Monday, September 5, 2011

Juniper SRX Basic System Setup

To create an admistratitive user to manage the device, first create the username and then assign the username a class:
[edit]
root# set system login user authentication plain-text-password
New password:
Retype new password:
[edit]
root# set system login user admin class super-user

Set the system hostname:
[edit]
root# set system hostname 

Set DNS Servers for the device, it is a good idea to setup at least 2 DNS servers:
[edit]
root# set system name-server 8.8.8.8
[edit]
root# set system name-server 8.8.4.4

This section will setup the unrust interfaces and zones.




First we need to assign an IP to the interface:
[edit]
root#set interface ge-0/0/0 unit 0 family inet address 1.1.1.1/30

Next assign the interface to the untrust zone:
[edit]
root#set security zones security-zone untrust interfaces ge-0/0/0.0

Setup SSH and HTTPS for remote management:
[edit]
root#set system services ssh
[edit]
root#set security zones security-zone untrust host-inbound-traffic system-services ssh
[edit]
root#set system services web-management https system-generated-certificate
[edit]
root#set security zones security-zone untrust host-inbound-traffic system-services https

Finally create a default route to exit the untrust interface :
[edit]
root#set routing-options static route 0.0.0.0/0 next-hop 1.1.1.2 (address of upstream router)

This section will setup up the trust interface and zones.
First we need to assign an IP to the interface:
[edit]
root# set interface fe-0/0/7 unit 0 family inet address 10.0.0.1/30

Next assign the interface to the trust zone:
[edit]
root# set security zones security-zone untrust interfaces fe-0/0/7.0
[edit]
root# set system services ssh root-login allow

To setup management of the firewall, it is a good idea to only allow secure access like HTTPS and SSH on the untrust zone and unsecure management access like HTTP and Telnet can be enabled in the trust zone.

To setup ssh
[edit]
root# set system services ssh
[edit]
root# set security zones security-zone trust host-inbound-traffic system-services ssh
[edit]
root# set security zones security-zone trust host-inbound-traffic system-services http
[edit]
root# set system services web-management https system-generated-certificate
[edit]
root# set security zones security-zone trust host-inbound-traffic system-services https

No comments:

Post a Comment