Beruflich Dokumente
Kultur Dokumente
SRX650ServicesGatewayInstallationandInitialConfiguration
NOTE:PleasenotethisStudentGuidehasbeendevelopedfromanaudionarration.Thereforeitwillhave
conversationalEnglish.Thepurposeofthistranscriptistohelpyoufollowtheonlinepresentationandmayrequire
referencetoit.
Slide2
Introduction
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.2
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide3
CONFIDENTIAL
FSSSRX650
www.juniper.net | 3
Throughout this module, you will find slides with valuable detailed information. You can stop
any slide with the Pause button to study the details. You can also read the notes by using the
Notes tab. You can click the Feedback link at anytime to submit suggestions or corrections
directly to the Juniper Networks eLearning team.
CourseFSSSRX650
JuniperNetworks,Inc.3
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide4
Introduction
CONFIDENTIAL
FSSSRX650
www.juniper.net | 4
Welcome to the SRX650 Services Gateway Installation and Initial Configuration online
training program.
This course describes the procedures to install and configure the SRX650 Services Gateway
offered by Juniper Networks.
CourseFSSSRX650
JuniperNetworks,Inc.4
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide5
Course Objectives
Upon completing this course, youll be able to install the SRX650 Services
Gateway and perform auto-installation and initial configuration. You will also
be able to replace SRX650 Gigabit-Backplane Pluggable Interface Modules
(GPIMs), the fan tray, air filter, AC power supply, as well as the SRX650
Services and Routing Engine (SRE).
CONFIDENTIAL
FSSSRX650
www.juniper.net | 5
Upon completing this course, youll be able to install the SRX650 Services Gateway and
perform auto-installation and initial configuration. You will also be able to replace SRX650
Gigabit-Backplane Pluggable Interface Modules (or GPIMs), the fan tray, air filter, AC power
supply, as well as the SRX650 Services and Routing Engine (or SRE).
CourseFSSSRX650
JuniperNetworks,Inc.5
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide6
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.6
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide7
Section Overview
After successfully completing this section, you will be
able to:
Describe the SRX650 Services Gateway and identify its
components.
Describe the proper safety procedures to follow during installation.
List the tools and components required to install the device.
Unpack the device.
Mount the device in a rack.
Connect interface cables.
Ground the SRX device.
Power the SRX device on and off.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 7
After successfully completing this section, you will be able to install the SRX650 Services
Gateway.
We will begin with a product overview of the devices, followed by the safety information and
the tools and components required for this installation.
You will then be given a demonstration of the SRX650 Services Gateway installation process.
After successfully completing this section, you will be able to:
Describe the SRX650 Services Gateway and identify its components.
Describe the proper safety procedures to follow during installation.
List the tools and components required to install the device.
Unpack the device.
Mount the device in a rack.
Connect interface cables.
Ground the SRX device, and
Power the SRX device on and off.
CourseFSSSRX650
JuniperNetworks,Inc.7
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide8
Product Overview
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.8
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide9
Product Overview
SRX650 Services Gateway Overview
SRX650 is ideally suited for securing small to
medium-sized enterprise locations:
Regional offices
Large branch offices
Small to medium enterprises
SRX650 Services Gateway contains a rearpluggable Services and Routing Engine (SRE)
module that provides robust performance for
mid-range applications, particularly routing
and security services.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 9
CourseFSSSRX650
JuniperNetworks,Inc.9
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide10
Product Overview
SRX650 Services Gateway Access
J-Web interface
Junos operating system command-line
interface (CLI)
CONFIDENTIAL
FSSSRX650
www.juniper.net | 10
Like other Junos operating system devices, the SRX650 Services Gateway can be accessed
through both the J-Web interface as well as the Junos OS command-line interface (or CLI).
The SRX650 includes four Gigabit Ethernet ports and support for Gigabit-Backplane
Pluggable Interface Modules (or GPIMs). The SRX650 also provides Power over Ethernet (or
PoE) ports.
CourseFSSSRX650
JuniperNetworks,Inc.10
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide11
Safety Information
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.11
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide12
Safety Information
CONFIDENTIAL
FSSSRX650
www.juniper.net | 12
Lets look at a few safety instructions before you start the installation. This is a summary of
the safety warnings.
Permit only trained and qualified personnel to install or replace the SRX Series Services
Gateway components.
Perform only the procedures described in the Hardware Guide or Getting Started Guide for
your device. Other services must be performed by authorized service personnel only.
Before you connect the SRX Series Services Gateway to a power source, read the installation
instructions in the Hardware Guide and Getting Started Guide for your device.
CourseFSSSRX650
JuniperNetworks,Inc.12
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide13
Safety Information
CONFIDENTIAL
FSSSRX650
www.juniper.net | 13
Before installing the device, read the guidelines about preparing for device installation in the
Hardware Guide and Getting Started Guide for your device to make sure that the site meets
power, environmental, and clearance requirements for the device.
We recommend that two persons should perform the SRX Series Services Gateway
installation. One person should lift the device into position and the other person should
secure the mounting screws. To prevent injury, the workers should keep their backs straight
and lift with their legs, and not their backs.
CourseFSSSRX650
JuniperNetworks,Inc.13
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide14
Safety Information
CONFIDENTIAL
FSSSRX650
www.juniper.net | 14
Mount the device at the bottom of the rack if it is the only unit in the rack.
When mounting the device in a partially filled rack, load the rack from the bottom to the top,
with the heaviest component at the bottom of the rack.
CourseFSSSRX650
JuniperNetworks,Inc.14
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide15
Safety Information
If the rack is provided with stabilizing
devices, install the stabilizers before
mounting or servicing the SRX Series
Services Gateway in the rack.
When removing or installing an
electrical component, always place it
component-side up on a flat antistatic
surface or in an electrostatic bag.
Do not work on the system or connect
or disconnect cables during electrical
storms.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 15
If the rack is provided with stabilizing devices, install the stabilizers before mounting or
servicing the SRX Series Services Gateway in the rack.
When removing or installing an electrical component, always place it component-side up on
a flat antistatic surface or in an electrostatic bag.
Do not work on the system or connect or disconnect cables during electrical storms.
CourseFSSSRX650
JuniperNetworks,Inc.15
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide16
Safety Information
Before working on equipment that
is connected to power lines,
remove jewelry, including rings,
necklaces, and watches. Metal
objects heat up when connected to
power and ground and can cause
serious burns or become welded to
the terminals.
Failure to observe these safety
warnings can result in serious
physical injury.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 16
Before working on equipment that is connected to power lines, remove jewelry, including
rings, necklaces, and watches. Metal objects heat up when connected to power and ground
and can cause serious burns or become welded to the terminals.
Failure to observe these safety warnings can result in serious physical injury.
To get a complete list of warnings, consult the SRX650 Hardware Guides, which can be
found at the link on the screen.
CourseFSSSRX650
JuniperNetworks,Inc.16
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide17
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.17
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide18
CONFIDENTIAL
FSSSRX650
www.juniper.net | 18
Let's look at the tools and components you need to install and configure the SRX650
Services Gateway.
For each power supply, the SRX Gateway includes a power cord with a plug appropriate for
your geographical location and two mounting brackets.
In addition to these items, you need an electrostatic discharge (or ESD) grounding strap, four
mounting screws appropriate for your rack, and a #2 Phillips screwdriver.
CourseFSSSRX650
JuniperNetworks,Inc.18
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide19
CONFIDENTIAL
FSSSRX650
www.juniper.net | 19
The SRX650 Services Gateway is shipped in a cardboard carton and secured with foam
packing material. The carton also contains an accessory box and quick start instructions.
The devices are maximally protected inside the shipping carton. Do not unpack the device
until you are ready to begin installation.
Begin the installation by unpacking the shipping carton and verify the contents against the
parts inventory included in the carton.
Save the shipping carton and packing materials in case you need to move or ship the device
later.
CourseFSSSRX650
JuniperNetworks,Inc.19
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide20
CONFIDENTIAL
FSSSRX650
www.juniper.net | 20
The SRX650 services gateway can be installed in a rack. Many types of racks are
acceptable, including front-mount racks and four-post (or telco) racks, enclosed cabinets,
and open-frame racks. If you are installing the SRX650 in an enclosed cabinet, make sure
the cabinet is large enough to ensure adequate air flow. See the SRX650 Hardware Guide
for detailed clearance specifications.
Note: If you are installing multiple devices in one rack, install the lowest one first and
proceed upward in the rack.
CourseFSSSRX650
JuniperNetworks,Inc.20
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide21
CONFIDENTIAL
FSSSRX650
www.juniper.net | 21
CourseFSSSRX650
JuniperNetworks,Inc.21
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide22
CONFIDENTIAL
FSSSRX650
www.juniper.net | 22
Align the bottom hole in each mounting bracket with a hole in each rack rail as shown on the
screen, making sure the chassis is level.
Next, have a second person install a mounting screw into each of the two aligned holes. Use
a number2 phillips screwdriver to tighten the screw.
Then, install the second screw in each mounting bracket.
Verify that the mounting screws on one side of the rack are aligned with the mounting
screws on the opposite side and that the device is level.
Finally, plug in the power supply to the power outlet and the power adapter into the device.
CourseFSSSRX650
JuniperNetworks,Inc.22
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide23
CONFIDENTIAL
FSSSRX650
www.juniper.net | 23
You connect the interfaces installed in the services gateway to various network media.
Each type of interface on a services gateway uses a particular medium to transmit data. You
must configure each network interface before it can operate on the device. External devices
can be attached to Console, Ethernet, or Gigabit Ethernet ports. To connect interface cables
to the device, ensure that you have a length of the type of cable appropriate for the port and
the interface. The most common interface types are shown on the screen.
Note that many different cable types use the same connector ends. Be sure that the pinout
for your cable is correct for your type of connection. For example, an Ethernet crossover
cable will fit into an ISDN port, but the individual wiring is wrong for ISDN, so the signaling
will not work.
Once you have a length of the type of cable appropriate to the port and the interface, insert
the cable connector into the cable connector port on the interface faceplate.
CourseFSSSRX650
JuniperNetworks,Inc.23
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide24
CONFIDENTIAL
FSSSRX650
www.juniper.net | 24
Then, arrange the cable as follows to prevent it from dislodging or developing stress points:
Secure the cable so that it is not supporting its own weight as it hangs to the floor.
Place excess cable out of the way in a neatly coiled loop.
Place fasteners on the loop to help maintain its shape.
CourseFSSSRX650
JuniperNetworks,Inc.24
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide25
CONFIDENTIAL
FSSSRX650
www.juniper.net | 25
You ground the device by connecting a grounding cable to earth ground and then attaching it
to the chassis grounding points on the right side of the device using two UNC -20 screws,
which are not provided. Grounding cables and lugs are also not provided.
CAUTION: Before device installation begins, a licensed electrician must attach a cable lug to
the grounding and power cables that you supply. A cable with an incorrectly attached lug can
damage the device.
CourseFSSSRX650
JuniperNetworks,Inc.25
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide26
CONFIDENTIAL
FSSSRX650
www.juniper.net | 26
CourseFSSSRX650
JuniperNetworks,Inc.26
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide27
CONFIDENTIAL
FSSSRX650
www.juniper.net | 27
Secure the grounding cable lug to the grounding points, first with the washers, then with the
screws.
Finally, dress the grounding cable and verify that it does not touch or block access to the
services gateway components and that it does not drape where people could trip on it.
CourseFSSSRX650
JuniperNetworks,Inc.27
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide28
CONFIDENTIAL
FSSSRX650
www.juniper.net | 28
CourseFSSSRX650
JuniperNetworks,Inc.28
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide29
CONFIDENTIAL
FSSSRX650
www.juniper.net | 29
To power off an SRX650 Services Gateway, press and release the power button. The device
gracefully shuts down the operating system, the SREs, and any GPIM, sand then powers
itself off.
After powering off a power supply, wait at least 60 seconds before turning it back on. After
powering on a power supply, wait at least 10 seconds before turning it off.
To remove power completely from the device, unplug the AC power cord.
After powering off a power supply, wait at least 10 seconds before turning it back on. After
powering on a power supply, wait at least 10 seconds before turning it off.
CourseFSSSRX650
JuniperNetworks,Inc.29
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide30
CONFIDENTIAL
FSSSRX650
www.juniper.net | 30
The power button on the SRX device is a standby power switch. If the device is connected to
a power source when you press the power button to power it off, the device remains in
standby mode and between 3.3 V and 5 V of standby voltage is still available in the chassis.
If the system is completely powered off when you turn on the power supply, the device starts
as the power supply completes its startup sequence. If the device finishes starting and you
need to power off the system again, first issue the CLI request system halt command.
After the power supply is turned on, it can take up to 60 seconds for status indicatorssuch
as the Status LEDs on the power supply and the show chassis command displayto indicate
that the power supply is functioning normally. Ignore error indicators that appear during the
first 60 seconds.
CourseFSSSRX650
JuniperNetworks,Inc.30
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide31
Section Summary
In this section, you learned to install the SRX650 Services Gateway.
You should now be able to:
Describe the SRX650 Services Gateway and identify its components.
Describe the proper safety procedures to follow during installation.
List the tools and components required to install the device.
Unpack the device.
Mount the device in a rack.
Connect interface cables.
Ground the SRX device.
Power the SRX device on and off.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 31
CourseFSSSRX650
JuniperNetworks,Inc.31
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide32
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.32
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide33
Section Objectives
In this section, you will learn to configure
auto installation on the SRX650 Services
Gateway.
After successfully completing this section,
you will be able to:
Describe the autoinstallation process.
Describe the supported autoinstallation
interfaces and protocols;
Configure autoinstallation on the
SRX650 Services Gateway; and
Verify that autoinstallation has been
completed.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 33
In this section, you will learn to configure autoinstallation on the SRX650 Services Gateway.
More specifically, after completing this section, youll be able to:
Describe the autoinstallation process.
Describe the supported autoinstallation interfaces and protocols;
Configure autoinstallation on the SRX650 Services Gateway; and
Verify that autoinstallation has been completed.
CourseFSSSRX650
JuniperNetworks,Inc.33
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide34
CONFIDENTIAL
FSSSRX650
www.juniper.net | 34
If you are setting up many services gateways, autoinstallation can help automate the
configuration process by loading configuration files onto new or existing devices
automatically over the network.
The Junos OS is preinstalled on the services gateway. When the device is powered on, it is
ready to be configured.
The autoinstallation process begins any time a services gateway is powered on and cannot
locate a valid configuration file in the CompactFlash memory. Typically, a configuration file is
unavailable when a services gateway is powered on for the first time or if the configuration
file is deleted from the CompactFlash memory. The autoinstallation feature enables you to
deploy multiple services gateways from a central location in the network.
CourseFSSSRX650
JuniperNetworks,Inc.34
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide35
CONFIDENTIAL
FSSSRX650
www.juniper.net | 35
If you are setting up many devices, autoinstallation can help automate the configuration
process by loading configuration files onto new or existing devices automatically over the
network. You can use either the J-Web configuration editor or CLI configuration editor to
configure a device for autoinstallation.
The J-Web interface does not include Quick Configuration pages for autoinstallation. For the
autoinstallation process to work, you must store one or more host-specific or default
configuration files on a configuration server in the network and have a
service availabletypically Dynamic Host Configuration Protocol (or DHCP)to assign an IP
address to the services gateway.
CourseFSSSRX650
JuniperNetworks,Inc.35
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide36
CONFIDENTIAL
FSSSRX650
www.juniper.net | 36
Autoinstallation takes place automatically when you connect Ethernet port GE-0/0/0 on a
new services gateway to the network and power on the device. To simplify the process, you
can explicitly enable autoinstallation on a device and specify a configuration server, an
autoinstallation interface, and a protocol for IP address acquisition.
CourseFSSSRX650
JuniperNetworks,Inc.36
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide37
CONFIDENTIAL
FSSSRX650
www.juniper.net | 37
Autoinstallation provides automatic configuration for a new services gateway that you
connect to the network and turn on.
Before autoinstallation on a services gateway can take place, the services gateway must
acquire an IP address. The protocol or protocols you choose for IP address acquisition
determine the device interface to connect to the network for autoinstallation. The services
gateway detects the connected interface and requests an IP address with a protocol
appropriate for the interface. Autoinstallation is supported over an Ethernet LAN interface or
a serial LAN or WAN interface.
CourseFSSSRX650
JuniperNetworks,Inc.37
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide38
CONFIDENTIAL
FSSSRX650
www.juniper.net | 38
CourseFSSSRX650
JuniperNetworks,Inc.38
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide39
CONFIDENTIAL
FSSSRX650
www.juniper.net | 39
When a services gateway is powered on for the first time, it sends out DHCP, BOOTP, RARP,
or SLARP requests on each connected interface simultaneously to obtain an IP address.
If a DHCP server responds, it provides the device with the IP address and subnet mask for
the autoinstallation interface;
the location of the TFTP, HTTP, or FTP server on which the configuration file is stored; the
name of the configuration file to be requested from the TFTP server; the IP address or
hostname of the TFTP server; and the IP address of an intermediate device if the
configuration server is on a different LAN segment from the new device.
CourseFSSSRX650
JuniperNetworks,Inc.39
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide40
CONFIDENTIAL
FSSSRX650
www.juniper.net | 40
the name of the configuration file to be requested from the TFTP server; the IP address or
hostname of the TFTP server; and the IP address of an intermediate device if the
configuration server is on a different LAN segment from the new device
After the new services gateway acquires an IP address, the autoinstallation process on the
device attempts to download a configuration file in one of the following ways.
CourseFSSSRX650
JuniperNetworks,Inc.40
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide41
If the DHCP server specifies the hostspecific configuration file (boot file)
hostname.conf, the device uses that
filename in the TFTP server request. (In
the filename, hostname is the
hostname of the new device.) The
autoinstallation process on the new
device makes three unicast TFTP
requests for hostname.conf. If these
attempts fail, the device broadcasts
three requests to any available TFTP
server for the file.
If the new device cannot locate
hostname.conf, the autoinstallation
process unicasts or broadcasts TFTP
requests for a default device
configuration file called network.conf,
which contains hostname-to-IP address
mapping information, to attempt to find
its hostname.
2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 41
If the DHCP server specifies the host-specific configuration file (that is, the boot file)
hostname.conf, the device uses that filename in the TFTP server request. (In the filename,
hostname is the hostname of the new device.) The autoinstallation process on the new
device makes three unicast TFTP requests for hostname.conf. If these attempts fail, the
device broadcasts three requests to any available TFTP server for the file.
If the new device cannot locate hostname.conf, the autoinstallation process unicasts or
broadcasts TFTP requests for a default device configuration file called network.conf, which
contains hostname-to-IP address mapping information, to attempt to find its hostname.
CourseFSSSRX650
JuniperNetworks,Inc.41
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide42
If network.conf contains no
hostname entry for the new services
gateway, the autoinstallation
process sends out a DNS request
and attempts to resolve the new
device's IP address to a hostname.
If the new services gateway can
determine its hostname, it sends a
TFTP request for the hostname.conf
file.
If the new services gateway is unable
to map its IP address to a hostname,
it sends TFTP requests for the
default configuration file router.conf.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 42
If network.conf contains no hostname entry for the new services gateway, the
autoinstallation process sends out a DNS request and attempts to resolve the new device's
IP address to a hostname.
If the new services gateway can determine its hostname, it sends a TFTP request for the
hostname.conf file.
If the new services gateway is unable to map its IP address to a hostname, it sends TFTP
requests for the default configuration file router.conf.
After the new services gateway locates a configuration file on a TFTP server, autoinstallation
downloads the file, installs the file on the device, and commits the configuration.
CourseFSSSRX650
JuniperNetworks,Inc.42
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide43
CONFIDENTIAL
FSSSRX650
www.juniper.net | 43
To configure a network for services gateway autoinstallation, complete the following tasks:
First, configure a DHCP server on your network to meet your network requirements. You can
configure a services gateway to operate as a DHCP server. For more information, see the
Junos OS Administration Guide.
Then, create either a host-specific file or a default configuration file, and store it on a TFTP
server in the network.
CourseFSSSRX650
JuniperNetworks,Inc.43
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide44
CONFIDENTIAL
FSSSRX650
www.juniper.net | 44
The host-specific file will have the name hostname.conf for each services gateway
undergoing autoinstallation. Replace hostname with the name of a services gateway. The
hostname.conf file typically contains all the configuration information necessary for the
device with this hostname. The default configuration file should be named router.conf with
the minimum configuration necessary to enable you to telnet into the new services gateway
for further configuration.
Next, physically attach the services gateway to the network using the Gigabit Ethernet
interface.
CourseFSSSRX650
JuniperNetworks,Inc.44
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide45
CONFIDENTIAL
FSSSRX650
www.juniper.net | 45
If you configure the DHCP server to provide only the TFTP server hostname, add an IP
address-to-hostname mapping entry for the TFTP server to the DNS database file on the
DNS server in the network.
If the new device is not on the same network segment as the DHCP server (or other device
providing IP address resolution), configure an existing device as an intermediate to receive
TFTP and DNS requests and forward them to the TFTP server and the DNS server. You must
configure the LAN or serial interface on the intermediate device with the IP addresses of the
hosts providing TFTP and DNS service. Connect this interface to the new device.
CourseFSSSRX650
JuniperNetworks,Inc.45
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide46
CONFIDENTIAL
FSSSRX650
www.juniper.net | 46
Finally, if you are using hostname.conf files for autoinstallation of host-specific configuration
files, you must also configure the DHCP server to provide a hostname.conf filename to each
new services gateway. Each device uses its hostname.conf filename to request a
configuration file from the TFTP server . Copy the necessary hostname.conf configuration
files to the TFTP server.
CourseFSSSRX650
JuniperNetworks,Inc.46
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide47
CONFIDENTIAL
FSSSRX650
www.juniper.net | 47
You must also create a default configuration file named network.conf, and copy it to the
TFTP server. This file contains IP address-to-hostname mapping entries. If the DHCP server
does not send a hostname.conf filename to a new device, the services gateway uses
network.conf to resolve its hostname based on its IP address.
Alternatively, you can add the IP address-to-hostname mapping entry for the new services
gateway to a DNS database file. The device uses the hostname to request a hostname.conf
file from the TFTP server.
CourseFSSSRX650
JuniperNetworks,Inc.47
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide48
CONFIDENTIAL
FSSSRX650
www.juniper.net | 48
To display and verify the autoinstallation status on the SRX650 services gateway, enter the
show system autoinstallation status command in the CLI.
CourseFSSSRX650
JuniperNetworks,Inc.48
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide49
Section Summary
In this section, you learned to
configure auto installation on the
SRX650 Services Gateway.
After successfully completing this section,
you you should now be able to:
Describe the autoinstallation process.
Describe the supported autoinstallation
interfaces and protocols;
Configure autoinstallation on the
SRX650 Services Gateway; and
Verify that autoinstallation has been
completed.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 49
In this section, you learned to configure autoinstallation on the SRX650 Services Gateway.
More specifically, after completing this section, you should now be able to:
Describe the autoinstallation process.
Describe the supported autoinstallation interfaces and protocols;
Configure autoinstallation on the SRX650 Services Gateway; and
Verify that autoinstallation has been completed.
CourseFSSSRX650
JuniperNetworks,Inc.49
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide50
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.50
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide51
Section Objectives
In this section, you will learn to configure
the SRX650 Services Gateway.
After successfully completing this section,
you will be able to:
Access an SRX device.
Perform basic device configuration with
the
J-Web user interface.
Perform basic device configuration with
the CLI.
Reset the default configuration file.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 51
In this section, you will learn to configure the SRX650 Services Gateway.
After successfully completing this section, you will be able to:
Access an SRX device.
Perform basic device configuration with the
J-Web user interface.
Perform basic device configuration with the CLI, and
Reset the default configuration file.
CourseFSSSRX650
JuniperNetworks,Inc.51
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide52
CONFIDENTIAL
FSSSRX650
www.juniper.net | 52
The Junos OS is preinstalled on the services gateway. When the device is powered on, it is
ready to be configured.
If you are setting up a services gateway for the first time, you can use either J-Web Quick
Configuration or a configuration editor to configure basic connectivity.
If you are setting up many services gateways, autoinstallation can help automate the
configuration process
CourseFSSSRX650
JuniperNetworks,Inc.52
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide53
CONFIDENTIAL
FSSSRX650
www.juniper.net | 53
To configure the SRX Series Services Gateway, youll need a management device, such as a
laptop, with an Ethernet port and the Ethernet cable that came with the device.
If youre performing the initial configuration with the CLI instead of the J-Web user interface,
your management device will also need a serial port and an asynchronous terminal
application (such as Microsoft HyperTerminal).
You can configure and manage an SRX Series Services Gateway in several ways. To access
the SRX Series Services Gateway, you can use any of the following options:
Console port
J-Web User Interface (or WebUI)
Telnet and SSH
CourseFSSSRX650
JuniperNetworks,Inc.53
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide54
CONFIDENTIAL
FSSSRX650
www.juniper.net | 54
The console port on the device allows you to access the device through a serial cable
connected to your workstation or terminal. Then, to configure the device, you type Junos OS
command-line interface (or CLI) commands on your terminal or in a terminal-emulation
program on your computer.
The J-Web User Interface (or WebUI) is a graphical interface available through a browser. To
initially use the J-Web, you access the SRX device through the built-in Ethernet ports. You
can also access the WebUI through a secure server using Secure Sockets Layer (or SSL) with
secure HTTP (or HTTPS).
CourseFSSSRX650
JuniperNetworks,Inc.54
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide55
CONFIDENTIAL
FSSSRX650
www.juniper.net | 55
Telnet and SSH are applications that allow you to access devices through an IP network. To
configure the device, you enter Junos OS CLI commands from your workstation.
Telnet allows you to connect to the services gateway and access the CLI to execute
commands from a remote system. Telnet CLI connections are not encrypted and therefore
can be intercepted. Telnet access to the root user is prohibited. You must use more secure
methods, such as SSH, to log in as root.
SSH allows you to connect to the device and access the CLI to execute commands from a
remote system. It also encrypts traffic so that it cannot be intercepted (unlike Telnet).
CourseFSSSRX650
JuniperNetworks,Inc.55
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide56
CONFIDENTIAL
FSSSRX650
www.juniper.net | 56
The four built-in Gigabit Ethernet ports, ge-0/0/0 and ge-0/0/3 on the front panel of the
SRX650, are the ports through which you perform initial device setup. Any built-in Gigabit
Ethernet port can be used to perform initial configuration. After the initial configuration is
complete, you can attach the built-in Ethernet port that you are using for management
purposes to the management network.
Before initial configuration, when the factory default configuration is active, the device
attempts to perform autoinstallation by obtaining a device configuration through all its
connected interfaces, including ge-0/0/0. The services gateway acts
as a DHCP client out of the built-in Ethernet ports.
CourseFSSSRX650
JuniperNetworks,Inc.56
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide57
Address
192.168.1.1/24
192.168.2.1/24
CONFIDENTIAL
FSSSRX650
www.juniper.net | 57
If the services gateway does not find a DHCP server within a few seconds, it sets the address
of the ports
CourseFSSSRX650
JuniperNetworks,Inc.57
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide58
CONFIDENTIAL
FSSSRX650
www.juniper.net | 58
With the device temporarily acting as a DHCP server, you can manually configure it with the
J-Web interface. Any DHCP client host, for example, a PC or laptop computer, directly
connected to ge-0/0/0 receives an address on the 192.168.1.1/24 network.
NOTE: The DHCP functionality for initial setup is different from the configurable DHCP server
functionality of the services gateway during operation.
Once you connect your laptop or PC to ge-0/0/0, you can use a Web browser to visit the
address 192.168.1.1/24, access the J-Web Quick Configuration Set Up page, and complete
the initial configuration of the device.
CourseFSSSRX650
JuniperNetworks,Inc.58
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide59
CONFIDENTIAL
FSSSRX650
www.juniper.net | 59
After you perform the initial configuration and commit it by clicking Apply or OK on the Quick
Configuration Set Up page, the configured device can no longer act as a DHCP server.
Therefore, to continue using the device as a management interface you should configure the
IP address of the interface as part of the initial configuration.
CourseFSSSRX650
JuniperNetworks,Inc.59
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide60
CONFIDENTIAL
FSSSRX650
www.juniper.net | 60
If you plan to use the J-Web interface to configure the SRX Series services gateway, you must
connect through one of the built-in Ethernet management ports.
When the services gateway is powered on for the first time, the system looks for a DHCP
server. If it does not find one, the system assigns an IP address within the 192.168.1.0/24
subnetwork to any devices connected to the system.
Follow these steps to connect to the J-Web interface through port 0 on the services gateway,
CourseFSSSRX650
JuniperNetworks,Inc.60
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide61
CONFIDENTIAL
FSSSRX650
www.juniper.net | 61
First, from the management device you use to access the J-Web interface (such as a PC or a
laptop), verify that the address of the port you connect to is set to one of the following
values:
The Ethernet address on the 192.168.1/24 subnetwork other than 192.168.1.1. or
The Ethernet address from a DHCP server
Then, turn off the power to the management device.
Plug one end of the Ethernet cable into the Ethernet port on the management device, as
shown.
Next, connect the other end of the Ethernet cable to the built-in Gigabit Ethernet port on the
services gateway.
Power on the services gateway by pressing the power button on the front panel.
CourseFSSSRX650
JuniperNetworks,Inc.61
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide62
CONFIDENTIAL
FSSSRX650
www.juniper.net | 62
Wait until the Status LED on the front panel turns solid green.
Then turn on the power to the management device. The services gateway assigns an IP
address to the management device within the 192.168.1.0/24 subnetwork if the services
gateway is configured to use DHCP.
From the management device, open a Web browser and enter the IP address 192.168.1.1 in
the address field. The J-Web Quick Configuration Set Up page appears.
Finally, configure basic settings for your services gateway.
CourseFSSSRX650
JuniperNetworks,Inc.62
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide63
CONFIDENTIAL
FSSSRX650
www.juniper.net | 63
NOTE: You must manually configure the IP address for the management port you are using
before you save your initial configuration. When you save the configuration for the first time,
you will lose the connection to the services gateway if you have not manually configured the
IP address. If you lose the connection through the management interface, you must connect
through the Console port.
CourseFSSSRX650
JuniperNetworks,Inc.63
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide64
CONFIDENTIAL
FSSSRX650
www.juniper.net | 64
NOTE: To communicate with the services gateway, the J-Web interface uses HTTP. HTTP
allows easy Web access but no encryption. The data that is transmitted between the Web
browser and the services gateway by means of HTTP is vulnerable to interception and attack.
To enable secure Web access, a services gateway supports HTTPS. You can enable HTTP or
HTTPS access on specific interfaces and ports as needed.
CourseFSSSRX650
JuniperNetworks,Inc.64
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide65
CONFIDENTIAL
FSSSRX650
www.juniper.net | 65
On the services gateway, the HTTP access is enabled by default on the built-in management
interfaces. By default, HTTPS access is supported on any interface with an SSL server
certificate.
You can use J-Web Quick Configuration or the J-Web configuration editor to configure secure
Web access. For more information see the SRX650 Hardware Guide.
CourseFSSSRX650
JuniperNetworks,Inc.65
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide66
CONFIDENTIAL
FSSSRX650
www.juniper.net | 66
If you plan to use the CLI to configure the SRX Series services gateway, you must connect
through the Console port. In this section, we describe the steps for connecting to a local
management device. A remote connection to the services gateway through a modem
requires the cable and connector (provided in the services gateway accessory box), plus a
DB-9 female to DB-25 male (or similar) adapter for your modem, which you must purchase
separately.
Follow these steps to connect to the CLI using a local management device through the
Console port on the services gateway:
First, attach an ESD grounding strap to your bare wrist and connect the strap to the ESD
point on the chassis or to an outside ESD point if the device is disconnected from earth
ground.
CourseFSSSRX650
JuniperNetworks,Inc.66
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide67
CONFIDENTIAL
FSSSRX650
www.juniper.net | 67
Then, turn off power to the services gateway and to the management device, such as a PC or
laptop computer, that you are using to access the CLI.
Next, plug one end of the Ethernet cable supplied with your services gateway into the
provided RJ-45 to DB-9 serial port adapter.
Then, plug the female end of the supplied DB-9 adapter into the serial port of your
workstation. Ensure that the DB-9 is inserted properly and secured. The type of DB-9
connector that is needed is shown on the screen.
Then, plug the male end of the RJ-45 CAT5 cable into the console port on the device.
Turn on the power to the management device.
CourseFSSSRX650
JuniperNetworks,Inc.67
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide68
CONFIDENTIAL
FSSSRX650
www.juniper.net | 68
CourseFSSSRX650
JuniperNetworks,Inc.68
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide69
CONFIDENTIAL
FSSSRX650
www.juniper.net | 69
Power on the services gateway by pressing the power button on the front panel. Verify that
the Power LED on the front panel turns green.
The terminal emulation screen on your management device displays the startup sequence.
When the services gateway has finished starting up, a login prompt appears.
Finally, log in as the user root. No password is required at initial connection, but you must
assign a root password before committing any configuration settings.
CourseFSSSRX650
JuniperNetworks,Inc.69
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide70
CONFIDENTIAL
FSSSRX650
www.juniper.net | 70
Once youve connected to the SRX device, you can configure basic settings with J-Web Quick
Configuration, as follows:
To start, select Configuration>Quick Configuration >Set Up if the Quick Configuration Set Up
page is not automatically displayed.
Then, enter information into the Quick Configuration Set Up page. Click the links on screen
to get detailed information on each field. When youre ready to move on, Click Continue.
CourseFSSSRX650
JuniperNetworks,Inc.70
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide71
CONFIDENTIAL
FSSSRX650
www.juniper.net | 71
Once youve configured the settings, click one of the following buttons:
CourseFSSSRX650
JuniperNetworks,Inc.71
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide72
CONFIDENTIAL
FSSSRX650
www.juniper.net | 72
Click Apply to apply the configuration and remain on the Quick Configuration Set Up page.
Click OK to apply the configuration and return to the Quick Configuration page, or
Click Cancel to cancel your entries and return to the Quick Configuration page.
CourseFSSSRX650
JuniperNetworks,Inc.72
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide73
CONFIDENTIAL
FSSSRX650
www.juniper.net | 73
NOTE: After initial configuration is complete, the services gateway stops functioning as a
DHCP server. If you change the IP address of ge-0/0/0 and have the management device
configured to use DHCP, you lose your DHCP lease and your connection to
the services gateway through the J-Web interface. To reestablish a connection, either set the
IP address on the management device manually or connect ge-0/0/0 to the management
network and access the services gateway another wayfor example, through the Console
port.
The Host Name field is a required field and defines the hostname of the services gateway.
Enter the hostname here.
The Domain Name field Defines the network or subnetwork that the services gateway
belongs to. Enter the domain name here.
The Root Password field is also a required field and sets the password that user root can use
to log into the services gateway. Enter a plaintext password that the system encrypts. NOTE:
After a root password has been defined, it is required when you log into the J-Web user
interface or the CLI.
The Verify Root Password field is also a required field and verifies the root password has
been typed correctly. Reenter the password here.
The Time Zone field identifies the time zone in which the services gateway is located. From
the list, select the appropriate time zone.
CourseFSSSRX650
JuniperNetworks,Inc.73
SRX650ServicesGatewayInstallationandInitialConfiguration
The NTP Servers field specifies an NTP server that the services
gateway can reach to synchronize the system time. To add an IP address, type it in the box to
the left of the Add button, then click Add. To delete an IP address, click on it in the box above
the Add button, then click Delete.
The Current System Time field synchronizes the system time with the NTP server or allows
you to manually set the system time and date. To set the time using the NTP server, click Set
Time via NTP. The services gateway sends a request to the NTP server and synchronizes the
system time.
NOTE: If you are configuring other settings on this page, the services gateway also
synchronizes the system time using the NTP server when you click Apply or OK.
To set the time manually, click Set Time Manually. A window allows you to select the current
date and time from lists.
The DNS Name Servers specifies a DNS server that the services
gateway can use to resolve hostnames into addresses. To add an IP address, type it in the
box to the left of the Add button, then click Add. To delete an IP address, click on it in the box
above the Add button, then click Delete.
The Domain Search field adds each domain name that includes the services gateway to the
configuration so that each domain is included in a DNS search. To add a domain name, type
it in the box to the left of the Add button, then click Add. To delete a domain name, click on it
in the box above the Add button, then click Delete.
The Default Gateway field defines a default gateway through which to direct packets
addressed to networks not explicitly listed in the routing table. Enter a 32-bit IP address in
dotted decimal notation.
The Loopback Address field defines a reserved IP address that is always available on the
services gateway. If no address is entered, this address is set to 127.0.0.1/32. Enter a 32-bit
IP address and prefix length in dotted decimal notation.
The Allow Telnet Access field allows remote access to the services gateway using Telnet. To
enable Telnet access, select the box.
The Allow JUNOScript over Clear-Text Access field allows JUNOScript to access the services
gateway using a protocol for sending unencrypted text over a TCP connection. To enable
JUNOScript access over clear text, select the box.
The Allow SSH Access field allows remote access to the services
gateway using SSH. To enable SSH access, select the box.
To verify that the services gateway has the settings you configured, you should display the
basic connectivity configurations. Because the basic connectivity settings appear in different
CourseFSSSRX650
JuniperNetworks,Inc.74
SRX650ServicesGatewayInstallationandInitialConfiguration
places in the configuration hierarchy, displaying the entire configuration at once makes
viewing the settings easier.
To display the basic connectivity settings, select
Configuration>View and Edit>View Configuration Text
CourseFSSSRX650
JuniperNetworks,Inc.75
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide74
CONFIDENTIAL
FSSSRX650
www.juniper.net | 74
Once youve connected to the SRX device, you can use the CLI to configure basic settings.
To set the hostname of the device, use the set host-name command. In this example, weve
set the host-name to device A.
To name the domain in which the device is located, use the set domain-name command. In
this example, weve set the domain-name to lab.device.net.
To allow SSH remote access, use the set services ssh command.
To define root authentication for access to the device, use the set root-authentication sshrsa command.
To set the time zone, use the set time-zone command. Here, we set the time zone to Pacific
time.
To set the address of the NTP server, use the set ntp server command. In this example, we
set the NTP server address as 10.148.2.21.
To set the address of the DNS server, use the set name-server command. In this example,
we set the name server address as 10.148.2.32.
To set the domain to which the device belongs, use the set domain-search command. Here,
we specified two domains to be searched, lab.device.net and device.net.
CourseFSSSRX650
JuniperNetworks,Inc.76
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide75
CONFIDENTIAL
FSSSRX650
www.juniper.net | 75
To set the loopback interface address, first navigate to the edit hierarchy level. Then enter
the edit interfaces command. Then delete the existing IP address using the command delete
lo0 unit 0 family inet address. Finally, set the new IP address and prefix length with the
command set lo0 unit 0 family inet address. In this case, we set it to IP address
172.16.1.24/32.
Remember to commit the changes before quitting.
To verify that the services gateway has the settings you configured, you should display the
basic connectivity configurations. Because the basic connectivity settings appear in different
places in the configuration hierarchy, displaying the entire configuration at once makes
viewing the settings easier.
To display the basic connectivity settings, from configuration mode in the CLI, enter the show
command.
CourseFSSSRX650
JuniperNetworks,Inc.77
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide76
CONFIDENTIAL
FSSSRX650
www.juniper.net | 76
If a configuration fails or denies management access to the services gateway, you can use
the Reset Config button to restore the device to the factory default configuration or a rescue
configuration. For example, if someone inadvertently commits a configuration that denies
management access to a services gateway, you can delete the invalid configuration and
replace it with a rescue configuration by pressing the Reset Config button.
The Reset Config button is recessed to prevent it from being pressed accidentally.
The rescue configuration is a previously committed, valid configuration. You must have
previously set the rescue configuration through the J-Web interface or the CLI. To press the
Reset Config button, insert a small probe (such as a straightened paper clip) into the pinhole
on the front panel.
CourseFSSSRX650
JuniperNetworks,Inc.78
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide77
CONFIDENTIAL
FSSSRX650
www.juniper.net | 77
By default, pressing and quickly releasing the Reset Config button loads and commits the
rescue configuration through the J-Web interface or the CLI. The Status LED glows amber
during this time.
By default, pressing and holding the Reset Config button for 15 seconds or moreuntil the
Status LED glows amberdeletes all configurations on the device, including the backup
configurations and rescue configuration, and loads and commits the factory configuration.
You can change the default operation of the Reset Config button by limiting how the button
resets the services gateway. For more information, see the SRX650 Hardware Guide.
CourseFSSSRX650
JuniperNetworks,Inc.79
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide78
Section Summary
In this section, you learned to configure
the SRX Series Services Gateway.
You should now be able to:
Access an SRX device.
Perform basic device configuration with
the J-Web user interface.
Perform basic device configuration with
the CLI.
Reset the default configuration file.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 78
In this section, you learned to configure the SRX Series Services Gateway.
You should now be able to:
Access an SRX device;
Perform basic device configuration with the J-Web user interface; and
Perform basic device configuration with the CLI, and
Reset the default configuration file.
CourseFSSSRX650
JuniperNetworks,Inc.80
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide79
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.81
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide80
Section Overview
In this section, you will learn to replace the air
filter on the SRX650 Services Gateway.
Services Gateway.
Describe the procedure to replace the air
filter on the SRX650 Services Gateway.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 80
In this section, you will learn to replace the air filter on the SRX650 Services Gateway.
The services gateway has one air filter that installs vertically in the rear of the chassis on the
right side. The air filter is hot-swappable.
Note: The SRX650 Services Gateway doesnt automatically ship with an air filter. This
component needs to be ordered separately.
After successfully completing this section, you will be able to:
Describe the air filter on the SRX650 Services Gateway, and
Describe the procedure to replace the air filter on the SRX650 Services Gateway.
CourseFSSSRX650
JuniperNetworks,Inc.82
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide81
CONFIDENTIAL
FSSSRX650
www.juniper.net | 81
To remove or install an air filter on an SRX650 Services Gateway, you need an ESD
grounding wrist strap, and a number 1 Phillips screwdriver.
CourseFSSSRX650
JuniperNetworks,Inc.83
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide82
CONFIDENTIAL
FSSSRX650
www.juniper.net | 82
Always keep the air filter in place while the services gateway is operating, except during
replacement. Because the fans are very powerful, they could pull small pieces of wire or
other materials into the services gateway through the unfiltered air intake, damaging the
services gateway components.
A single handle with two screws holds both the fan tray and air filter on the back of the
services gateway.
You can replace the air filter while the services gateway is running.
CourseFSSSRX650
JuniperNetworks,Inc.84
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide83
CONFIDENTIAL
FSSSRX650
www.juniper.net | 83
CourseFSSSRX650
JuniperNetworks,Inc.85
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide84
CONFIDENTIAL
FSSSRX650
www.juniper.net | 84
CourseFSSSRX650
JuniperNetworks,Inc.86
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide85
Section Summary
CONFIDENTIAL
FSSSRX650
www.juniper.net | 85
In this section, you learned to replace the air filter on the SRX650 Services Gateway.
You should now be able to:
Describe the air filter on the SRX650 Services Gateway, and
Describe the procedure to replace the air filter on the SRX650 Services Gateway.
CourseFSSSRX650
JuniperNetworks,Inc.87
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide86
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.88
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide87
Section Overview
In this section, you will learn to replace the AC power
supply on the SRX650 Services Gateway.
The redundant AC power supplies in the SRX650
Services Gateway are hot-swappable. To maintain
proper cooling and prevent thermal shutdown of the
operating power supply unit, each power supply slot
must contain either a power supply or a blank panel.
If you remove a power supply, you must install a
replacement power supply or a blank panel shortly
after the removal.
After successfully completing this section, you will be
able to:
Describe the AC power supply on the SRX650 Services
Gateway.
Describe the procedure to replace the AC power supply
on the SRX650 Services Gateway.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 87
In this section, you will learn to replace the AC power supply on the SRX650 Services
Gateway.
The redundant AC power supplies in the SRX650 Services Gateway are hot-swappable. To
maintain proper cooling and prevent thermal shutdown of the operating power supply unit,
each power supply slot must contain either a power supply or a blank panel. If you remove a
power supply, you must install a replacement power supply or a blank panel shortly after the
removal.
After successfully completing this section, you will be able to:
Describe the AC power supply on the SRX650 Services Gateway, and
Describe the procedure to replace the AC power supply on the SRX650 Services Gateway.
CourseFSSSRX650
JuniperNetworks,Inc.89
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide88
CONFIDENTIAL
FSSSRX650
www.juniper.net | 88
CourseFSSSRX650
JuniperNetworks,Inc.90
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide89
CONFIDENTIAL
FSSSRX650
www.juniper.net | 89
Up to two power supplies can be located at the rear of the chassis on the right side. Each AC
power supply is hot-swappable.
CAUTION: Do not leave a power supply slot empty for more than 30 minutes while the
services gateway is operational. For proper airflow, the power supply must remain in the
chassis, or a blank panel must be used in an empty slot.
NOTE: After powering off a power supply, wait at least 60 seconds before turning it back on.
CourseFSSSRX650
JuniperNetworks,Inc.91
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide90
CONFIDENTIAL
FSSSRX650
www.juniper.net | 90
CourseFSSSRX650
JuniperNetworks,Inc.92
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide91
CONFIDENTIAL
FSSSRX650
www.juniper.net | 91
CourseFSSSRX650
JuniperNetworks,Inc.93
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide92
CONFIDENTIAL
FSSSRX650
www.juniper.net | 92
Then, route the power cord along the cable restraint towards the left or right corner of the
chassis. If needed to hold the power cord in place, thread plastic cable ties, which you must
provide, through the openings on the cable restraint.
Attach the power cord to the AC power source, and switch on the dedicated facility circuit
breaker for the power supply. Follow the ESD and connection instructions for your site.
Finally, if the power supply is correctly installed and functioning normally, the POWER LED
lights steadily.
CourseFSSSRX650
JuniperNetworks,Inc.94
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide93
CONFIDENTIAL
FSSSRX650
www.juniper.net | 93
In this section, you learned to replace the AC power supply on the SRX650 Services Gateway.
You should now be able to:
Describe the AC power supply on the SRX650 Services Gateway, and
Describe the procedure to replace the AC power supply on the SRX650 Services Gateway.
CourseFSSSRX650
JuniperNetworks,Inc.95
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide94
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.96
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide95
Section Overview
In this section, you will learn to replace the Services and Routing Engine
(SRE) on the SRX650 Services Gateway.
The SRE module provides processing power for security services, routing
protocol processes, and other software processes that control the services
gateway interfaces, some of the chassis components, system
management, and user access to the device. The services gateway must
have at least one SRE installed. You can install additional SREs to increase
processing power or to create SRE redundancy.
After successfully completing this section, you will be able to:
Describe the Services and Routing Engine on the SRX650 Services Gateway.
Describe the procedure to replace the SRE on the SRX650 Services Gateway..
CONFIDENTIAL
FSSSRX650
www.juniper.net | 95
In this section, you will learn to replace the Services and Routing Engine (or SRE) on the
SRX650 Services Gateway.
The SRE module provides processing power for security services, routing protocol processes,
and other software processes that control the services gateway interfaces, some of the
chassis components, system management, and user access to the device.
The services gateway must have at least one SRE installed. You can install additional SREs
to increase processing power or to create SRE redundancy.
After successfully completing this section, you will be able to:
Describe the Services and Routing Engine on the SRX650 Services Gateway, and
Describe the procedure to replace the SRE on the SRX650 Services Gateway.
CourseFSSSRX650
JuniperNetworks,Inc.97
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide96
CONFIDENTIAL
FSSSRX650
www.juniper.net | 96
To remove or install an SRE in an SRX650 Services Gateway, you need an electrostatic bag
or antistatic mat, an ESD grounding wrist strap, and a number 2 Phillips screwdriver.
CourseFSSSRX650
JuniperNetworks,Inc.98
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide97
Removing an SRE
CONFIDENTIAL
FSSSRX650
www.juniper.net | 97
The SRE is located at the back panel of the chassis and can be installed in the horizontal
slots labeled SRE0 and SRE1.0/1.1.
CAUTION: SREs are not Online Insertion and Removal (or OIR) capable. You must power off
the services gateway before removing or inserting an SRE.
CourseFSSSRX650
JuniperNetworks,Inc.99
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide98
Removing an SRE
CONFIDENTIAL
FSSSRX650
www.juniper.net | 98
CourseFSSSRX650
JuniperNetworks,Inc.100
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide99
Removing an SRE
CONFIDENTIAL
FSSSRX650
www.juniper.net | 99
CourseFSSSRX650
JuniperNetworks,Inc.101
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide100
Installing an SRE
CONFIDENTIAL
FSSSRX650
www.juniper.net | 100
The SRE installs at the back panel of the chassis in the horizontal slots labeled SRE0 and
SRE1.0/1.1.
CAUTION: SREs are not Online Insertion and Removal (OIR) capable. You must power off the
services gateway before removing or inserting an SRE.
CourseFSSSRX650
JuniperNetworks,Inc.102
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide101
Installing an SRE
CONFIDENTIAL
FSSSRX650
www.juniper.net | 101
CourseFSSSRX650
JuniperNetworks,Inc.103
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide102
Installing an SRE
CONFIDENTIAL
FSSSRX650
www.juniper.net | 102
Slide the SRE into the chassis until you feel resistance, carefully ensuring that it is correctly
aligned.
Then, with your thumbs, push the locking levers into place to fully lock the SRE into the slot.
WARNING: If the locking levers are not aligned properly with the edge of the SRE slot, the
SRE will not be properly seated into the SRE backplane receptacle.
Using a #2 Phillips screwdriver, tighten the captive screws on each side of the locking levels.
Finally, power on the services gateway and verify that the SRE LED indicators on the chassis
and the SRE LED are green.
CourseFSSSRX650
JuniperNetworks,Inc.104
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide103
Section Summary
CONFIDENTIAL
FSSSRX650
www.juniper.net | 103
In this section, you learned to replace a Services and Routing Engine on the SRX650
Services Gateway.
You should now be able to:
Describe the SRE on the SRX650 Services Gateway, and
Describe the procedure to replace the SRE on the SRX650 Services Gateway.
CourseFSSSRX650
JuniperNetworks,Inc.105
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide104
Additional Information
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.106
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide105
Section Summary
CONFIDENTIAL
FSSSRX650
www.juniper.net | 105
For additional information about the SRX650 Services Gateway, access the Juniper Networks
Web site.
Click the first URL to get a list of technical publications about the Juniper Networks devices,
appliances and systems, and management products.
Click the second URL to get up-to-date information on instructor-led training, certification,
and Juniper Networks books.
Click the third URL to access the SRX Series Services Gateway Hardware Installation and
Configuration Guide.
CourseFSSSRX650
JuniperNetworks,Inc.107
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide106
Conclusion
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.108
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide107
Conclusion
Congratulations!
CONFIDENTIAL
FSSSRX650
www.juniper.net | 107
Congratulations! You have come to the end of this course. In this course, you learned to
install the SRX650 Services Gateway and perform auto-installation and initial configuration.
You also learned to replace SRX650 Gigabit-Backplane Pluggable Interface Modules (or
GPIMs), the fan tray, air filter, AC power supply, as well as the SRX650 Services and Routing
Engine (or SRE).
Thank you for taking this course.
CourseFSSSRX650
JuniperNetworks,Inc.109
SRX650ServicesGatewayInstallationandInitialConfiguration
Slide109
CONFIDENTIAL
FSSSRX650
www.juniper.net | 109
Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo,
Junos, NetScreen and ScreenOS are registered trademarks of Juniper Networks, Inc. in the
United States and other countries. JunosE is a trademark of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks or registered service marks are the
property of their respective owners. Juniper Networks reserves the right to change, modify,
transfer or otherwise revise this publication without notice.
CourseFSSSRX650
JuniperNetworks,Inc.110