Juniper PowerConnect J-SRX210, SRX210, SRX210B, SRX210H, SRX210H-POE Quick Start Manual

SRX210 Services Gateway Quick Start

g031132

g031113

Use the instructions in this quick start to help you connect the SRX210 Services
Gateway to your network. For details, see the SRX210 Services Gateway Hardware
Guide at http://www.juniper.net/techpubs/a057.html

.

SRX210 Services Gateway Front Panel

Callout Description Callout Description

1 Mini-PIM slot 5 USB ports

2 Power button 6 Console port

3 LEDs (ALARM, POWER,

STATUS, HA, mPIM, EXPCARD)

4 Reset Config button

7 Gigabit Ethernet (0/0 and 0/1) and Fast

Ethernet (0/2 to 0/7) ports

SRX210 Services Gateway Back Panel

SRX210 Services Gateway Models

The following models of SRX210 Services Gateways are available:

Device DDR Memory Power over

SRX210B 512 MB No

SRX210H 1 GB No

SRX210H-POE 1 GB Yes

SRX210BE 512 MB No

SRX210HE 1 GB No

SRX210HE-POE 1 GB Ye s

SRX210HE-TAA 1 GB No

SRX210HE-POE-TAA 1 GB Ye s

On the SRX210H-POE, SRX210HE-POE and SRX210HE-POE-TAA models, Power
over Ethernet (PoE) of 50 watts is supported across four ports (0/0, 0/1, 0/2, and 0/3).

Note that you must use the following power supply adapters (supplied) for your services
gateway:

 54V, 150 watts power supply adapters for PoE models

 12V, 60 watts power supply adapters for non-PoE models

Connecting and Configuring the SRX Series Device

Follow the instructions to connect and set up the SRX210 Services Gateway to protect
your network. Refer to the LEDs on the front of the device to help you determine the
status of the device.

Ethernet

Callout Description Callout Description

1 Power supply input 4 Lock for security cable

2 Cable tie holder 5 ExpressCard slot

3 Grounding point

Overview

The SRX210 Services Gateway is a security device that requires the following basic
configuration settings to function:

 Interfaces must be assigned IP addresses.

 Interfaces must be bound to zones.

 Policies must be configured between zones to permit or deny traffic.

 Source NAT rules must be set.

The device has the following default configuration set when you power it on for the first
time. To use the device, you do not need to perform any initial configuration.

Factory-Default Settings for Initial Configuration:

g031118

Port Label Interface Security

0/0 ge-0/0/0 untrust client unassigned

0/1 and 0/2
to 0/7

ge-0/0/1 and
fe-0/0/2 to
fe-0/0/7

Zones

trust server 192.168.1.1/24

DHCP State IP Address

Factory-Default Settings for Security Policies:

Source Zone Destination Zone Policy Action

trust untrust permit

trust trust permit

untrust trust deny

Factory-Default Settings for NAT Rule:

Source Zone Destination Zone Policy Action

trust untrust source NAT to untrust zone

interface

NOTE: Source NAT translates the source address for packets coming from any number
of hosts on a private network to one public IP address.

Task 1: Connect the Power Cable and a Power Source

Connect the power cable to the device and a power source. We recommend using a
surge protector. Note the following indications:

 POWER LED (green): The device is receiving power.

 STATUS LED (green): The device is operating normally.

 ALARM LED (amber): The device is operating normally, and may glow amber

because a rescue configuration has not been set. This is not a panic condition.

 mPIM LED (off): The Mini-Physical Interface Module (Mini-PIM) is not present or is

not detected by the device. If this LED is green and steadily on, it indicates that the
Mini-PIM is functioning normally.

NOTE: After a rescue configuration has been set, an amber ALARM LED indicates a
minor alarm, and a solid red ALARM LED indicates a major problem on the services
gateway.

NOTE: You must allow the device between 5 and 7 minutes to boot after you power it on.
Wait until the STATUS LED is solid green before proceeding to the next task.

Task 2: Connect the Management Device

Connect the management device to the services gateway, using either of the following
methods:

 Connect an RJ-45 cable (Ethernet cable) from one of the following ports on the front

panel to the Ethernet port on the management device (workstation or laptop):

 0/1 (interface ge-0/0/1)

 0/2 through 0/7 (interfaces fe-0/0/2 through fe-0/0/7)

We recommend this connection method. If you are using this method to connect,
proceed to Task 3.

 Connect an RJ-45 cable (Ethernet cable) from the port labeled CONSOLE to the

supplied DB-9 adapter, which then connects to the serial port on the management
device (serial port settings: 9600 8-N-1).

If you are using this method to connect, proceed with the CLI configuration
instructions in the Branch SRX Series Services Gateways Golden Configurations at
http://www.juniper.net/us/en/local/pdf/app-notes/3500153-en.pdf .

An illustration to connect a management interface.

Task 3: Ensure That the Management Device Acquires an IP Address

After you connect the management device to the services gateway, the DHCP server
process on the services gateway will assign an IP address automatically to the
management device. Ensure that the management device acquires an IP address on the

192.168.1.0/24 subnetwork (other than 192.168.1.1) from the services gateway.

NOTE: The services gateway functions as a DHCP server and will assign an IP address
to the management device.

NOTE: If an IP address is not assigned to the management device, manually configure
an IP address in the 192.168.1.0/24 subnetwork. Do not assign the 192.168.1.1 IP
address to the management device because this IP address is assigned to the services
gateway. By default, the DHCP server is enabled on the L3 VLAN interface, (IRB) vlan.0
(ge-0/0/1 and fe-0/0/2 to fe-0/0/7), which is configured with an IP address of

192.168.1.1/24.

NOTE: When an SRX210 Services Gateway is powered on for the first time, it boots
using the factory default configuration.

Task 4: Ensure That an IP Address Is Assigned to the Services Gateway

Use one of the following methods to obtain an IP address on the services gateway:

Page 2