Juniper SRX210HE2, SRX210HE2-POE, SRX220 Quick Start Manual

SRX210 Services Gateway Quick Start

Use the instructions in this quick start to help you connect the SRX210 Services
Gateway to your network. For details, see the SRX210 Services Gateway Hardware
Guide at
http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/p
athway-pages/srx-series/product/index.html.

SRX210 Services Gateway Front Panel

SRX210 Services Gateway Back Panel

SRX210 Services Gateway Models

The following models of SRX210 Services Gateways are available:

On the SRX210HE2-POE model, Power over Ethernet (PoE) of 50 watts is supported
across four ports (0/0, 0/1, 0/2, and 0/3).

Note that you must use the following power supply adapters (supplied) for your services
gateway:

 54V, 200 watts power supply adapters for the PoE model

 12V, 60 watts power supply adapters for the non-PoE model

Connecting and Configuring the SRX Series Device

Use the instructions below to connect and set up the SRX210 Services Gateway to
protect your network. Refer to the LEDs on the front of the device to help you determine
the status of the device.

Overview

The SRX210 Services Gateway requires these basic configuration settings to function
properly:

 Interfaces must be assigned IP addresses.

 Interfaces must be bound to zones.

 Policies must be configured between zones to permit or deny traffic.

 Source NAT rules must be set.

The device has the following default configuration set when you power it on for the first
time. To use the device, you do not need to perform any initial configuration.

Factory-Default Settings:

Callout Description Callout Description

1 Mini-PIM slot 5 USB ports

2 Power button 6 Console port

3 LEDs: ALARM, POWER, STATUS,

HA, mPIM, EXPCARD

7 Gigabit Ethernet (0/0 and 0/1) and Fast

Ethernet (0/2 to 0/7) ports

4 RESET CONFIG button

Callout Description Callout Description

1 Power supply input 4 Lock for security cable

2 Cable tie holder 5 ExpressCard slot

3 Grounding point

g031132

1

5 6 723 4

g031113

52341

Device DDR Memory NAND Flash Memory

SRX210HE2 2 GB 2 GB

SRX210HE2-POE 2 GB 2 GB

Port Label Interface Security Zone DHCP State IP Address

0/0 ge-0/0/0 untrust client unassigned

0/1 and 0/2

to 0/7

ge-0/0/1 and
fe-0/0/2 to
fe-0/0/7

trust server 192.168.1.1/24

Page 2

Factory-Default Settings for Security Policies:

Factory-Default Settings for NAT Rules:

NOTE: Source NAT translates the source address for packets coming from any number
of hosts on a private network to one public IP address.

Task 1: Connect the Power Cable to the Device

Connect the power supply adapter to the power supply point on the device and to a
power source. We recommend using a surge protector. Secure the connector to the
power supply point by wrapping a cable tie around the cable boot and the adjacent cable
tie holder. Note the following indications:

 POWER LED (green): The device is receiving power.

 STATUS LED (green): The device is operating normally.

 ALARM LED (amber): The device is operating normally, but the LED might glow

amber if a rescue configuration has not been set. This is not a panic condition.

 mPIM LED (off): The Mini-Physical Interface Module (Mini-PIM) is not present or is

not detected by the device. If this LED is solid green, it indicates that the Mini-PIM is
functioning normally.

NOTE:

After a rescue configuration has been set, an amber ALARM LED indicates a minor

alarm, and a solid red ALARM LED indicates a major problem on the services gateway.

 You must allow the device between five and seven minutes to boot after you power it

on. Wait until the STATUS LED is solid green before proceeding to the next task.

Task 2: Connect the Management Device

Connect the management device to the services gateway, using either of the following
methods:

 Connect an RJ-45 cable (Ethernet cable) from one of the following ports on the front

panel to the Ethernet port on the management device (workstation or laptop):

 0/1 (interface ge-0/0/1)

 0/2 through 0/7 (interfaces fe-0/0/2 through fe-0/0/7)

We recommend this connection method. If you are using this method to connect,
proceed to Task 3.

 Connect an RJ-45 cable (Ethernet cable) from the port labeled CONSOLE to the

supplied DB-9 adapter, which then connects to the serial port on the management
device (serial port settings: 9600 8-N-1).

If you are using this method to connect, proceed with the CLI configuration
instructions in the Getting Started Guide for the Branch SRX Series at
http://www.juniper.net/techpubs/en_US/release-independent/junos/
information-products/pathway-pages/srx-series/product/index.html.

See the following illustration for details about connecting the management interface by
using the Ethernet ports.

Task 3: Ensure That the Management Device Acquires an IP Address

After you connect the management device to the services gateway, the DHCP server
process on the services gateway automatically assigns an IP address to the
management device. Ensure that the management device acquires an IP address on the

192.168.1.0/24 subnetwork (other than 192.168.1.1) from the services gateway.

NOTE:

 The services gateway functions as a DHCP server and will assign an IP address to

the management device.

 If an IP address is not assigned to the management device, manually configure an

IP address in the 192.168.1.0/24 subnetwork. Do not assign the 192.168.1.1 IP
address to the management device because this IP address is assigned to the
services gateway. By default, the DHCP server is enabled on the L3 VLAN interface,
(IRB) vlan.0 (ge-0/0/1 and fe-0/0/2 to fe-0/0/7), which is configured with an IP
address of 192.168.1.1/24.

 When an SRX210 Services Gateway is powered on for the first time, it boots using

the factory-default configuration.

Source Zone Destination Zone Policy Action

trust untrust permit

trust trust permit

untrust trust deny

Source Zone Destination Zone Policy Action

trust untrust source NAT to untrust zone interface

g031118