Juniper SRX240B2, SRX240H-DC, SRX240H, SRX240H2, SRX240H2-DC Quick Start Manual

SRX240 Services Gateway Quick Start

Follow the instructions in this quick start to connect the SRX240 Services Gateway to
your network. For details, see the SRX240 Services Gateway Hardware Guide at
http://www.juniper.net/techpubs/en_US/release-independent/junos/information-products/
pathway-pages/srx-series/product/index.html.

SRX240 Services Gateway Front Panel

SRX240 Services Gateway Back Panel

SRX240 Services Gateway Models

The following models of the SRX240 Services Gateway are available:

NOTE: On the SRX240H-POE,SRX240H2-POE, SRX240H-POE-TAA, and
SRX240H2-POE-TAA models, Power over Ethernet (PoE) of a maximum of 150 watts is
supported on all the16 ports (0/0 through 0/15).

Connecting and Configuring the SRX Series Services Gateway

Follow these instructions to connect and set up the SRX240 Services Gateway. The
LEDs on the front of the device indicate the status of the device.

Configuration Overview

The SRX240 Services Gateway requires the following basic configuration settings to
function:

 Interfaces must be assigned IP addresses.

 Interfaces must be bound to zones.

 Policies must be configured between zones to permit or deny traffic.

 Source NAT rules must be set.

The device has the following default configuration set when you power it on for the first
time. To use the device, you do not need to perform any initial configuration.

Callout Description Callout Description

1 Mini-PIM slots 5 Console port

2 Power button 6 Gigabit Ethernet (0/0 to 0/15) ports

3 LEDs (ALARM, POWER,

STATUS, HA, mPIM)

7 USB ports

4 Reset Config button

Callout Description Callout Description

1 Cable tie holder 3 Grounding point

2 Power supply input

g037516

1

2

6

7

3 4 5

1 1 1

g037502

1 2 3

Device DDR Memory Power over Ethernet

SRX240B 512 MB No

SRX240B2 1 GB No

SRX240H 1 GB No

SRX240H2 2 GB No

SRX240H-DC 1 GB No

SRX240H2-DC 2 GB No

SRX240H-POE 1 GB Yes

SRX240H2-POE 2 GB Yes

SRX240H-TAA 1 GB No

SRX240H2-TAA 2 GB No

SRX240H-POE-TAA 1 GB Yes

SRX240H2-POE-TAA 2 GB Yes

Page 2

Factory-Default Settings for Initial Configuration:

Factory-Default Settings for Security Policies:

Factory-Default Settings for NAT Rule:

NOTE: Source NAT translates the source address for packets coming from any number
of hosts on a private network to one public IP address.

Task 1: Connect the Power Cable and a Power Source

Connect the power cable to the device and a power source. We recommend using a
surge protector. Note the following indications:

 POWER LED (green): The device is receiving power.

 STATUS LED (green): The device is operating normally.

 ALARM LED (yellow): The device is operating normally, and a rescue configuration

might not have been set. This is not a panic condition.

NOTE: After a rescue configuration has been set, a yellow ALARM LED indicates a
minor alarm, and a solid red ALARM LED indicates a major problem on the services
gateway.

 mPIM LED (off): The Mini-Physical Interface Module (Mini-PIM) is not present or is

not detected by the device. If this LED is green and steadily on, it indicates that the
Mini-PIM is functioning normally.

NOTE: You must allow the device between 5 and 7 minutes to boot after you power it on.
Wait until the STATUS LED is solid green before proceeding to the next task.

Task 2: Connect the Management Device

Use one of the following methods to connect the management device to the services
gateway:

 Method 1: Connect an RJ-45 cable (Ethernet cable) from any one port from 0/1

through 0/15 (interfaces ge-0/0/1 and ge-0/0/15) on the front panel to the Ethernet
port on the management device (workstation or laptop). We recommend this
connection method. If you are using this method to connect, proceed to Task 3.

 Method 2 : Connect an RJ-45 cable (Ethernet cable) from the port labeled

CONSOLE to the supplied DB-9 adapter, which then connects to the serial port on
the management device (serial port settings: 9600 8-N-1-N).

If you are using this method to connect, proceed with the CLI configuration
instructions in the Getting Started Guide for the Branch SRX Series at
http://www.juniper.net/techpubs/en_US/release-independent/junos/
information-products/pathway-pages/srx-series/product/index.html.

Connecting a Management Device

Task 3: Ensure That the Management Device Acquires an IP Address

After you connect the management device to the services gateway, the DHCP server
process on the services gateway automatically assigns an IP address to the
management device. Ensure that the management device acquires an IP address on the

192.168.1.0/24 subnetwork (other than 192.168.1.1) from the services gateway.

NOTE: The services gateway functions as a DHCP server and assigns an IP address to
the management device.

 If an IP address is not assigned to the management device, manually configure an

IP address on the 192.168.1.0/24 subnetwork. Do not assign 192.168.1.1 as the IP
address to the management device because this IP address is assigned to the
services gateway. By default, the DHCP server is enabled on the Layer 3 VLAN
interface, (IRB) vlan.0 (ge-0/0/1 to ge-0/0/15), which is configured with an IP
address of 192.168.1.1/24.

 When an SRX240 Services Gateway is powered on for the first time, it boots using

the factory-default configuration.

Port Label Interface Security Zones DHCP State IP Address

0/0 ge-0/0/0 untrust client unassigned

0/1 to 0/15 ge-0/0/1 to

ge-0/0/15

trust server 192.168.1.1/24

Source Zone Destination Zone Policy Action

trust untrust permit

trust trust permit

untrust trust deny

Source Zone Destination Zone Policy Action

trust untrust source NAT to untrust zone

interface

g037511