the SRX100 Services
Gateway in a Rack” on page 46
“Installing the SRX100 Services
Gateway on a Desk” on page 48
“Installing the SRX100 Services
Gateway on a Wall” on page 49
“Connecting the SRX100 Services
Gateway to the Power Supply” on
page 60
“Grounding the SRX100 Services
Gateway” on page 52
Packing the SRX100 Services
Gateway
Electrostatic bag or antistatic mat,
•
for each component
Electrostatic discharge (ESD)
•
grounding wrist strap
“Packing the SRX100 Services
Gateway and Components for
Shipment” on page 113
RELATED DOCUMENTATION
Unpacking the SRX100 Services Gateway | 40
Installing the SRX100 Services Gateway in a Rack | 46
Installing the SRX100 Services Gateway on a Desk | 48
Installing the SRX100 Services Gateway on a Wall | 49
Grounding the SRX100 Services Gateway | 52
Connecting the SRX100 Services Gateway to the Power Supply | 60
Packing the SRX100 Services Gateway and Components for Shipment | 113
SRX100 Services Gateway Autoinstallation Overview
The autoinstallation process begins any time a services gateway is powered on and cannot locate a valid
configuration file in the internal flash. Typically, a configuration file is unavailable when a services gateway
is powered on for the first time or if the configuration file is deleted from the internal flash. The
autoinstallation feature enables you to deploy multiple services gateways from a central location in the
network.
38
If you are setting up many devices, autoinstallation can help automate the configuration process by loading
configuration files onto new or existing devices automatically over the network. You can use either the
J-Web interface or the CLI to configure a device for autoinstallation.
For the autoinstallation process to work, you must store one or more host-specific or default configuration
files on a configuration server in the network and have a service available—typically Dynamic Host
Configuration Protocol (DHCP)—to assign an IP address to the services gateway.
Autoinstallation takes place automatically when you connect an Ethernet port on a new services gateway
to the network and power on the device. To simplify the process, you can explicitly enable autoinstallation
on a device and specify a configuration server, an autoinstallation interface, and a protocol for IP address
acquisition.
For more information about configuring autoinstallation, see the following topics:
Installation and Upgrade Guide
•
Network Monitoring and Troubleshooting
•
RELATED DOCUMENTATION
Connecting the SRX100 Services Gateway to the Power Supply | 60
Grounding the SRX100 Services Gateway | 52
Powering On and Powering Off the SRX100 Services Gateway | 61
39
CHAPTER 8
Unpacking the Services Gateway
IN THIS CHAPTER
Unpacking the SRX100 Services Gateway | 40
Verifying Parts Received with the SRX100 Services Gateway | 41
Unpacking the SRX100 Services Gateway
40
The SRX100 Services Gateway is shipped in a cardboard carton. The carton also contains an accessory
box and the SRX100 Services Gateway Quick Start.
NOTE: The device is maximally protected inside the shipping carton. Do not unpack it until you
are ready to begin installation.
To unpack the SRX100 Services Gateway:
1. Open the box in which the device is shipped.
2. Verify the parts received against the lists in “Verifying Parts Received with the SRX100 Services
Gateway” on page 41.
3. Store the shipping box and packing material in case you need to return or move the device at a later
time.
RELATED DOCUMENTATION
Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37
Verifying Parts Received with the SRX100 Services Gateway | 41
Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
Installation Overview for the SRX100 Services Gateway | 36
Verifying Parts Received with the SRX100 Services Gateway
The SRX100 Services Gateway shipment package contains a packing list. Check the parts in the shipment
against the items on the packing list. The packing list specifies the part numbers and descriptions of each
part in your order.
If any part is missing, contact your Juniper Networks customer service representative.
A fully configured SRX100 Services Gateway contains the chassis with installed components, listed in
Table 22 on page 41, and an accessory box, which contains the parts listed in Table 23 on page 41.
NOTE: The parts shipped with your device can vary depending on the configuration you ordered.
41
Table 22: Parts List for a Fully Configured SRX100 Services Gateway
QuantityComponent
1Chassis, with 8xFE ports
1Power supply adapter (30 W)
12-prong power cord
1DB-9 to RJ-45 adapter, straight through, 7 ft
Table 23: Accessory Parts List for the SRX100 Services Gateway
QuantityPart
1Juniper Networks Product Warranty
1End User License Agreement
1Quick Start
1Security Products Safety Guide
1Juniper Compliance Form Letter
Table 23: Accessory Parts List for the SRX100 Services Gateway (continued)
QuantityPart
1Product Registration
NOTE: The mounting kits available for rack, desk, and wall installation of the SRX100 Services
Gateway must be ordered separately. Contact your Juniper Networks customer service
representative for more information.
RELATED DOCUMENTATION
Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37
42
Unpacking the SRX100 Services Gateway | 40
Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
CHAPTER 9
Installing the Mounting Hardware
IN THIS CHAPTER
Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
Preparing the SRX100 Services Gateway for Rack-Mount Installation
43
You can mount an SRX100 Services Gateway in four-post (telco) racks, enclosed cabinets, and open-frame
racks.
NOTE: The SRX100 Services Gateway cannot be center-mounted in racks.
Before mounting the SRX100 Services Gateway in a rack:
Verify that the installation site meets the requirements described in the site preparation checklist.
•
Verify that the racks or cabinets meet the specific requirements described in “SRX100 Services Gateway
•
Rack Requirements” on page 24.
Place the rack or cabinet in its permanent location, allowing adequate clearance for airflow and
•
maintenance, and secure it to the building structure. For more information, see “Clearance Requirements
for Airflow and Hardware Maintenance of the SRX100 Services Gateway” on page 25.
Remove the services gateway chassis from the shipping carton. For unpacking instructions, see “Unpacking
•
the SRX100 Services Gateway” on page 40.
Verify that you have the following parts available in your rack-mounting kit for the SRX100 Services
•
Gateway:
Rack-mount tray
•
Screws
•
NOTE: The rack-mounting kit is not shipped with the device and must be ordered separately.
RELATED DOCUMENTATION
Unpacking the SRX100 Services Gateway | 40
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
SRX100 Services Gateway Rack Requirements | 24
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
44
Preparing the SRX100 Services Gateway for Desk-Mount Installation
You can mount an SRX100 Services Gateway on a desk or other level surface horizontally or vertically.
The four rubber feet attached to the chassis provide stability.
Before mounting an SRX100 Services Gateway on a desk or other level surface:
Verify that the site meets the requirements described in the site preparation checklist.
•
Place the desk in its permanent location, allowing adequate clearance for airflow and maintenance, and
•
secure it to the building structure.
Remove the services gateway chassis from the shipping carton. For unpacking instructions, see “Unpacking
•
the SRX100 Services Gateway” on page 40.
If you are mounting the device vertically on the desk, make sure that the following parts are available
•
in your vertical desk-mounting kit for the SRX100 Services Gateway:
Vertical stand
•
Screws
•
NOTE: The vertical desk-mounting kit is not shipped with the device and must be ordered
separately.
RELATED DOCUMENTATION
Unpacking the SRX100 Services Gateway | 40
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
Preparing the SRX100 Services Gateway for Wall-Mount Installation
You can mount an SRX100 Services Gateway on a wall. The four rubber feet attached to the chassis provide
stability.
Before mounting an SRX100 Services Gateway on a wall:
Verify that the site meets the requirements described in “Site Preparation Checklist for the SRX100
•
Services Gateway” on page 18.
45
Remove the services gateway chassis from the shipping carton. For unpacking instructions, see “Unpacking
•
the SRX100 Services Gateway” on page 40.
Verify that you have the following parts available in your wall-mounting kit for the SRX100 Services
•
Gateway:
Wall-mounting brackets
•
Screws
•
NOTE: The wall-mounting kit is not shipped with the device and must be ordered separately.
RELATED DOCUMENTATION
Site Preparation Checklist for the SRX100 Services Gateway | 18
Unpacking the SRX100 Services Gateway | 40
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
CHAPTER 10
Installing the Services Gateway
IN THIS CHAPTER
Installing the SRX100 Services Gateway in a Rack | 46
Installing the SRX100 Services Gateway on a Desk | 48
Installing the SRX100 Services Gateway on a Wall | 49
Installing the SRX100 Services Gateway in a Rack
46
You can front-mount two SRX100 Services Gateways in a rack. Many types of racks are acceptable,
including four-post (telco) racks, enclosed cabinets, and open-frame racks. For more information about
the type of rack or cabinet the SRX100 Services Gateway can be installed into, see “SRX100 Services
Gateway Rack Requirements” on page 24.
NOTE: If you are installing multiple devices in one rack, install the lowest one first and proceed
upward in the rack.
To install the device in a rack:
1. Position the two devices in the rack-mount tray as shown in Figure 8 on page 47.
g031038
g031039
Figure 8: Installing the SRX100 Services Gateway in a Rack
2. Use a number-1 Phillips screwdriver to install the screws that secure the device to the rack-mount tray.
3. Have one person grasp the sides of the rack-mount tray, lift it, and position it in the rack.
47
4. Align the bottom hole in each side of the rack-mount tray with a hole in each rack rail as shown in
Figure 9 on page 47, making sure the rack-mount tray is level.
Figure 9: Hanging the SRX100 Services Gateway in a Rack
5. Have a second person install a mounting screw into each of the two aligned holes. Use a number-3
Phillips screwdriver to install the mounting screws.
6. Install the second screw in each side of the rack-mount tray.
7. Verify that the mounting screws on one side of the rack-mount tray are aligned with the mounting
screws on the opposite side and that the tray is level.
NOTE: The rack-mounting kit is not shipped with the device and must be ordered separately.
RELATED DOCUMENTATION
Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37
Preparing the SRX100 Services Gateway for Rack-Mount Installation | 43
SRX100 Services Gateway Rack Requirements | 24
Connecting the SRX100 Services Gateway to the Power Supply | 60
Clearance Requirements for Airflow and Hardware Maintenance of the SRX100 Services Gateway | 25
SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125
Installing the SRX100 Services Gateway on a Desk | 48
48
Installing the SRX100 Services Gateway on a Wall | 49
Installing the SRX100 Services Gateway on a Desk
You can install the SRX100 Services Gateway on a desk, table, or other level surface. The device is shipped
with the rubber feet attached. The rubber feet are necessary to stabilize the device on the desk.
You can install the device in a horizontal or vertical position.
NOTE: The desk-mounting kit is not shipped with the device and must be ordered separately.
Horizontal Desk Mounting
The horizontal position is the standard installation position and does not require the vertical installation
kit.
To install the device in a horizontal position:
1. Make sure that the rubber feet are attached to the chassis.
2. Place the device on a desk with the Juniper Networks logo embossed on the top cover facing up.
Vertical Desk Mounting
The vertical position requires the vertical installation kit, which consists of a vertical installation stand.
To install the device in a vertical position:
1. Place the device on a flat and level surface with the Juniper Networks logo on the front panel facing
up, as shown in Figure 10 on page 49.
Figure 10: Installing the SRX100 Services Gateway on a Desk
49
2. Attach the vertical stand to the right side of the chassis as shown in Figure 10 on page 49.
3. Place the chassis vertically on the desk with the stand resting on the desk.
RELATED DOCUMENTATION
Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37
Preparing the SRX100 Services Gateway for Desk-Mount Installation | 44
SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125
Installing the SRX100 Services Gateway in a Rack | 46
Installing the SRX100 Services Gateway on a Wall | 49
Installing the SRX100 Services Gateway on a Wall
You can install the SRX100 Services Gateway on a wall. The device is shipped with the rubber feet attached.
The rubber feet help stabilize the device on the wall and enhance airflow.
NOTE: The wall-mounting kit is not shipped with the device and must be ordered separately.
To install the device on a wall:
1. Place the device on a flat and level surface with the Juniper Networks logo embossed on the top cover
facing up.
2. Position a mounting bracket on each side of the chassis as shown in Figure 11 on page 50.
Figure 11: Installing the SRX100 Services Gateway on a Wall
50
3. Use a number–1 Phillips screwdriver to install the screws that secure the mounting brackets to the
chassis.
4. If you are using wall anchors to support the chassis, install two pairs of anchors on the wall with mounting
brackets attached.
5. Have one person grasp the sides of the device, lift it, and position it on the wall.
6. Have a second person install two pairs of mounting screws through the bracket holes on either side of
the device to secure it to the wall.
7. Verify that the mounting screws on one side are aligned with the mounting screws on the opposite
side and that the device is level (see Figure 12 on page 51).
Figure 12: Hanging the SRX100 Services Gateway on a Wall
51
RELATED DOCUMENTATION
Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37
Preparing the SRX100 Services Gateway for Wall-Mount Installation | 45
SRX100 Services Gateway Safety Requirements, Warnings, and Guidelines | 125
Installing the SRX100 Services Gateway on a Desk | 48
Installing the SRX100 Services Gateway in a Rack | 46
Connecting the SRX100 Services Gateway to the Power Supply | 60
CHAPTER 11
Grounding the SRX100 Services Gateway
IN THIS CHAPTER
Grounding the SRX100 Services Gateway | 52
Grounding the SRX100 Services Gateway
To meet safety and electromagnetic interference (EMI) requirements and to ensure proper operation, the
SRX100 Services Gateway must be adequately grounded before power is connected.
52
Figure 13 on page 52 illustrates how a grounding cable connects to the services gateway.
Figure 13: Grounding the SRX100 Services Gateway
You ground the device by connecting a grounding cable to earth ground and then attaching it to the chassis
grounding points using one M3 screw.
CAUTION: Before device installation begins, a licensed electrician must attach a cable
lug to the grounding and power cables that you use. A cable with an incorrectly attached
lug can damage the device (for example, by causing a short circuit).
Table 24 on page 53 lists the grounding components of the SRX100 Services Gateway.
Table 25 on page 53 lists the specifications of the grounding cable used with the device.
Table 25: Grounding Cable Specifications for the Services Gateway
SpecificationGrounding Requirement
14 AWG single-strand wire cableGrounding cable
53
Up to 4 AAmperage of grounding cable
Ring-type, vinyl-insulated TV14-6R lug or equivalentGrounding lug
To ground the device:
1. Connect the grounding cable to a proper earth ground.
2. Verify that a licensed electrician has attached the cable lug to the grounding cable.
3. Place the grounding cable lug over the grounding point on the middle rear of the chassis.
4. Secure the grounding cable lug to the grounding point with the screw as shown in Figure 13 on page 52.
5. Dress the grounding cable and verify that it does not touch or block access to the services gateway
components and that it does not drape where people could trip on it.
NOTE: The device should be permanently connected to ground during operation.
RELATED DOCUMENTATION
Connecting the SRX100 Services Gateway to the Power Supply | 60
Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55
SRX100 Services Gateway General Safety Guidelines and Warnings | 119
Powering On and Powering Off the SRX100 Services Gateway | 61
Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106
54
CHAPTER 12
Connecting the SRX100 Services Gateway to External
Devices
IN THIS CHAPTER
Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55
Connecting the Modem at the SRX100 Services Gateway End | 56
Connecting the Modem to the Console Port on the SRX100 Services Gateway | 57
Connecting to the CLI at the User End for the SRX100 Services Gateway | 58
55
Connecting and Organizing Interface Cables to the SRX100 Services
Gateway
You can connect the interfaces installed in the services gateway to various network media. Each type of
interface on the services gateway uses a particular medium to transmit data. You must configure each
network interface before it can operate on the device.
To connect and organize an interface cable for the device:
1. Have ready a length of the type of cable used by the interface.
2. Insert the cable connector into the cable connector port on the interface faceplate.
3. Arrange network cables as follows to prevent them from dislodging or developing stress points:
Secure cables so that they are not supporting their own weight as they hang to the floor.
•
Place excess cable out of the way in neatly coiled loops.
•
Use fasteners to maintain the shape of cable loops.
•
RELATED DOCUMENTATION
Connecting the SRX100 Services Gateway to the Power Supply | 60
Grounding the SRX100 Services Gateway | 52
Interface Cable and Wire Specifications for the SRX100 Services Gateway | 31
SRX100 Services Gateway Installation Safety Guidelines and Warnings | 129
Connecting the Modem at the SRX100 Services Gateway End
NOTE: These instructions use Hayes-compatible modem commands to configure the modem.
If your modem is not Hayes-compatible, refer to the documentation for your modem and enter
the equivalent modem commands.
To configure the modem on the services gateway end:
1. Connect the modem to a PC or laptop computer.
56
2. Power on the modem.
3. From the PC or laptop computer, start your asynchronous terminal emulation application (such as
Microsoft Windows HyperTerminal), and select the COM port to which the modem is connected (for
example, COM1).
4. Configure the port settings as shown in Table 26 on page 56.
Table 26: Port Settings for Configuring the Modem on the Services Gateway End
ValuePort Setting
9600Bits per second
8Data bits
NoneParity
1Stop bits
NoneFlow control
5. In the HyperTerminal window, enter AT.
An OK response verifies that the modem can communicate successfully with the COM port on the PC
or laptop.
For more information on the AT commands, see Administration Guide for Security Devices.
6. Configure the modem to answer a call on the first ring by entering ATS0=1.
7. Configure the modem to accept modem control DTR signals by entering AT&D1.
8. Disable flow control by entering AT&K0.
9. Save modem settings by entering AT&W.
RELATED DOCUMENTATION
Connecting the Modem to the Console Port on the SRX100 Services Gateway | 57
57
Connecting to the CLI at the User End for the SRX100 Services Gateway | 58
Connecting the Modem to the Console Port on the SRX100 Services
Gateway
To connect the dial-up modem to the console port on the services gateway:
1. Turn off power to the services gateway.
2. Turn off power to the modem.
3. Plug one end of the Ethernet cable supplied with your services gateway into the console port on the
services gateway.
4. Plug the other end of the CAT-5e cable (Ethernet cable) into the RJ-45 to DB-9 serial port adapter
supplied with your services gateway.
5. Connect the serial port adapter to a separately purchased DB-9 female to DB-25 male adapter or other
adapter appropriate for your modem.
6. Plug the modem adapter into the DB-25 connector on the modem.
7. Connect the modem to your telephone network.
8. Turn on the power to the modem.
9. Power on the services gateway by pressing the Power button on the front panel. Verify that the Power
LED on the front panel turns green.
NOTE: Most modems have an RS-232 DB-25 connector. You must separately purchase an
adapter to connect your modem to the RJ-45 to DB-9 adapter and the Ethernet cable supplied
with the services gateway.
RELATED DOCUMENTATION
58
Connecting the Modem at the SRX100 Services Gateway End | 56
Connecting to the CLI at the User End for the SRX100 Services Gateway | 58
Connecting to the CLI at the User End for the SRX100 Services Gateway
To remotely connect to the CLI through a dial-up modem connected to the console port on the services
gateway:
1. Connect a modem at your remote location to a management device such as a PC or laptop computer.
2. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal)
on the PC or laptop computer.
3. Select the COM port to which the modem is connected (for example, COM1).
4. Configure the port settings shown in Table 27 on page 58.
Table 27: Port Settings for Connecting to the CLI at User End
ValuePort Setting
9600Bits per second
8Data bits
Table 27: Port Settings for Connecting to the CLI at User End (continued)
ValuePort Setting
NoneParity
1Stop bits
NoneFlow control
5. In the HyperTerminal window, enter AT.
An OK response verifies that the modem can communicate successfully with the COM port on the PC
or laptop.
For more information on the AT commands, see Administration Guide for Security Devices.
6. Dial the modem that is connected to the console port on the services gateway by entering ATDTremote-modem-number. For example, if the number of the modem connected to the console port on
the services gateway is 0013033033030, enter ATDT 0013033033030.
59
The services gateway login prompt appears.
7. Log in as the user root. No password is required at initial connection, but you must assign a root
password before committing any configuration settings.
RELATED DOCUMENTATION
Connecting the Modem at the SRX100 Services Gateway End | 56
Connecting the Modem to the Console Port on the SRX100 Services Gateway | 57
CHAPTER 13
Providing Power to the SRX100 Services Gateway
IN THIS CHAPTER
Connecting the SRX100 Services Gateway to the Power Supply | 60
Powering On and Powering Off the SRX100 Services Gateway | 61
Connecting the SRX100 Services Gateway to the Power Supply
60
To connect the device to the power supply:
CAUTION: Before connecting the device to the power supply, attach an ESD strap to
an ESD point and place the other end of the strap around your bare wrist.
1. Plug the DC connector end of the power cable into the power connector on the back of the device
(see Figure 14 on page 60).
2. Plug the AC adapter end of the power cable into an AC power outlet.
Figure 14: Connecting the Services Gateway to the Power Supply
NOTE: The device must be connected to earth ground during normal operation. The protective
earthing terminal on the rear of the chassis is provided to connect the device to ground.
CAUTION: We recommend using a surge protector for the power connection.
NOTE: Use the cable tie holder to secure the power cord on to the power supply point.
NOTE: We strongly recommend that you use only the 3-prong power cord supplied with your
services gateway. If you are using a 2-prong power cord, then ensure that your device is
adequately grounded using the grounding point available on the back panel of the chassis.
61
RELATED DOCUMENTATION
Required Tools and Parts for Installing and Maintaining the SRX100 Services Gateway | 37
Grounding the SRX100 Services Gateway | 52
Connecting and Organizing Interface Cables to the SRX100 Services Gateway | 55
SRX100 Services Gateway General Safety Guidelines and Warnings | 119
Powering On and Powering Off the SRX100 Services Gateway
This topic describes the following procedures:
Powering On the SRX100 Services Gateway | 61
Powering Off the SRX100 Services Gateway | 62
Powering On the SRX100 Services Gateway
To power on the services gateway:
1. Ensure that you have connected the power supply to the device.
2. Insert the plug of the power supply adapter into an AC power source receptacle.
3. Turn on the power to the AC power receptacle.
The device starts automatically as the power supply completes its startup sequence. The Power LED lights
during startup and remains on when the device is operating normally.
NOTE: After the power supply is turned on, it can take up to 60 seconds for status
indicators—such as the Status and Power LEDs—to show that the power supply is functioning
normally. Ignore error indicators that appear during the first 60 seconds.
NOTE: If the system is completely powered off when you turn on the power supply, the device
starts as the power supply completes its startup sequence. If the device finishes starting and
you need to power off the system again, first issue the CLI request system power-off command.
62
SEE ALSO
SRX100 Services Gateway LEDs | 6
Grounding the SRX100 Services Gateway | 52
Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106
Powering Off the SRX100 Services Gateway
You can power off the services gateway in one of the following ways:
Graceful shutdown—Press and immediately release the Power button. The device begins gracefully
•
shutting down the operating system and then powers itself off.
WARNING: Use the graceful shutdown method to power off or reboot the services
gateway.
Forced shutdown—Press the Power button and hold it for ten seconds. The device immediately powers
•
itself off without shutting down the operating system.
WARNING: Use the forced shutdown method as a last resort to recover the services
gateway if the services gateway operating system is not responding to the graceful
shutdown method.
For more information on power button, see “SRX100 Services Gateway LEDs” on page 6.
WARNING: Do not press the Power button while the device is shutting down.
CAUTION: Forced shutdown can result in data loss and corruption of the file system.
63
NOTE: To remove power completely from the device, unplug the power cord or switch off the
AC power source.
After powering off a power supply, wait at least 10 seconds before turning it back on. After
powering on a power supply, wait at least 10 seconds before turning it off.
The power button on the services gateway is a standby power switch, which will not turn off
the input power to the services gateway.
TIP: When you are powering off the device, the CLI displays the following message: Turning
the system power off. You can now safely remove the power cable to completely power off the
device.
NOTE: You can use the request system reboot CLI command to schedule a reboot to the services
gateway using request system reboot.
For more information about halting, powering off, or rebooting the services gateway using the CLI, see
the following topics:
Initial Configuration for Security Devices
•
Monitoring and Troubleshooting for Security Devices
•
SEE ALSO
SRX100 Services Gateway LEDs | 6
Grounding the SRX100 Services Gateway | 52
Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106
RELATED DOCUMENTATION
Connecting the SRX100 Services Gateway to the Power Supply | 60
Grounding the SRX100 Services Gateway | 52
Using the Reset Config Button on the SRX100 Services Gateway | 104
Changing the Reset Config Button Behavior on the SRX100 Services Gateway | 106
Preparing the SRX100 Services Gateway for Configuration | 66
Understanding the Factory Default Configuration | 66
Understanding Built-In Ethernet Ports and Initial Configuration | 67
Mapping the Chassis Cluster Ports | 67
Understanding Management Access | 68
This topic includes the following sections:
Preparing the SRX100 Services Gateway for Configuration
The Juniper Networks Junos operating system (Junos OS) is preinstalled on the SRX100 Services Gateway.
When the services gateway is powered on, it is ready to be configured.
You can perform the initial software configuration of the services gateway by using either the browser-based
setup wizard or the command-line interface (CLI).
Before configuring the device, gather the configuration information required to deploy the device in your
network. At minimum, the setup wizard requires the following information:
Device name to be used on the network
•
Password for the root user
•
Time information for the services gateway location:
•
Local time zone
•
Name or IP address of a Network Time Protocol (NTP) server, if NTP is used to set the time on the
•
services gateway
66
Local date and time if an NTP server is not used to set the time
•
Understanding the Factory Default Configuration
Your services gateway comes configured with a default factory configuration. This configuration sets up
the following network topology:
Interface fe-0/0/0 (port 0/0) is configured for Internet access. A DHCP client running on the interface
•
enables the interface to receive its network settings—IP address, default gateway, and DNS servers—from
an Internet service provider (ISP).
Interfaces fe-0/0/1 through fe-0/0/7 (port 0/1 through port 0/7) are configured as switched interfaces
•
in a common VLAN on which the IP address 192.168.1.1/24 is configured.
A DHCP server is active on interfaces fe-0/0/1 through fe-0/0/7. The DHCP server assigns IP addresses
•
in the 192.168.1.0/24 network to connected devices.
The default configuration also includes the following security configuration:
Two security zones are created: trust and untrust.
•
Interface fe-0/0/0 is in the untrust zone, while interfaces fe-0/01 through fe-0/0/7 are in the trust
•
zone.
A security policy is created that permits outbound traffic from the trust zone to the untrust zone. Inbound
•
traffic originating in the untrust zone is blocked.
Source Network Address Translation (NAT) is configured on the trust zone.
•
Understanding Built-In Ethernet Ports and Initial Configuration
During the initial configuration of the services gateway, how you use the built-in Ethernet ports (ports 0/0
through 0/7) depends on the initial configuration you are performing:
Configuration using autoinstallation—Use built-in Ethernet port 0/0 to connect to the DHCP server. A
•
DHCP client is configured on this interface, allowing the services gateway to receive its IP address from
the DHCP server.
Configuration using the setup wizard—Use the following built-in Ethernet ports:
•
Port 0/1—Connect your management device to this port. A DHCP server running on this interface
•
automatically assigns your management device an IP address in the same subnetwork as the interface,
allowing your management device to communicate with the services gateway through this interface.
Port 0/0—Connect your services gateway to the Internet on this port if you plan to download purchased
•
software licenses through the setup wizard. A DHCP client running on this interface allows it to receive
its network settings from the ISP.
67
NOTE: Downloading of purchased licenses from the setup wizard is available only in Junos
OS Release 11.2R3 or later.
Configuration of a chassis cluster—Perform the initial configuration of the chassis cluster using a console
•
connection. Before you perform the initial configuration, connect the built-in Ethernet ports as follows:
Port 0/6—Connect to the out-of-band management network for management of the device. When
•
you enable chassis clustering as part of configuring the chassis cluster, the management interface
(fxp0) is automatically created on this port.
Port 0/7—Connect to the other device in the chassis cluster. When you enable chassis clustering, the
•
control interface between the two devices (fxp1) is automatically created on this port.
You must also make another connection between the two devices for the fabric link. You can use any
available Fast Ethernet port for this connection. You must configure the interface you choose as the
fabric link. For more information on configuring chassis clusters, see the Security Basics.
Mapping the Chassis Cluster Ports
On the SRX100 Services Gateway, the fxp1 port is not user configurable when the services gateway is
operating in chassis cluster mode.
The fxp0 port is dedicated as the out-of-band management interface for each of the devices in the chassis
cluster setup and the fxp1 port is dedicated as the chassis-cluster control port.
Table 28 on page 68 shows the mapping of the chassis cluster ports.
Table 28: Mapping the Chassis Cluster Ports on an SRX100 Services Gateway
Management InterfaceFE Ports on SRX100 Services Gateway
fxp0 (management port)fe-0/0/6
fxp1 (control port)fe-0/0/7
The Junos OS automatically creates the fxp0 and fxp1 interfaces on these ports when the SRX100 Services
Gateway is operating in chassis cluster mode.
For more information, see the following guides:
Interfaces for Security Devices
•
Security Basics
•
Understanding Management Access
68
Telnet allows you to connect to the services gateway and access the CLI to execute commands from a
remote system. The Telnet CLI connections are not encrypted and therefore can be intercepted.
NOTE: Telnet access to the root user is prohibited. You must use more secure methods, such
as SSH, to log in as root.
SSH provides the following features:
Allows you to connect to the device and access the CLI to execute commands from a remote system
•
Encrypts traffic so that it cannot be intercepted (unlike Telnet)
•
Can be configured so that connections are authenticated by a digital certificate
•
Uses public–private key technology for both connection and authentication
•
The SSH client software must be installed on the machine where the client application runs. If the SSH
private key is encrypted (for greater security), the SSH client must be able to access the passphrase used
to decrypt the key.
For information about obtaining SSH software, see http://www.ssh.com and http://www.openssh.com.
If you are using a Junos XML management protocol server to configure and monitor devices, you can
activate cleartext access on the device to allow unencrypted text to be sent directly over a Transmission
Line Protocol (TCP) connection without using any additional protocol (such as SSH, SSL, or Telnet). For
more information about the Junos XML management protocol application programming interface (API),
see the NETCONF XML Management Protocol Guide.
NOTE: Information sent in cleartext is not encrypted and therefore can be intercepted.
g031007
If the device is operating in a Common Criteria environment, see the Configuration Guides for Junos OS
Public Sector Certifications.
RELATED DOCUMENTATION
Connecting to the SRX100 Services Gateway Setup Wizard | 69
Connecting the SRX100 Services Gateway to the CLI
Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83
SRX100 Services Gateway Secure Web Access Overview | 70
69
Connecting to the SRX100 Services Gateway Setup Wizard
If you plan to use the setup wizard to perform the initial configuration of the services gateway, you must
connect your management device (such as a laptop or desktop computer) to one of the built-in Ethernet
ports 0/1 through 0/7 on the services gateway as shown in Figure 15 on page 69. Do not use built-in
Ethernet port 0/0.
Figure 15: Connecting to the Ethernet Port on an SRX100 Services Gateway
To enable communication between the management device and the services gateway, ports 0/1 through
0/7 are preconfigured with the IP address 192.168.1.1 and use DHCP to assign an IP address in the
192.168.1.0/24 network to any connected device.
To connect a management device to the built-in Ethernet ports:
1. Ensure that the IP address for the Ethernet port on the management device is configured in one of the
following ways:
The IP address is assigned by DHCP.
•
The IP address is on the 192.168.1.0/24 subnetwork (but is not 192.168.1.1).
•
2. Turn off the management device.
3. Plug one end of the CAT-5e (Ethernet cable) into the Ethernet port on the management device.
4. Connect the other end of the Ethernet cable to a built-in Fast Ethernet port (any of ports 0/1 through
0/7) on the services gateway. If the services gateway has not already been powered on, power it on
now.
70
5.
Wait until the Status LED on the front panel of the services gateway turns solid green.
6. Turn on the power to the management device. The services gateway assigns an IP address to the
management device within the 192.168.1.0/24 subnetwork if the management device is configured
to use DHCP.
7. To access the setup wizard, open a Web browser on the management device and enter the IP address
SRX100 Services Gateway Secure Web Access Overview
You can manage a services gateway remotely through the J-Web interface. To communicate with the
services gateway, the J-Web interface uses Hypertext Transfer Protocol (HTTP). HTTP allows easy Web
access but no encryption. The data that is transmitted between the Web browser and the services gateway
by means of HTTP is vulnerable to interception and attack. To enable secure Web access, the services
gateway supports HTTP over Secure Sockets Layer (HTTPS). You can enable HTTP or HTTPS access on
specific interfaces and ports as needed.
The services gateway uses the SSL protocol to provide secure management of services gateways through
the J-Web. SSL uses public-private key technology that requires a paired private key and an authentication
certificate for providing the SSL service. SSL encrypts communication between your device and the Web
browser with a session key negotiated by the SSL server certificate.
An SSL certificate includes identifying information such as a public key and a signature made by a certificate
authority (CA). When you access the services gateway through HTTPS, an SSL handshake authenticates
the server and the client and begins a secure session. If the information does not match or if the certificate
has expired, your access to the services gateway through HTTPS is restricted.
Without SSL encryption, communication between your services gateway and the browser is sent in the
open and can be intercepted. We recommend that you enable HTTPS access on your WAN interfaces.
Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83
Performing Initial Software Configuration on the SRX100 Services Gateway Using the J-Web
Interface | 87
Connecting an SRX100 Services Gateway to the CLI Locally
If you plan to use the CLI to configure the SRX100 Services Gateway, you must connect through the
console port, as shown in Figure 16 on page 72.
Figure 16: Connecting to the Console Port on an SRX100 Services Gateway
72
NOTE: Figure 16 on page 72 shows a connection to a local management device. A remote
connection to the services gateway through a modem requires the cable and connector shown
(provided in the services gateway accessory box), plus a DB-9 plug to DB-25 plug (or similar)
adapter for your modem, which you must purchase separately.
To connect to the CLI using a local management device through the console port on the services gateway:
1. Turn off power to the services gateway.
2. Turn off power to the management device, such as a PC or laptop computer, that you are using to
access the CLI.
3. Plug one end of the Ethernet cable supplied with your services gateway into the RJ-45 to DB-9 serial
port adapter supplied with your services gateway (see Figure 16 on page 72).
4. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device (see
Figure 16 on page 72).
5. Connect the other end of the Ethernet cable to the console port on the services gateway (see
Figure 16 on page 72).
6. Turn on the power to the management device.
7. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal)
and select the appropriate COM port to use (for example, COM1).
8. Configure the port settings shown in Table 29 on page 73.
Table 29: Console Port Settings for the SRX100 Services Gateway
ValuePort Settings
9600Bits per second
8Data bits
NoneParity
1Stop bits
NoneFlow control
73
9. Power on the services gateway by pressing the Power button on the front panel. Verify that the Power
LED on the front panel turns green.
The terminal emulation screen on your management device displays the startup sequence. When the
services gateway has finished starting up, a login prompt appears.
10. Log in as the user root. No password is required at initial connection, but you must assign a root
password before committing any configuration settings.
SRX100 Services Gateway Autoinstallation Overview | 38
Performing Initial Software Configuration on the SRX100 Services Gateway Using the CLI | 83
Performing Initial Software Configuration on the SRX100 Services Gateway
Using the CLI
This procedure connects the device to the network but does not enable it to forward traffic. For complete
information about enabling the device to forward traffic, including examples, see Security Basics.
To configure the software:
1. Verify that the device is powered on.
2. Log in as the root user. There is no password.
3. Start the CLI.
root# cli
root@>
4. Enter configuration mode.
configure
[edit]
root@#
5. Set the root authentication password by entering a cleartext password, an encrypted password, or an
SSH public key string (DSA or RSA).
[edit]
root@# set system root-authentication plain-text-password
New password: password
Retype new password: password
6. Configure an administrator account on the device.
84
[edit]
root@# set system login user admin class super-user authentication plain-text-password
7. Commit the configuration to activate it on the device.
[edit]
root@# commit
8. Log in as the administrative user you configured in Step 6.
9. Configure the name of the device. If the name includes spaces, enclose the name in quotation marks
(“ ”).
configure
[edit]
admin@# set system host-name host-name
10. Configure the traffic interface.
[edit]
admin@# set interfaces fe-0/0/1 unit 0 family inet address address/prefix-length
11. Configure the default route.
[edit]
admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
12. Configure basic security zones and bind them to traffic interfaces.
[edit]
admin@# set security zones security-zone untrust interfaces fe-0/0/1
13. Configure basic security policies.
[edit]
admin@# set security policies from-zone trust to-zone untrust policy policy-name match source-address any
destination-address any application any
root@# set security policies from-zone trust to-zone untrust policy policy-name then permit
85
14. Create a NAT rule for source translation of all Internet bound traffic.
[edit]
admin@# set security nat source rule-set interface-nat from zone trust
admin@# set security nat source rule-set interface-nat to zone untrust
admin@# set security nat source rule-set interface-nat rule rule1 match source-address 0.0.0.0/0
destination-address 0.0.0.0/0
admin@# set security nat source rule-set interface-nat rule rule1 then source-nat interface