Juniper SRX240 Series, SRX240B, SRX240H, SRX240H-POE, SRX240-P-MGW Getting Started Manual

V

Getting Started Guide

SRX240 Services Gateway

Use the instructions in this guide to help you connect the SRX240 Services Gateway to your network. For details, see the SRX240
Services Gateway Hardware Guide at http://www.juniper.net/techpubs/a058.html.

SRX240 Services Gateway (Low Memory and High Memory)

SRX240 Services Gateway with Power over Ethernet
and with Integrated Convergence Services

SRX240 Services Gateway with Integrated Convergence Services (Back Panel)

The following four types of SRX240 Services Gateways are available:

Devices DDR Memory PoE Voice Support

SRX240B 512 MB No No
SRX240H 1 GB No No
SRX240H-POE 1 GB Yes No
SRX240-P-MGW 1 GB Yes Yes

Note: On the SRX240H-PoE and SRX240-P-MGW
models, Power over Ethernet (PoE) of 150 watts is
supported across all 16 ports (ge-0/0/0 to ge-0/0/15).

PART 1 - CONNECTING AND CONFIGURING THE DEVICE

Use the instructions below to connect and set up the SRX210 Services Gateway to protect your network. Refer to the LEDs on the
front panel of the device to help you determine the status of the device.

Step 1

Connect the power cable to the device and a power source. We
recommend using a surge protector. Note the following indications:

• Power LED (solid green): The device is receiving power.

• Status LED (solid green): The device is operating normally.

Note: You must allow the services gateway between five and seven minutes
to boot up after you have powered it on. Wait until the Status LED is solid
green before proceeding to the next step.

Step 2

Connect the management device to the services gateway using either of
the following methods:

• Connect an Ethernet cable from any one port between ge-0/0/1 and
ge-0/0/15 to the Ethernet port on the management device (workstation

or laptop).
We recommend this connection method. If you are using this method to
connect, proceed with Step 3.

• Connect an RJ-45 cable from the console port to the supplied DB-9
adapter, which then connects to the serial port on the management
device. (Serial port settings: 9600 8-N-1-N).

If you are using this method to connect, proceed with the CLI
configuration instructions available in the Quickstart Guide for Branch
SRX Series Services Gateways at

http://www.juniper.net/us/en/local/pdf/app-notes/3500153-en.pdf.

Step 3

Ensure that the management device acquires an IP address on the

192.168.1/24 subnetwork (other than 192.168.1.1) from the device.
The interfaces have the following factory-default settings:

Interface Security Zone DHCP State IP Address

ge-0/0/0 untrust client unassigned
ge-0/0/1 to ge-0/

0/15

Note:

• The services gateway functions as a DHCP server and will assign an IP

address to the management device.

• If an IP address is not assigned to the management device, manually
configure an IP address in the 192.168.1.0/24 subnetwork. Do not
assign the 192.168.1.1 IP address to the management device, as this IP
address is assigned to the device. By default, the DHCP server is
enabled on the L3 VLAN interface, (IRB) vlan.0 (ports ge-0/0/1 to ge-0/
0/15), which is configured with an IP address of 192.168.1.1/24.

• When an SRX240 Series Services Gateway is powered on for the first
time, it boots using the factory default configuration.

trust server 192.168.1.1/24

Step 4

Access the J-Web interface:

1. Launch a Web browser from the management device.

2. Enter 192.168.1.1 in the URL address field.

3. Specify the default username as root. Do not enter any va lue in the
Password field.

Getting Started Guide

4. Press Enter. The J-Web Initial Setup page is displayed.

Note: To remove the interface from the VLAN:
a. In the J-Web interface, under the Configure tab, navigate to Switching

> VLAN.

b. Under the VLAN name, select the VLAN and click Edit to select and

remove the interface from the VLAN.

Note: By default, Ethernet switching is enabled on the ge-0/0/1 to ge-0/0/15
ports.

7. Click OK to save the changes and click Commit to apply the

changes. The configured IP address is included in the Address
Prefix column.

Step 8

Security policies have the following factory-default settings:

Source Zone Destination Zone Policy Action

trust untrust permit

Step 5

Configure the basic settings, such as Host Name, Domain Name, and
Root Password for your services gateway.

Important: Ensure that you have configured the root password before you
apply the configuration.

Note: All fields marked with an asterisk (*) are mandatory.

Step 6

Click Apply to apply the configuration.

Step 7

Configure an interface as follows:

1. In the J-Web interface, select the Configure tab.

2. Under the Interface Name column, click on the interface you want
to configure.

3. Click the existing logical interface.

4. Make sure that Enable Ethernet Switching is unchecked.

5. Under IPv4 Addresses and Prefixes, click Add.

6. In the IPv4 Address and Prefix fields, enter an IP address and a
subnet mask.

Note: You can either configure an IPV4 address to a physical interface or
you can make it part of the L2 VLAN. By default, all ports except the

ge-0/0/0 port are in the L2 VLAN.
Note: Before configuring the IPV4 address, the interface should be

removed from the VLAN.

untrust trust deny

Note: By default, the security policy is Deny-all.

The NAT rule has the following factory-default setting:

Source Zone Destination Zone Policy Action

trust untrust Source NAT to untrust zone

interface IP address

Note: By default, ge-0/0/1 to ge-0/0/15 are in the trust zone and ge-0/0/0 is
in the untrust zone.

To add an interface to a specific, preconfigured zone:

1. In the J-Web interface, under the Configure tab, navigate to

Security > Zones.

2. Under Zones Lists, click Add and enter a name for the zone in th e

Zone Name field

3. Under Interfaces In This Zone, add an interface to a specific zone.

4. Click OK to save the changes and click Commit to apply the

changes.

Step 9

Modify the security policy as follows:

1. In the J-Web interface, under the Configure tab, navigate to

Security > Policy.

2. Select the zone directions. For more information on configuring
zones, see the JUNOS Security Configuration Guide.

PART 2 - CONNECTING AND CONFIGURING THE MEDIA GATEWAY

Use the instructions below to configure voice support on the services gateway and get started using your device to place
and receive calls

.

Step Task Step Task Step Task

1 Connect the FXO and FXS ports. 5 Configure the analog station. 9 Create the dial plan.
2 Access the J-Web Interface. 6 Configure the peer call server. 10 Configure the media gateway.
3 Configure the class of restriction. 7 Configure a trunk. 11 Configure the survivable call server.
4 Configure the SIP station. 8 Configure trunk groups.

Step 1

Connect the FXO and FXS ports:

1. Connect an FXS port (FXS1 or FXS2) on the device to an analog

device such as a telephone, fax, or modem through an RJ-11 cable.

2. Connect an FXO port (FXO1 or FXO2) on the device to the central

office (CO) switches or to a station port on a PSTN through an RJ­11 cable.

3. Connect an Ethernet cable from any of the PoE ports (ge-0/0/0
through ge-0/0/15) to the VoIP phone.

Step 2

Access the J-Web interface:

1. Launch a Web browser from the management device.

2. Log on using the credentials you set during the initial configuration
described in Part 1.

3. The J-Web Dashboard page is displayed.