Juniper SRX 210 Services, SRX 210 Hardware Manual

SRX 210 Services Gateway

Hardware Guide

Juniper Networks, Inc.

1194 North Mathilda Avenue

Sunnyvale, California 94089

USA

408-745-2000

www.juniper.net

Part Number: 530-025856-01, Revision 01

This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, Epilogue
Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public
domain.

This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.

This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software
included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988,
1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.

GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by
Cornell University and its collaborators. Gated is based on Kirton ’s EGP, UC Berkeley ’s routing daemon (routed), and DCN ’s HELLO routing protocol.
Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the
University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates.

This product includes software developed by Maker Communications, Inc., copyright © 1996, 1997, Maker Communications, Inc.

Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, ScreenOS, and Steel-Belted Radius are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or
registered service marks are the property of their respective owners.

Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or
otherwise revise this publication without notice.

Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed
to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347,
6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.

SRX 210 Services Gateway Hardware Guide

Copyright © 2009, Juniper Networks, Inc.
All rights reserved. Printed in USA.

Revision History
February 2009 — Revision 01

The information in this document is current as of the date listed in the revision history.

SOFTWARE LICENSE

The terms and conditions for using this software are described in the software license contained in the acknowledgment to your purchase order or, to the
extent applicable, to any reseller agreement or end-user purchase agreement executed between you and Juniper Networks. By using this software, you
indicate that you understand and agree to be bound by those terms and conditions.

Generally speaking, the software license restricts the manner in which you are permitted to use the software and may contain prohibitions against certain
uses. The software license may state conditions under which the license is automatically terminated. You should consult the license for further details.

For complete product documentation, please see the Juniper Networks Web site at www.juniper.net/techpubs.

ii 

END USER LICENSE AGREEMENT

READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING,
INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER
OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS
AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE,
AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.

1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks
(Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii)
the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”)
(collectively, the “Parties”).

2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for which Customer
has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer
purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades and new releases of such software. “Embedded
Software” means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements
which are subsequently embedded in or loaded onto the equipment.

3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive
and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions:

a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper
or an authorized Juniper reseller.

b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer
has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use
such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the
Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether
such computers or virtualizations are physically contained on a single chassis.

c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to
Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls,
connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features,
functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing,
temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software
to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable
licenses.

d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software. Customer
may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial
period by re-installing the Software after the 30-day trial period.

e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise network.
Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any
commercial network access services.

The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable
license(s) for the Software from Juniper or an authorized Juniper reseller.

4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall
not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as
necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove
any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of
the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted
feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even
if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper
to any third party; (h) use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper
reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the
Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to
any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein.

5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish
such records to Juniper and certify its compliance with this Agreement.

■ iii

6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer
shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes
restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.

7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software,
associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in
the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software.

8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that
accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services
may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED
BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES,
OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR
JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY
JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW,
JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING
ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER
WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION,
OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether
in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or
if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper
has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same
reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss),
and that the same form an essential basis of the bargain between the Parties.

9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license
granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s
possession or control.

10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of
the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior
to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any
applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper
with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes; completing appropriate applications that
would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder.
Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related
to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this
Section shall survive termination or expiration of this Agreement.

11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign
agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or
without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption
or other capabilities restricting Customer’s ability to export the Software without an export license.

12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure
by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212,
FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.

13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface
information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any.
Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable
terms and conditions upon which Juniper makes such information available.

14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology
are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor
shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the
Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and
subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License
(“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate)
available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194

N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and
a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html.

15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions
of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties
hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement
constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous

iv ■

agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a
separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict
with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in
writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the
remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English
version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout
avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be
in the English language)).

■ v

vi ■

Table of Contents

About This Guide xv

Objectives ......................................................................................................xv

Audience .......................................................................................................xv

Documentation Conventions .........................................................................xv

List of Technical Publications .......................................................................xvii

Obtaining Documentation ..........................................................................xviii

Documentation Feedback ...........................................................................xviii

Requesting Technical Support ......................................................................xix

Part 1 SRX 210 Services Gateway Overview

Chapter 1 Introduction to the SRX 210 Services Gateway 3

SRX 210 Services Gateway Description ...........................................................3

Introduction ..............................................................................................3

Types of SRX 210 Services Gateways ........................................................3

Accessing the SRX 210 Services Gateway .................................................4

SRX 210 Services Gateway Features and Functions .........................................4

SRX 210 Services Gateway Software Features and Licenses ............................5

Chapter 2 SRX 210 Services Gateway Hardware Components and

Specifications 11

SRX 210 Services Gateway Chassis ...............................................................11

SRX 210 Services Gateway Front Panel .........................................................12

SRX 210 Services Gateway Back Panel ..........................................................19

SRX 210 Services Gateway Boot Devices .......................................................20

SRX 210 Services Gateway Cooling System ...................................................21

SRX 210 Services Gateway Power Supply ......................................................22

SRX 210 Services Gateway Mini-Physical Interface Modules ..........................22

Mini-Physical Interface Modules on the SRX 210 Services Gateway ........22

SRX 210 Services Gateway T1/E1 Mini-Physical Interface Module ...........23

T1/E1 Mini-Physical Interface Module ...............................................23

Table of Contents ■ vii

SRX 210 Services Gateway Hardware Guide

SRX 210 Services Gateway 1-Port SFP Mini-Physical Interface

Module .............................................................................................26

1-Port SFP Mini-Physical Interface Module .......................................26

SRX 210 Services Gateway ADSL 2+ Mini-Physical Interface

Module .............................................................................................29

ADSL 2+ Mini-Physical Interface Module .........................................29

SRX 210 Services Gateway 3G ExpressCard ..................................................32

Using the 3G ExpressCard .......................................................................33

Key Features ...........................................................................................33

Physical Parameters ................................................................................34

Basic CLI Commands for 3G ExpressCard ...............................................34

SRX 210 Services Gateway PoE Overview .....................................................35

Introduction ............................................................................................35

PoE Classes and Power Ratings ..............................................................36

Part 2 Setting Up the SRX 210 Services Gateway

Chapter 3 Preparing the Site for the SRX 210 Services Gateway

Installation 41

Site Preparation Checklist for the SRX 210 Services Gateway ........................41

General Site Guidelines for Installing the SRX 210 Services Gateway .............43

SRX 210 Services Gateway Cabinet Requirements ........................................44

Cabinet Size and Clearance Requirements ..............................................44

Cabinet Airflow Requirements ................................................................45

SRX 210 Services Gateway Rack Requirements .............................................45

Clearance Requirements for Airflow and Hardware Maintenance of the SRX

210 Services Gateway .............................................................................46

SRX 210 Services Gateway Electrical and Power Requirements ....................47

Chapter 4 Installation Overview for the SRX 210 Services Gateway 49

Installation Overview for the SRX 210 Services Gateway ...............................49

Chapter 5 Unpacking the SRX 210 Services Gateway 51

Required Tools and Parts for Unpacking the SRX 210 Services Gateway .......51

Unpacking the SRX 210 Services Gateway ....................................................51

Verifying Parts Received with the SRX 210 Services Gateway .......................52

Chapter 6 Preparing the SRX 210 Services Gateway for Installation 55

Preparing the SRX 210 Services Gateway for Rack-Mount, Desk-Mount, and

Preparing the SRX 210 Services Gateway for Rack-Mount Installation ...........56

viii ■ Table of Contents

Wall-Mount Installation ...........................................................................55

Table of Contents

Preparing the SRX 210 Services Gateway for Desk-Mount Installation ...........56

Preparing the SRX 210 Services Gateway for Wall-Mount Installation ...........57

Chapter 7 Installing the SRX 210 Services Gateway 59

SRX 210 Services Gateway Safety Requirements, Warnings, and

Guidelines ...............................................................................................59

Required Tools and Parts for Installing the SRX 210 Services Gateway .........59

SRX 210 Services Gateway Installation ..........................................................60

Installing the SRX 210 Services Gateway in a Rack .................................60

Installing the SRX 210 Services Gateway on a Desk ................................62

Installing the SRX 210 Services Gateway on a Wall .................................63

Removing and Installing Mini-Physical Interface Modules in the SRX 210

Services Gateway ....................................................................................66

Chapter 8 Connecting the SRX 210 Services Gateway 67

Required Tools and Parts for Connecting the SRX 210 Services Gateway ......67

Connecting the SRX 210 Services Gateway to the Power Supply ...................67

Connecting Interface Cables to the SRX 210 Services Gateway .....................69

Organizing Interface Cables on the SRX 210 Services Gateway .....................69

Chapter 9 Grounding and Powering On the SRX 210 Services Gateway 71

Required Tools and Parts for Grounding and Powering On the SRX 210

Services Gateway ....................................................................................71

Grounding the SRX 210 Services Gateway .....................................................72

Powering On and Powering Off the SRX 210 Services Gateway ....................73

Powering On the SRX 210 Services Gateway ..........................................73

Powering Off the SRX 210 Services Gateway ..........................................73

SRX 210 Services Gateway Autoinstallation Overview ...................................74

Chapter 10 Establishing Basic Connectivity for the SRX 210 Services

Gateway 77

SRX 210 Services Gateway Basic Connectivity ..............................................77

SRX 210 Services Gateway Basic Connectivity Overview ........................78

Device Identification for the SRX 210 Services Gateway .........................79

Root Password for the SRX 210 Services Gateway ..................................79

Time Zone and System Time for the SRX 210 Services Gateway ............80

Network Settings for the SRX 210 Services Gateway ...............................80

Default Gateway for the SRX 210 Services Gateway ................................82

Backup Device for the SRX 210 Services Gateway ..................................83

Loopback Address for the SRX 210 Services Gateway .............................83

Table of Contents ■ ix

SRX 210 Services Gateway Hardware Guide

Built-In Ethernet Port for the SRX 210 Services Gateway ........................84

Management Access for the SRX 210 Services Gateway .........................85

Connecting to an SRX 210 Services Gateway ................................................86

Connecting an SRX 210 Services Gateway to the J-Web Interface ...........86

Connecting an SRX 210 Services Gateway to the CLI Locally ..................88

Connecting an SRX 210 Services Gateway to the CLI Remotely ..............90

Connecting the Modem at the SRX 210 Services Gateway End ...............90

Connecting the Modem to the Console Port on the SRX 210 Services

Connecting to the CLI at the User End for the SRX 210 Services

Configuring Basic Settings for the SRX 210 Services Gateway with J-Web

Quick Configuration ................................................................................93

Configuring Basic Settings for the SRX 210 Services Gateway with a

Configuration Editor ...............................................................................96

Displaying Basic Connectivity Configurations for the SRX 210 Services

Gateway ..................................................................................................99

Configuring the SRX 210 Services Gateway Mini-Physical Interface

Modules ................................................................................................100

Configuring the SRX 210 Services Gateway Mini-Physical Interface

Gateway ...........................................................................................91

Gateway ...........................................................................................92

Modules ..........................................................................................100

Chapter 11 Configuring Secure Web Access for the SRX 210 Services

Gateway 103

SRX 210 Services Gateway Secure Web Access Overview ...........................103

Generating SSL Certificates for the SRX 210 Services Gateway ....................104

Configuring Secure Access to the J-Web Interface for the SRX 210 Services

Gateway ................................................................................................105

Configuring Secure Access with a Configuration Editor for the SRX 210

Services Gateway ..................................................................................107

Verifying Secure Web Access for the SRX 210 Services Gateway .................108

Displaying an SSL Certificate Configuration for the SRX 210 Services

Gateway ................................................................................................109

Displaying a Secure Access Configuration for the SRX 210 Services

Gateway ................................................................................................109

Part 3 SRX 210 Services Gateway Hardware Maintenance,

Replacement, and Troubleshooting Procedures

Chapter 12 Maintaining SRX 210 Services Gateway Hardware Components 113

Required Tools and Parts for Maintaining the SRX 210 Services Gateway

Hardware Components .........................................................................113

Routine Maintenance Procedures for the SRX 210 Services Gateway ..........113

Maintaining the Cooling System Components of the SRX 210 Services

Gateway ................................................................................................114

Maintaining the SRX 210 Services Gateway Power Supply ..........................114

x ■ Table of Contents

Table of Contents

Chapter 13 Replacing Mini-Physical Interface Modules on the SRX 210 Services

Gateway 115

Required Tools and Parts for Replacing a Mini-Physical Interface Module on

the SRX 210 Services Gateway ..............................................................115

Removing a Blank Mini-Physical Interface Module Faceplate from the SRX

210 Services Gateway ...........................................................................116

Removing a Mini-Physical Interface Module from the SRX 210 Services

Gateway ................................................................................................117

Installing a Mini-Physical Interface Module in the SRX 210 Services

Gateway ................................................................................................118

Chapter 14 Troubleshooting the SRX 210 Services Gateway 121

Troubleshooting Hardware Components on the SRX 210 Services

Gateway ................................................................................................121

CLI on the SRX 210 Services Gateway ..................................................121

Monitoring the SRX 210 Services Gateway Components using LEDs ....122

Chassis and Interface Alarm Messages on the SRX 210 Services

Gateway .........................................................................................123

Monitoring the SRX 210 Services Gateway Power System ....................125

Resetting the Configuration File When the SRX 210 Services Gateway Is

Inaccessible ..........................................................................................126

Using the Reset Config Button on the SRX 210 Services Gateway .........127

Changing the Reset Config Button Behavior on the SRX 210 Services

Gateway .........................................................................................127

Juniper Networks Technical Assistance Center ............................................128

Part 4 Appendixes

Appendix A Safety and Regulatory Compliance Information 131

SRX 210 Services Gateway Definition of Safety Warning Levels ..................131

SRX 210 Services Gateway General Safety Guidelines and Warnings ...........133

General Safety Guidelines and Warnings ...............................................133

Qualified Personnel Warning ..........................................................134

Restricted Access Area Warning .....................................................134

Preventing Electrostatic Discharge Damage to the Services

Gateway ...................................................................................136

SRX 210 Services Gateway Fire Safety Requirements ..................................137

Services Gateway Fire Suppression Procedure and Equipment .............137

SRX 210 Services Gateway Installation Safety Guidelines and Warnings .....138

Installation Safety Guidelines and Warnings .........................................138

Installation Instructions Warning ....................................................138

Rack-Mounting Requirements and Warnings ..................................138

Table of Contents ■ xi

SRX 210 Services Gateway Hardware Guide

SRX 210 Services Gateway Laser and LED Safety Guidelines and

Warnings ..............................................................................................142

Laser and LED Safety Guidelines and Warnings ....................................142

SRX 210 Services Gateway Maintenance and Operational Safety Guidelines

and Warnings .......................................................................................145

Safety Guidelines and Warnings ............................................................145

SRX 210 Services Gateway Electrical Safety Guidelines and Warnings ........150

Electrical Safety Guidelines and Warnings ............................................150

SRX 210 Services Gateway Agency Approvals .............................................151

SRX 210 Services Gateway Compliance Statements for EMC

Requirements .......................................................................................152

Canada .................................................................................................152

European Community ...........................................................................152

Japan ....................................................................................................153

United States ........................................................................................153

SRX 210 Services Gateway Compliance Statements for Environmental

Requirements .......................................................................................153

Lithium Battery .....................................................................................153

SRX 210 Services Gateway Compliance Statements for Acoustic Noise .......154

General Laser Safety Guidelines ......................................................142

Class 1 Laser Product Warning .......................................................143

Class 1 LED Product Warning .........................................................143

Laser Beam Warning ......................................................................144

Radiation from Open Port Apertures Warning ................................144

Battery Handling Warning ..............................................................145

Jewelry Removal Warning ..............................................................146

Lightning Activity Warning .............................................................147

Operating Temperature Warning ....................................................148

Product Disposal Warning ..............................................................149

In Case of Electrical Accident .........................................................150

General Electrical Safety Guidelines and Warnings .........................150

Appendix B SRX 210 Services Gateway Environmental Specifications 155

SRX 210 Services Gateway Environmental Specifications ............................155

Appendix C SRX 210 Services Gateway Power Guidelines, Requirements, and

Specifications 157

SRX 210 Services Gateway Site Electrical Wiring Guidelines ........................157

SRX 210 Services Gateway Power Specifications and Requirements ...........158

Appendix D SRX 210 Services Gateway Interface Cable Specifications and

Connector Pinouts 161

Interface Cable and Wire Specifications for the SRX 210 Services

RJ-45 Connector Pinouts for the SRX 210 Services Gateway Ethernet

xii ■ Table of Contents

Gateway ................................................................................................161

Port .......................................................................................................162

Table of Contents

RJ-45 Connector Pinouts for the SRX 210 Services Gateway Console Port ....163

RJ-48 Connector Pinouts for the SRX 210 Services Gateway T1/E1

Mini-Physical Interface Module .............................................................163

RJ-11 Connector Pinouts for the SRX 210 Services Gateway ADSL2 +

Mini-PIM ...............................................................................................166

Appendix E Contacting Customer Support and Returning the SRX 210 Services

Gateway Hardware 169

Return Procedure for the SRX 210 Services Gateway ..................................169

Locating an SRX 210 Services Gateway Component Serial Number and

Agency Labels .......................................................................................170

Listing the SRX 210 Services Gateway and Component Details with the

CLI ..................................................................................................170

SRX 210 Services Gateway Chassis Serial Number and Agency

Labels .............................................................................................171

SRX 210 Services Gateway Mini-Physical Interface Module Serial Number

Label ..............................................................................................172

Contacting Customer Support to Obtain Return Materials Authorization .....173

Information You Might Need to Supply to Juniper Networks Technical

Assistance Center ...........................................................................173

Contacting Customer Support ...............................................................174

Packing the SRX 210 Services Gateway or Component for Shipment ..........174

Required Tools and Parts for Packing the SRX 210 Services Gateway ....174

Packing the SRX 210 Services Gateway for Shipment ...........................175

Packing the SRX 210 Services Gateway Components for Shipment ......176

Part 5 Index

Index ...........................................................................................................179

Table of Contents ■ xiii

SRX 210 Services Gateway Hardware Guide

xiv ■ Table of Contents

About This Guide

This section includes the following topics:

■ Objectives on page xv

■ Audience on page xv

■ Documentation Conventions on page xv

■ List of Technical Publications on page xvii

■ Obtaining Documentation on page xviii

■ Documentation Feedback on page xviii

■ Requesting Technical Support on page xix

Objectives

This guide describes hardware components and installation, basic configuration, and
basic troubleshooting procedures for the Juniper Networks SRX 210 services gateway.
It explains how to prepare your site for services gateway installation, unpack and
install the hardware, power on the services gateway, perform initial software
configuration, and perform routine maintenance. After completing the installation
and basic configuration procedures covered in this guide, see the JUNOS software
configuration guides for information about further JUNOS software configuration.

Audience

This guide is designed for network administrators who are installing and maintaining
a Juniper Networks SRX 210 services gateway or preparing a site for device
installation. To use this guide, you need a broad understanding of networks in general
and the Internet in particular, networking principles, and network configuration. Any
detailed discussion of these concepts is beyond the scope of this guide.

Documentation Conventions

Table 1 on page xvi defines the notice icons used in this guide.

Objectives ■ xv

SRX 210 Services Gateway Hardware Guide

Table 1: Notice Icons

Table 2 on page xvi defines the text and syntax conventions used in this guide.

DescriptionMeaningIcon

Indicates important features or instructions.Informational note

Indicates a situation that might result in loss of data or hardware damage.Caution

Alerts you to the risk of personal injury or death.Warning

Alerts you to the risk of personal injury from a laser.Laser warning

Table 2: Text and Syntax Conventions

Bold text like this

Fixed-width text like this

Italic text like this

Italic text like this

Plain text like this

Represents text that you type.

Represents output that appears on the
terminal screen.

Introduces important new terms.

■

Identifies book names.

■

Identifies RFC and Internet draft

■

titles.

Represents variables (options for which
you substitute a value) in commands or
configuration statements.

Represents names of configuration
statements, commands, files, and
directories; IP addresses; configuration
hierarchy levels; or labels on routing
platform components.

ExamplesDescriptionConvention

To enter configuration mode, type the

configure command:

user@host> configure

user@host> show chassis alarms
No alarms currently active

A policy term is a named structure

■

that defines match conditions and
actions.

JUNOS System Basics Configuration

■

Guide
RFC 1997, BGP Communities

■

Attribute

Configure the machine’s domain name:

[edit]
root@# set system domain-name

domain-name

To configure a stub area, include

■

the stub statement at the [edit

protocols ospf area area-id]

hierarchy level.
The console port is labeled

■

CONSOLE.

xvi ■ Documentation Conventions

Enclose optional keywords or variables.< > (angle brackets)

stub <default-metric metric>;

Table 2: Text and Syntax Conventions (continued)

About This Guide

ExamplesDescriptionConvention

| (pipe symbol)

# (pound sign)

[ ] (square brackets)

Indention and braces ( { } )

; (semicolon)

J-Web GUI Conventions

Bold text like this

Indicates a choice between the mutually
exclusive keywords or variables on either
side of the symbol. The set of choices is
often enclosed in parentheses for clarity.

Indicates a comment specified on the
same line as the configuration statement
to which it applies.

Enclose a variable for which you can
substitute one or more values.

Identify a level in the configuration
hierarchy.

Identifies a leaf statement at a
configuration hierarchy level.

Represents J-Web graphical user
interface (GUI) items you click or select.

broadcast | multicast

(string1 | string2 | string3)

rsvp { # Required for dynamic MPLS only

community name members [
community-ids ]

[edit]
routing-options {

static {

route default {

nexthop address;
retain;

}

}

}

In the Logical Interfaces box, select

■

All Interfaces.
To cancel the configuration, click

■

Cancel.

> (bold right angle bracket)

Separates levels in a hierarchy of J-Web
selections.

In the configuration editor hierarchy,
select Protocols>Ospf.

List of Technical Publications

The following sections list hardware and software guides and release notes for the
SRX 210 running JUNOS software.

All documents are available at http://www.juniper.net/techpubs/.

Hardware Guides ■ SRX 210 Services Gateway Getting Started Guide—Explains how to quickly set up

an SRX 210 services gateway.

Software Guides ■ JUNOS Software Interfaces and Routing Configuration Guide—Explains how to

configure SRX-series and J-series interfaces for basic IP routing with standard
routing protocols, ISDN service, firewall filters (access control lists), and
class-of-service (CoS) traffic classification.

■ JUNOS Software Security Configuration Guide—Explains how to configure and

manage J-series and SRX-series security services such as stateful firewall policies,
IPsec VPNs, firewall screens, Network Address Translation (NAT), Public Key
Cryptography, chassis clusters, Application Layer Gateways (ALGs), and Intrusion
Detection and Prevention (IDP).

List of Technical Publications ■ xvii

SRX 210 Services Gateway Hardware Guide

■ JUNOS Software Administration Guide—Shows how to monitor SRX-series and

J-series devices and routing operations, firewall and security services, system
alarms and events, and network performance. This guide also shows how to
administer user authentication and access, upgrade software, and diagnose
common problems.

■ JUNOS Software CLI Reference—Provides the complete configuration hierarchy

available on SRX-series and J-series devices. This guide also describes the
configuration statements and operational mode commands unique to these
devices.

■ JUNOS Network Management Configuration Guide—Describes enterprise-specific

MIBs for JUNOS software. The information in this guide is applicable to M-series,
T-series, EX-series, SRX-series, and J-series devices.

■ JUNOS System Log Messages Reference—Describes how to access and interpret

system log messages generated by JUNOS software modules and provides a
reference page for each message. The information in this guide is applicable to
M-series, T-series, EX-series, SRX-series, and J-series devices.

Release Notes ■ JUNOS Release Notes—Summarize new features and known problems for a

particular release of JUNOS software, including JUNOS software for J-series and
SRX-series devices. The release notes also contain corrections and updates to
the manuals and software upgrade and downgrade instructions for JUNOS
software.

Obtaining Documentation

To obtain the most current version of all Juniper Networks technical documentation,
see the products documentation page on the Juniper Networks Web site at

http://www.juniper.net/.

To order printed copies of this guide and other Juniper Networks technical documents,
or to order a documentation CD, which contains this guide, contact your sales
representative.

Copies of the Management Information Bases (MIBs) available in a software release
are included on the documentation CDs and at http://www.juniper.net/.

Documentation Feedback

We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback form at

http://www.juniper.net/techpubs/docbug/docbugreport.html. If you are using e-mail, be sure

to include the following information with your comments:

■ Document Name

■ Document part number

■ Page number

■ Software release version (not required for Network Operations Guides [NOGs])

xviii ■ Obtaining Documentation

Requesting Technical Support

Technical product support is available through the Juniper Networks Technical
Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support
contract, or are covered under warranty, and need postsales technical support, you
can access our tools and resources online or open a case with JTAC.

■ JTAC policies—For a complete understanding of our JTAC procedures and policies,

review the JTAC User Guide located at

http://www.juniper.net/customers/support/downloads/710059.pdf.

■ Product warranties—For product warranty information, visit

http://www.juniper.net/support/warranty/.

■ JTAC Hours of Operation —The JTAC centers have resources available 24 hours

a day, 7 days a week, 365 days a year.

Self-Help Online Tools and Resources

About This Guide

For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with
the following features:

■

Find CSC offerings: http://www.juniper.net/customers/support/

■

Search for known bugs: http://www2.juniper.net/kb/

■

Find product documentation: http://www.juniper.net/techpubs/

■ Find solutions and answer questions using our Knowledge Base:

http://kb.juniper.net/

■ Download the latest versions of software and review release notes:

http://www.juniper.net/customers/csc/software/

■ Search technical bulletins for relevant hardware and software notifications:

https://www.juniper.net/alerts/

■ Join and participate in the Juniper Networks Community Forum:

http://www.juniper.net/company/communities/

■

Open a case online in the CSC Case Manager: http://www.juniper.net/cm/

To verify service entitlement by product serial number, use our Serial Number
Entitlement (SNE) Tool located at https://tools.juniper.net/SerialNumberEntitlementSearch/.

Opening a Case with JTAC

You can open a case with JTAC on the Web or by telephone.

■

Use the Case Manager tool in the CSC at http://www.juniper.net/cm/ .

■ Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).

For international or direct-dial options in countries without toll-free numbers, visit
us at http://www.juniper.net/support/requesting-support.html.

Requesting Technical Support ■ xix

SRX 210 Services Gateway Hardware Guide

xx ■ Requesting Technical Support

Part 1

SRX 210 Services Gateway Overview

■ Introduction to the SRX 210 Services Gateway on page 3

■ SRX 210 Services Gateway Hardware Components and Specifications on page 11

SRX 210 Services Gateway Overview ■ 1

SRX 210 Services Gateway Hardware Guide

2 ■ SRX 210 Services Gateway Overview

Chapter 1

Introduction to the SRX 210 Services
Gateway

This section includes the following topics:

■ SRX 210 Services Gateway Description on page 3

■ SRX 210 Services Gateway Features and Functions on page 4

■ SRX 210 Services Gateway Software Features and Licenses on page 5

SRX 210 Services Gateway Description

■ Introduction on page 3

■ Types of SRX 210 Services Gateways on page 3

■ Accessing the SRX 210 Services Gateway on page 4

Introduction

The SRX 210 services gateway can be used by the following types of networks,
provided they are connected directly to a traditional private network such as leased
lines, Frame Relay, or Multi Protocol Label Switching (MPLS) networks:

■ Branch offices

■ Small enterprises

■ Fixed telecommuters

■ Small standalone business deployments

The device can also be used for branch offices where the public Internet is used as
an alternative to a traditional private wide area network (WAN).

Types of SRX 210 Services Gateways

There are three types of SRX 210 services gateways:

■ Low Memory

■ High Memory

■ Power over Ethernet

SRX 210 Services Gateway Description ■ 3

SRX 210 Services Gateway Hardware Guide

Accessing the SRX 210 Services Gateway

You can use two user interfaces to monitor, configure, troubleshoot, and manage
the SRX 210 services gateway:

■ J-Web interface: Web-based graphical interface that allows you to operate a

services gateway without commands. The J-Web interface provides access to all
JUNOS functionality and features.

■ JUNOS command-line interface (CLI): Juniper Networks command shell that runs

on top of a UNIX-based operating system kernel. The CLI is a straightforward
command interface. On a single line, you type commands that are executed
when you press the Enter key. The CLI provides command Help and command
completion.

The SRX 210 services gateway runs the JUNOS operating system.

Related Topics SRX 210 Services Gateway Chassis on page 11■

■ SRX 210 Services Gateway Features and Functions on page 4

■ SRX 210 Services Gateway Software Features and Licenses on page 5

SRX 210 Services Gateway Features and Functions

The SRX 210 services gateway provides the following features:

■ Stable, reliable, and efficient IP routing

■ WAN connectivity

■ LAN connectivity

The SRX 210 services gateway is a security optimized, fixed processing system that
provides the following functions for the Low Memory, High Memory, and Power over
Ethernet (PoE) types listed in Table 3 on page 4.

Table 3: SRX 210 Services Gateway Features

Features

(IPsec)

SRX 210 Services Gateway
Low Memory

SRX 210 Services Gateway
High Memory

SRX 210 Services Gateway
PoE

YesYesYesInternet Protocol Security

YesYesYesVirtual private network (VPN)

forwarding

4 ■ SRX 210 Services Gateway Features and Functions

YesYesYesWeb filtering

YesYesYesFirewall services

YesYesYesContiguous memory for

YesYesYesReal time clock (RTC) support

Table 3: SRX 210 Services Gateway Features (continued)

Chapter 1: Introduction to the SRX 210 Services Gateway

Features

SRX 210 Services Gateway
Low Memory

SRX 210 Services Gateway
High Memory

NoNoPoE support

Related Topics ■ SRX 210 Services Gateway Description on page 3

■ Accessing the SRX 210 Services Gateway

■ SRX 210 Services Gateway Software Features and Licenses on page 5

■ SRX 210 Services Gateway Chassis on page 11

SRX 210 Services Gateway Software Features and Licenses

The SRX 210 services gateway provides the software features listed in
Table 4 on page 6.

NOTE: You must purchase a separate software license to obtain some software
features.

SRX 210 Services Gateway
PoE

1 GB1 GB512 MBDDR memory

PoE support on 4 ports (2
Gigabit Ethernet and 2 Fast
Ethernet)

150 Watts60 Watts60 WattsPower supply adapter

SRX 210 Services Gateway Software Features and Licenses ■ 5

SRX 210 Services Gateway Hardware Guide

Table 4: SRX 210 Services Gateway Software Features and Licenses

SRX 210 Services Gateway FeatureFeature

Category

Multicast

Open Shortest Path First (OSPF)Routing and

Border Gateway Protocol (BGP)

Routing Information Protocol version 1 (RIPv1) and version 2 (RIPv2)

Static routes

Intermediate System-to-Intermediate System (IS-IS)

Connectionless Network Services (CLNS):

NOTE: CLNS is available only in packet-based mode.

End System-to-Intermediate System (ES-IS) protocol

■

IS-IS extensions

■

BGP extensions

■

Static routes

■

Multiprotocol Label Switching (MPLS):

NOTE: MPLS is available only in packet-based mode.

Layer 2 and Layer 3 virtual private networks (VPNs)

■

VPN routing and forwarding (VRF) table labels

■

Traffic engineering protocols such as Label Distribution Protocol (LDP) and Resource Reservation

■

Protocol (RSVP)

Protocols

Management

NOTE: Security features cannot be configured when MPLS/IPv6 is used.

Multicast:

Internet Group Management Protocol (IGMP)

■

Protocol Independent Multicast (PIM)

■

Distance Vector Multicast Routing Protocol (DVMRP)

■

Single-source multicast

■

IPv4Internet

IPv6 routing and forwarding

Static addressesIP Address

Dynamic Host Configuration Protocol (DHCP)

6 ■ SRX 210 Services Gateway Software Features and Licenses

Chapter 1: Introduction to the SRX 210 Services Gateway

Table 4: SRX 210 Services Gateway Software Features and Licenses (continued)

SRX 210 Services Gateway FeatureFeature

Category

Encapsulation

Ethernet:

Media access control (MAC) encapsulation

■

802.1p tagging

■

Point-to-Point Protocol over Ethernet (PPPoE)

■

Circuit cross-connect (CCC)

■

Translational cross-connect (TCC)

■

Synchronous Point-to-Point Protocol (PPP)

Frame Relay

High-level Data Link Control (HDLC)

802.1Q filtering and forwarding

Multilink Frame Relay (MFR)

Multilink PPP

Common CriteriaSecurity

Network attack detection

Denial-of-service (DoS) and distributed denial-of-service (DDoS) protection

Generic routing encapsulation (GRE), IP-over-IP, and IP Security (IPsec) tunnels

Advanced Encryption Standard (AES) 128-bit, 192-bit, and 256-bit

56-bit Data Encryption Standard (DES) and 168-bit 3DES encryption

MD5 and Secure Hash Algorithm (SHA-1) authentication

Stateful firewall packet filters

Network Address Translation (NAT)

Unified Threat Management (UTM)

NOTE: Separate license is required for UTM.

Intrusion Detection and Prevention (IDP)

NOTE:

Separate license is required for IDP.

■

IDP HA is not supported in this release.

■

SRX 210 Services Gateway Software Features and Licenses ■ 7

SRX 210 Services Gateway Hardware Guide

Table 4: SRX 210 Services Gateway Software Features and Licenses (continued)

SRX 210 Services Gateway FeatureFeature

Category

Chassis
Clustering

Management

Logging and
Monitoring

Switching

Chassis clustering is supported on the device. Chassis cluster control and chassis cluster data are supported
over a single physical interface, thereby minimizing the number of chassis cluster interfaces required
on the device. One of the ports on the front panel of the base system is used as the chassis cluster port.

J-Web browser interface—for services gateway configuration and managementSystem

JUNOScript XML application programming interface (API)

JUNOS command-line interface (CLI)—for services gateway configuration and management through the
console, Telnet, SSH, or J-Web CLI terminal

Simple Network Management Protocol version 1 (SNMPv1) and SNMPv2

Network and Security Manager (NSM)

J-Flow flow monitoring and accountingTraffic Analysis

Packet capture (PCAP)

Real-time performance monitoring (RPM)

System logActivity

J-Web event viewer

Traceroute

Access switching provided by onboard Gigabit Ethernet ports

■

VLANs

■

STP/RSTP/MSTP

■

GVRP

■

LACP

■

802.1x (Port based network authentication)

■

8 ■ SRX 210 Services Gateway Software Features and Licenses

Chapter 1: Introduction to the SRX 210 Services Gateway

Table 4: SRX 210 Services Gateway Software Features and Licenses (continued)

SRX 210 Services Gateway FeatureFeature

Category

Administration

Supports the following external administrator databases:

RADIUS

■

TACACS+

■

Autoinstallation

Configuration rollback

Button-operated configuration rescue (CONFIG)

Confirmation of configuration changes

Software upgrades

Supports the following features for automating network operations and troubleshooting:

Commit scripts

■

Operation scripts

■

Event policies

■

Related Topics ■ SRX 210 Services Gateway Description on page 3

■ SRX 210 Services Gateway Chassis on page 11

■ SRX 210 Services Gateway Features and Functions on page 4

SRX 210 Services Gateway Software Features and Licenses ■ 9

SRX 210 Services Gateway Hardware Guide

10 ■ SRX 210 Services Gateway Software Features and Licenses