FSSSRX650A

education services courseware
SRX650 Services Gateway Installation

and Initial Configuration
Student Guide
SRX650ServicesGatewayInstallationandInitialConfiguration
NOTE:PleasenotethisStudentGuidehasbeendevelopedfromanaudionarration.Thereforeitwillhave
conversationalEnglish.Thepurposeofthistranscriptistohelpyoufollowtheonlinepresentationandmayrequire
referencetoit.
Slide2
SRX650 Services Gateway

Installation and Initial
Configuration.
Introduction
2010 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential
CourseFSSSRX650
JuniperNetworks,Inc.2
Slide3
2010 Juniper Networks, Inc. All rights reserved.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 3
Throughout this module, you will find slides with valuable detailed information. You can stop
any slide with the Pause button to study the details. You can also read the notes by using the
Notes tab. You can click the Feedback link at anytime to submit suggestions or corrections
directly to the Juniper Networks eLearning team.
CourseFSSSRX650
Slide4
Introduction
Welcome to the SRX650 Services Gateway Installation and Initial

Configuration online training program. This course describes the procedures to
install and configure the SRX650 Services Gateway offered by Juniper
Networks.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 4
Welcome to the SRX650 Services Gateway Installation and Initial Configuration online
training program.
This course describes the procedures to install and configure the SRX650 Services Gateway
offered by Juniper Networks.
CourseFSSSRX650
Slide5
Course Objectives
Upon completing this course, youll be able to install the SRX650 Services
Gateway and perform auto-installation and initial configuration. You will also
be able to replace SRX650 Gigabit-Backplane Pluggable Interface Modules
(GPIMs), the fan tray, air filter, AC power supply, as well as the SRX650
Services and Routing Engine (SRE).
CONFIDENTIAL
FSSSRX650
www.juniper.net | 5
Upon completing this course, youll be able to install the SRX650 Services Gateway and
perform auto-installation and initial configuration. You will also be able to replace SRX650
Gigabit-Backplane Pluggable Interface Modules (or GPIMs), the fan tray, air filter, AC power
supply, as well as the SRX650 Services and Routing Engine (or SRE).
CourseFSSSRX650
Slide6

Configuration.
Installing the SRX650 Services

Gateway
CourseFSSSRX650
Slide7
Section Overview
After successfully completing this section, you will be
able to:
Describe the SRX650 Services Gateway and identify its
components.
Describe the proper safety procedures to follow during installation.
List the tools and components required to install the device.
Unpack the device.
Mount the device in a rack.
Connect interface cables.
Ground the SRX device.
Power the SRX device on and off.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 7
After successfully completing this section, you will be able to install the SRX650 Services
Gateway.
We will begin with a product overview of the devices, followed by the safety information and
the tools and components required for this installation.
You will then be given a demonstration of the SRX650 Services Gateway installation process.
After successfully completing this section, you will be able to:
Describe the SRX650 Services Gateway and identify its components.
Unpack the device.
Ground the SRX device, and
CourseFSSSRX650
Slide8

Configuration.
Product Overview
CourseFSSSRX650
Slide9
Product Overview
SRX650 Services Gateway Overview
SRX650 is ideally suited for securing small to
medium-sized enterprise locations:
Regional offices
Large branch offices
Small to medium enterprises
SRX650 Services Gateway contains a rearpluggable Services and Routing Engine (SRE)
module that provides robust performance for
mid-range applications, particularly routing
and security services.
CONFIDENTIAL
FSSSRX650
www.juniper.net | 9
The SRX650 is a mid-range dynamic services gateway that consolidates network

infrastructure and security applications for regional offices, large branch offices, and small
to medium enterprises. The services gateway provides cost-effective, scalable integration of
routing, security, and other mid-range applications for these sites.
The SRX650 services gateway has a modular 2U chassis and contains a rear-pluggable
Services and Routing Engine (or SRE) module that provides robust performance for midrange applications, particularly routing and security services.
CourseFSSSRX650
Slide10
Product Overview
SRX650 Services Gateway Access
J-Web interface
Junos operating system command-line
interface (CLI)
SRX650 Services GatewayFeatures

4 Gigabit Ethernet ports
Gigabit-Backplane Pluggable Interface
Modules (GPIMs)
Power over Ethernet (PoE) ports
CONFIDENTIAL
FSSSRX650
www.juniper.net | 10
Like other Junos operating system devices, the SRX650 Services Gateway can be accessed
through both the J-Web interface as well as the Junos OS command-line interface (or CLI).
The SRX650 includes four Gigabit Ethernet ports and support for Gigabit-Backplane
Pluggable Interface Modules (or GPIMs). The SRX650 also provides Power over Ethernet (or
PoE) ports.
CourseFSSSRX650
Slide11

Configuration.
Safety Information
CourseFSSSRX650
Slide12
Safety Information
Permit only trained and qualified

personnel to install or replace the
SRX Series Services Gateway
components.
Perform only the procedures
described in the Hardware Guide or
Getting Started Guide for your device.
Other services must be performed by
authorized service personnel only.
Before you connect the SRX Series
Services Gateway to a power source,
read the installation instructions in
the Hardware Guide and Getting
Started Guide for your device.
CONFIDENTIAL
FSSSRX650
Lets look at a few safety instructions before you start the installation. This is a summary of
the safety warnings.
Permit only trained and qualified personnel to install or replace the SRX Series Services
Gateway components.
Perform only the procedures described in the Hardware Guide or Getting Started Guide for
your device. Other services must be performed by authorized service personnel only.
Before you connect the SRX Series Services Gateway to a power source, read the installation
instructions in the Hardware Guide and Getting Started Guide for your device.
CourseFSSSRX650
Slide13
Safety Information
Before installing the device, read the

guidelines about preparing for device
installation in the Hardware Guide and
Getting Started Guide for your device.
Ensure that the site meets power,
environmental, and clearance
requirements for the device.
We recommend that two persons
should perform the SRX Series
Services Gateway installation. One
person should lift the device into
position and the other person should
secure the mounting screws. To
prevent injury, the workers should
keep their backs straight and lift with
their legs, and not their backs.
CONFIDENTIAL
FSSSRX650
Before installing the device, read the guidelines about preparing for device installation in the
Hardware Guide and Getting Started Guide for your device to make sure that the site meets
power, environmental, and clearance requirements for the device.
We recommend that two persons should perform the SRX Series Services Gateway
installation. One person should lift the device into position and the other person should
secure the mounting screws. To prevent injury, the workers should keep their backs straight
and lift with their legs, and not their backs.
CourseFSSSRX650
Slide14
Safety Information
Mount the device at the bottom of

the rack if it is the only unit in the
rack.
When mounting the device in a
partially filled rack, load the rack
from the bottom to the top, with the
heaviest component at the bottom of
the rack.
CONFIDENTIAL
FSSSRX650
Mount the device at the bottom of the rack if it is the only unit in the rack.
When mounting the device in a partially filled rack, load the rack from the bottom to the top,
with the heaviest component at the bottom of the rack.
CourseFSSSRX650
Slide15
Safety Information
If the rack is provided with stabilizing
devices, install the stabilizers before
mounting or servicing the SRX Series
Services Gateway in the rack.
When removing or installing an
electrical component, always place it
component-side up on a flat antistatic
surface or in an electrostatic bag.
Do not work on the system or connect
or disconnect cables during electrical
storms.
CONFIDENTIAL
FSSSRX650
If the rack is provided with stabilizing devices, install the stabilizers before mounting or
servicing the SRX Series Services Gateway in the rack.
When removing or installing an electrical component, always place it component-side up on
a flat antistatic surface or in an electrostatic bag.
Do not work on the system or connect or disconnect cables during electrical storms.
CourseFSSSRX650
Slide16
Safety Information
Before working on equipment that
is connected to power lines,
remove jewelry, including rings,
necklaces, and watches. Metal
objects heat up when connected to
power and ground and can cause
serious burns or become welded to
the terminals.
Failure to observe these safety
warnings can result in serious
physical injury.
SRX650 Hardware Guides

http://www.juniper.net/techpubs/har
dware/junos-srx/index.html
CONFIDENTIAL
FSSSRX650
Before working on equipment that is connected to power lines, remove jewelry, including
rings, necklaces, and watches. Metal objects heat up when connected to power and ground
and can cause serious burns or become welded to the terminals.
Failure to observe these safety warnings can result in serious physical injury.
To get a complete list of warnings, consult the SRX650 Hardware Guides, which can be
found at the link on the screen.
CourseFSSSRX650
Slide17

Configuration.
Installing the SRX650
CourseFSSSRX650
Slide18
Tools and Components Required
Tools and Parts Required

Power cord with a plug appropriate for
your geographical location
Electrostatic discharge (ESD)
grounding strap
Four mounting screws
#2 Phillips screwdriver
CONFIDENTIAL
FSSSRX650
Let's look at the tools and components you need to install and configure the SRX650
Services Gateway.
For each power supply, the SRX Gateway includes a power cord with a plug appropriate for
your geographical location and two mounting brackets.
In addition to these items, you need an electrostatic discharge (or ESD) grounding strap, four
mounting screws appropriate for your rack, and a #2 Phillips screwdriver.
CourseFSSSRX650
Slide19
Unpacking the SRX650 Services Gateway

SRX650 Services Gateway is shipped
in a cardboard carton and secured
with foam packing material. The carton
also contains an accessory box and
quick start instructions.
The devices are maximally protected
inside the shipping carton. Do not
unpack the device until you are ready
to begin installation.
Unpack the shipping carton and verify
the contents against the parts
inventory included in the carton.
Save the shipping carton and packing
materials in case you need to move or
ship the device later.
CONFIDENTIAL
FSSSRX650
The SRX650 Services Gateway is shipped in a cardboard carton and secured with foam
packing material. The carton also contains an accessory box and quick start instructions.
The devices are maximally protected inside the shipping carton. Do not unpack the device
until you are ready to begin installation.
Begin the installation by unpacking the shipping carton and verify the contents against the
parts inventory included in the carton.
Save the shipping carton and packing materials in case you need to move or ship the device
later.
CourseFSSSRX650
Slide20
Installing the Equipment
Steps to rack-mount a SRX650

Services Gateway
SRX650 Services Gateway can be
rack-mounted in:
Four-post (or telco) racks
Enclosed cabinets
Open-frame racks.
If you are installing multiple devices in

one rack, install the lowest one first
and proceed upward in the rack.
CONFIDENTIAL
FSSSRX650
The SRX650 services gateway can be installed in a rack. Many types of racks are
acceptable, including front-mount racks and four-post (or telco) racks, enclosed cabinets,
and open-frame racks. If you are installing the SRX650 in an enclosed cabinet, make sure
the cabinet is large enough to ensure adequate air flow. See the SRX650 Hardware Guide
for detailed clearance specifications.
Note: If you are installing multiple devices in one rack, install the lowest one first and
proceed upward in the rack.
CourseFSSSRX650
Slide21

Follow these steps to rack-mount
a SRX650 Services Gateway:
Attach an ESD grounding strap to
your bare wrist and connect the strap
to the ESD point on the chassis or to
an outside ESD point if the device is
disconnected from earth ground.
Position a mounting bracket on each
side of the chassis. Align the holes on
the bracket with those on the device.
Using a # 2 Phillips screwdriver,
screws the mounting brackets to the
chassis.
Have one person grasp the sides of
the device, lift it, and position it in the
rack.
CONFIDENTIAL
FSSSRX650
To rack mount a SRX650 Services Gateway, perform the following steps:

First, attach an ESD grounding strap to your bare wrist and connect the strap to the ESD
point on the chassis or to an outside ESD point if the device is disconnected from earth
ground.
Next, position a mounting bracket on each side of the chassis as shown on the screen. Align
the holes on the bracket with those on the device.
Using a number 2 Phillips screwdriver, screws the mounting brackets to the chassis.
Then, have one person grasp the sides of the device, lift it, and position it in the rack.
CourseFSSSRX650
Slide22

Align the bottom hole in each
mounting bracket with a hole in each
rack rail, making sure the chassis is
level.
Have a second person install a
mounting screw into each of the two
aligned holes. Use a # 2 Phillips
screwdriver to tighten the screw.
Install the second screw in each
mounting bracket.
Verify that the mounting screws on
one side of the rack are aligned with
the mounting screws on the opposite
side and that the device is level.
Plug in the power supply to the power
outlet and the power adapter into the
device.
CONFIDENTIAL
FSSSRX650
Align the bottom hole in each mounting bracket with a hole in each rack rail as shown on the
screen, making sure the chassis is level.
Next, have a second person install a mounting screw into each of the two aligned holes. Use
a number2 phillips screwdriver to tighten the screw.
Then, install the second screw in each mounting bracket.
Verify that the mounting screws on one side of the rack are aligned with the mounting
screws on the opposite side and that the device is level.
Finally, plug in the power supply to the power outlet and the power adapter into the device.
CourseFSSSRX650
Slide23
Connecting the Interface Cables

After installing the hardware, you
must connect the interface cables
to the services gateway.
Follow these steps to connect
interface cables to the device:
Have a length of the type of cable
appropriate to the port and the
interface.
Insert the cable connector into
the cable connector port on the
interface faceplate.
CONFIDENTIAL
FSSSRX650
You connect the interfaces installed in the services gateway to various network media.
Each type of interface on a services gateway uses a particular medium to transmit data. You
must configure each network interface before it can operate on the device. External devices
can be attached to Console, Ethernet, or Gigabit Ethernet ports. To connect interface cables
to the device, ensure that you have a length of the type of cable appropriate for the port and
the interface. The most common interface types are shown on the screen.
Note that many different cable types use the same connector ends. Be sure that the pinout
for your cable is correct for your type of connection. For example, an Ethernet crossover
cable will fit into an ISDN port, but the individual wiring is wrong for ISDN, so the signaling
will not work.
Once you have a length of the type of cable appropriate to the port and the interface, insert
the cable connector into the cable connector port on the interface faceplate.
CourseFSSSRX650
Slide24
Connecting the Interface Cables
Arrange the cable as follows to prevent

it from dislodging or developing stress
points:
Secure the cable so that it is not
supporting its own weight as it
hangs to the floor.
Place excess cable out of the way in
a neatly coiled loop.
Place fasteners on the loop to help
maintain its shape.
CONFIDENTIAL
FSSSRX650
Then, arrange the cable as follows to prevent it from dislodging or developing stress points:
Secure the cable so that it is not supporting its own weight as it hangs to the floor.
Place excess cable out of the way in a neatly coiled loop.
Place fasteners on the loop to help maintain its shape.
CourseFSSSRX650
Slide25
Grounding the SRX650 Services Gateway

Ground the device by connecting
a grounding cable to earth
ground and then attaching it to
the chassis grounding points on
the right side of the device using
two UNC -20 screws, which are
not provided. Grounding cables
and lugs are not provided.
Before device installation begins,
a licensed electrician must attach
a cable lug to the grounding and
power cables that you supply. A
cable with an incorrectly attached
lug can damage the device.
CONFIDENTIAL
FSSSRX650
You ground the device by connecting a grounding cable to earth ground and then attaching it
to the chassis grounding points on the right side of the device using two UNC -20 screws,
which are not provided. Grounding cables and lugs are also not provided.
CAUTION: Before device installation begins, a licensed electrician must attach a cable lug to
the grounding and power cables that you supply. A cable with an incorrectly attached lug can
damage the device.
CourseFSSSRX650
Slide26
Follow these steps to ground the device:

Attach an electrostatic discharge (ESD)
grounding strap to your bare wrist, and
connect the strap to the ESD point on
the chassis.
Ensure that all grounding surfaces are
clean and brought to a bright finish
before grounding connections are
made.
Connect the grounding cable to a
proper earth ground.
Place the grounding cable lugs over
the grounding points on the upper rear
of the chassis.
CONFIDENTIAL
FSSSRX650
Follow these steps to ground the device:

First, attach an electrostatic discharge (ESD) grounding strap to your bare wrist, and connect
the strap to the ESD point on the chassis.
Then, ensure that all grounding surfaces are clean and brought to a bright finish before
grounding connections are made.
Next, connect the grounding cable to a proper earth ground.
Then, place the grounding cable lugs over the grounding points on the upper rear of the
chassis.
CourseFSSSRX650
Slide27
Secure the grounding cable lug to

the grounding points, first with the
washers, then with the screws.
Dress the grounding cable and verify
that it does not touch or block
access to the services gateway
components and that it does not
drape where people could trip on it.
CONFIDENTIAL
FSSSRX650
Secure the grounding cable lug to the grounding points, first with the washers, then with the
screws.
Finally, dress the grounding cable and verify that it does not touch or block access to the
services gateway components and that it does not drape where people could trip on it.
CourseFSSSRX650
Slide28
Powering an SRX Series Services Gateway On and Off
Follow these steps to power on an

SRX650 Services Gateway:
your bare wrist, and connect the
strap to the ESD point on the
chassis.
Press the power switch on the power
supply on the back panel of the
services gateway.
The device starts as the power
supply completes its startup
sequence. The POWER LED lights
during startup and remains on
steadily when the device is operating
normally.
CONFIDENTIAL
FSSSRX650
Follow these steps to power on an SRX650 Services Gateway,

First, Attach an ESD grounding strap to your bare wrist, and connect the strap to the ESD
point on the chassis.
Then, press the power switch on the power supply on the back panel of the services gateway.
The services gateway starts as the power supply completes its startup sequence. The
POWER LED (on the front panel of the chassis) lights during startup and remains on steadily
when the services gateway is operating normally.
CourseFSSSRX650
Slide29
To power off an SRX650 Services

Gateway, press and release the power
button. The device gracefully shuts
down the operating system, the SREs,
and any GPIM, sand then powers itself
off.
After powering off a power supply, wait
at least 60 seconds before turning it
back on. After powering on a power
supply, wait at least 10 seconds before
turning it off.
To remove power completely from the
device, unplug the AC power cord.
After powering off a power supply, wait
at least 10 seconds before turning it
back on. After powering on a power
supply, wait at least 10 seconds before
turning it off.
CONFIDENTIAL
FSSSRX650
To power off an SRX650 Services Gateway, press and release the power button. The device
gracefully shuts down the operating system, the SREs, and any GPIM, sand then powers
itself off.
After powering off a power supply, wait at least 60 seconds before turning it back on. After
powering on a power supply, wait at least 10 seconds before turning it off.
To remove power completely from the device, unplug the AC power cord.
After powering off a power supply, wait at least 10 seconds before turning it back on. After
powering on a power supply, wait at least 10 seconds before turning it off.
CourseFSSSRX650
Slide30

The power button on the SRX device is
a standby power switch. If the device is
connected to a power source, the
device remains in standby mode and
between 3.3 V and 5 V of standby
voltage is still available in the chassis.
If the system is completely powered off,
the device starts as the power supply
completes its startup sequence. To
power off the system again, first issue
the CLI request system halt command.
After the power supply is turned on, it
can take up to 60 seconds for status
indicators to indicate that the power
supply is functioning normally.
CONFIDENTIAL
FSSSRX650
The power button on the SRX device is a standby power switch. If the device is connected to
a power source when you press the power button to power it off, the device remains in
standby mode and between 3.3 V and 5 V of standby voltage is still available in the chassis.
If the system is completely powered off when you turn on the power supply, the device starts
as the power supply completes its startup sequence. If the device finishes starting and you
need to power off the system again, first issue the CLI request system halt command.
After the power supply is turned on, it can take up to 60 seconds for status indicatorssuch
as the Status LEDs on the power supply and the show chassis command displayto indicate
that the power supply is functioning normally. Ignore error indicators that appear during the
first 60 seconds.
CourseFSSSRX650
Slide31
Section Summary
In this section, you learned to install the SRX650 Services Gateway.
You should now be able to:
Unpack the device.
Ground the SRX device.
CONFIDENTIAL
FSSSRX650
In this section, you learned to install the SRX650 Services Gateway.

We began with a product overview of the devices, followed by the safety information and the
tools and components required for this installation.
You then received a demonstration of the SRX650 Services Gateway installation process.
Unpack the device.
Ground the SRX device, and
CourseFSSSRX650
Slide32

Configuration.
Configuring Autoinstallation for the

CourseFSSSRX650
Slide33
Section Objectives
In this section, you will learn to configure
auto installation on the SRX650 Services
Gateway.
After successfully completing this section,
you will be able to:
Describe the autoinstallation process.
Describe the supported autoinstallation
interfaces and protocols;
Configure autoinstallation on the
SRX650 Services Gateway; and
Verify that autoinstallation has been
completed.
CONFIDENTIAL
FSSSRX650
In this section, you will learn to configure autoinstallation on the SRX650 Services Gateway.
More specifically, after completing this section, youll be able to:
Describe the supported autoinstallation interfaces and protocols;
Configure autoinstallation on the SRX650 Services Gateway; and
Verify that autoinstallation has been completed.
CourseFSSSRX650
Slide34
SRX650 Services Gateway Autoinstallation Overview
For setting up many services gateways,

autoinstallation can help automate the
configuration process by loading
configuration files onto new or existing
devices automatically over the network.
Autoinstallation process:
Begins any time a services gateway is
powered on and cannot locate a valid
configuration file in the
CompactFlash memory.
Runs when a services gateway is
powered on for the first time or if the
configuration file is deleted from the
CompactFlash memory.
Enables you to deploy multiple
services gateways from a central
location.
CONFIDENTIAL
FSSSRX650
If you are setting up many services gateways, autoinstallation can help automate the
configuration process by loading configuration files onto new or existing devices
automatically over the network.
The Junos OS is preinstalled on the services gateway. When the device is powered on, it is
ready to be configured.
The autoinstallation process begins any time a services gateway is powered on and cannot
locate a valid configuration file in the CompactFlash memory. Typically, a configuration file is
unavailable when a services gateway is powered on for the first time or if the configuration
file is deleted from the CompactFlash memory. The autoinstallation feature enables you to
deploy multiple services gateways from a central location in the network.
CourseFSSSRX650
Slide35

To set up many devices, load
configuration files onto new or existing
devices automatically over the
network using either the J-Web
configuration editor or CLI
configuration editor.
J-Web does not include Quick
Configuration pages for
autoinstallation. You must store one
or more host-specific or default
configuration files on a configuration
server in the network and have a
service availabletypically Dynamic
Host Configuration Protocol (DHCP)
to assign an IP address to the services
gateway.
CONFIDENTIAL
FSSSRX650
If you are setting up many devices, autoinstallation can help automate the configuration
process by loading configuration files onto new or existing devices automatically over the
network. You can use either the J-Web configuration editor or CLI configuration editor to
configure a device for autoinstallation.
The J-Web interface does not include Quick Configuration pages for autoinstallation. For the
autoinstallation process to work, you must store one or more host-specific or default
configuration files on a configuration server in the network and have a
service availabletypically Dynamic Host Configuration Protocol (or DHCP)to assign an IP
address to the services gateway.
CourseFSSSRX650
Slide36
Autoinstallation takes place

automatically when you connect
Ethernet port ge-0/0/0 on a new
services gateway to the network and
power on the device. You can
explicitly enable autoinstallation on a
device and specify a configuration
server, an autoinstallation interface,
and a protocol for IP address
acquisition.
CONFIDENTIAL
FSSSRX650
Autoinstallation takes place automatically when you connect Ethernet port GE-0/0/0 on a
new services gateway to the network and power on the device. To simplify the process, you
can explicitly enable autoinstallation on a device and specify a configuration server, an
autoinstallation interface, and a protocol for IP address acquisition.
CourseFSSSRX650
Slide37
SRX650 Services Gateway Supported Autoinstallation Interfaces

and Protocols
Autoinstallation provides automatic

configuration for a new services
gateway that you connect to the
network and turn on.
The protocol or protocols you choose
for IP address acquisition determine
the device interface to connect to the
network for autoinstallation. The
services gateway detects the
connected interface and requests an
IP address with a protocol appropriate
for the interface. Autoinstallation is
supported over an Ethernet LAN
interface or a serial LAN or WAN
interface.
CONFIDENTIAL
FSSSRX650
Autoinstallation provides automatic configuration for a new services gateway that you
connect to the network and turn on.
Before autoinstallation on a services gateway can take place, the services gateway must
acquire an IP address. The protocol or protocols you choose for IP address acquisition
determine the device interface to connect to the network for autoinstallation. The services
gateway detects the connected interface and requests an IP address with a protocol
appropriate for the interface. Autoinstallation is supported over an Ethernet LAN interface or
a serial LAN or WAN interface.
CourseFSSSRX650
Slide38
SRX650 Services Gateway Supported Autoinstallation Interfaces

and Protocols
SRX650 Services Gateway Interfaces

and Protocols for IP Address
Acquisition During Autoinstallation
You might have to configure an
intermediate device directly attached
to the new device, through which the
new device can send Trivial File
Transfer Protocol (TFTP), BOOTP, and
Domain Name System (DNS) requests.
In this case, you specify the IP address
of the intermediate device as the
location to receive TFTP requests for
autoinstallation.
CONFIDENTIAL
FSSSRX650
For Ethernet LAN interfaces with High-level Data Link

Control (or HDLC), the services gateway uses DHCP, BOOTP, or Reverse Address Resolution
Protocol (or RARP). For Serial WAN interface with HDLC, the devices use Serial Line Address
Resolution Protocol (or SLARP). And for Serial WAN interface with Frame Relay, the device
uses BOOTP.
If the server with the autoinstallation configuration file is not on the same LAN segment as
the new services gateway, or if a specific device is required by the network, you must
configure an intermediate device directly attached to the new device, through which the new
device can send Trivial File Transfer Protocol (or TFTP), BOOTP, and Domain Name System (or
DNS) requests. In this case, you specify the IP address of the intermediate device as the
location to receive TFTP requests for autoinstallation.
CourseFSSSRX650
Slide39
Autoinstallation Process on the SRX650 Services Gateway
When a services gateway is powered

on for the first time, it performs the
following autoinstallation tasks:
The new services gateway sends out
DHCP, BOOTP, RARP, or SLARP
requests on each connected
interface simultaneously to obtain an
IP address.
If a DHCP server responds, it
provides the device with some or all
of the following information:
An IP address and subnet mask for
the autoinstallation interface.
The location of the TFTP (typically),
Hypertext Transfer Protocol (HTTP),
or FTP server on which the
configuration file is stored.
CONFIDENTIAL
FSSSRX650
When a services gateway is powered on for the first time, it sends out DHCP, BOOTP, RARP,
or SLARP requests on each connected interface simultaneously to obtain an IP address.
If a DHCP server responds, it provides the device with the IP address and subnet mask for
the autoinstallation interface;
the location of the TFTP, HTTP, or FTP server on which the configuration file is stored; the
name of the configuration file to be requested from the TFTP server; the IP address or
hostname of the TFTP server; and the IP address of an intermediate device if the
configuration server is on a different LAN segment from the new device.
CourseFSSSRX650
Slide40
The name of the configuration file

to be requested from the TFTP
server.
The IP address or hostname of the
TFTP server. If the DHCP server
provides only the hostname, a DNS
server must be available on the
network to resolve the name to an
IP address.
The IP address of an intermediate
device if the configuration server is
on a different LAN segment from
the new device.
After the new services gateway

acquires an IP address, the
autoinstallation process on the
device attempts to download a
configuration file in the following
ways:
CONFIDENTIAL
FSSSRX650
the name of the configuration file to be requested from the TFTP server; the IP address or
hostname of the TFTP server; and the IP address of an intermediate device if the
configuration server is on a different LAN segment from the new device
After the new services gateway acquires an IP address, the autoinstallation process on the
device attempts to download a configuration file in one of the following ways.
CourseFSSSRX650
Slide41
If the DHCP server specifies the hostspecific configuration file (boot file)
hostname.conf, the device uses that
filename in the TFTP server request. (In
the filename, hostname is the
hostname of the new device.) The
autoinstallation process on the new
device makes three unicast TFTP
requests for hostname.conf. If these
attempts fail, the device broadcasts
three requests to any available TFTP
server for the file.
If the new device cannot locate
hostname.conf, the autoinstallation
process unicasts or broadcasts TFTP
requests for a default device
configuration file called network.conf,
which contains hostname-to-IP address
mapping information, to attempt to find
its hostname.
CONFIDENTIAL
FSSSRX650
If the DHCP server specifies the host-specific configuration file (that is, the boot file)
hostname.conf, the device uses that filename in the TFTP server request. (In the filename,
hostname is the hostname of the new device.) The autoinstallation process on the new
device makes three unicast TFTP requests for hostname.conf. If these attempts fail, the
device broadcasts three requests to any available TFTP server for the file.
If the new device cannot locate hostname.conf, the autoinstallation process unicasts or
broadcasts TFTP requests for a default device configuration file called network.conf, which
contains hostname-to-IP address mapping information, to attempt to find its hostname.
CourseFSSSRX650
Slide42
If network.conf contains no
hostname entry for the new services
gateway, the autoinstallation
process sends out a DNS request
and attempts to resolve the new
device's IP address to a hostname.
If the new services gateway can
determine its hostname, it sends a
TFTP request for the hostname.conf
file.
If the new services gateway is unable
to map its IP address to a hostname,
it sends TFTP requests for the
default configuration file router.conf.
After the new services gateway locates

a configuration file on a TFTP server,
autoinstallation downloads the file,
installs the file on the device, and
commits the configuration.
CONFIDENTIAL
FSSSRX650
If network.conf contains no hostname entry for the new services gateway, the
autoinstallation process sends out a DNS request and attempts to resolve the new device's
IP address to a hostname.
If the new services gateway can determine its hostname, it sends a TFTP request for the
hostname.conf file.
If the new services gateway is unable to map its IP address to a hostname, it sends TFTP
requests for the default configuration file router.conf.
After the new services gateway locates a configuration file on a TFTP server, autoinstallation
downloads the file, installs the file on the device, and commits the configuration.
CourseFSSSRX650
Slide43
To configure a network for services

gateway autoinstallation, complete the
following tasks:
Configure a DHCP server on your
network to meet your network
requirements. You can configure a
services gateway to operate as a
DHCP server. For more information,
see the Junos OS Administration
Guide.
Create one of the following
configuration files, and store it on a
TFTP server in the network:
CONFIDENTIAL
FSSSRX650
To configure a network for services gateway autoinstallation, complete the following tasks:
First, configure a DHCP server on your network to meet your network requirements. You can
configure a services gateway to operate as a DHCP server. For more information, see the
Junos OS Administration Guide.
Then, create either a host-specific file or a default configuration file, and store it on a TFTP
server in the network.
CourseFSSSRX650
Slide44
A host-specific file with the name

hostname.conf for each services
gateway undergoing
autoinstallation. Replace
hostname with the name of a
services gateway. The
hostname.conf file typically
contains all the configuration
information necessary for the
device with this hostname.
A default configuration file named
router.conf with the minimum
configuration necessary to enable
you to telnet into the new services
gateway for further configuration.
Physically attach the services

gateway to the network using the
Gigabit Ethernet interface.
CONFIDENTIAL
FSSSRX650
The host-specific file will have the name hostname.conf for each services gateway
undergoing autoinstallation. Replace hostname with the name of a services gateway. The
hostname.conf file typically contains all the configuration information necessary for the
device with this hostname. The default configuration file should be named router.conf with
the minimum configuration necessary to enable you to telnet into the new services gateway
for further configuration.
Next, physically attach the services gateway to the network using the Gigabit Ethernet
interface.
CourseFSSSRX650
Slide45
If you configure the DHCP server to

provide only the TFTP server
hostname, add an IP address-tohostname mapping entry for the
TFTP server to the DNS database file
on the DNS server in the network.
If the new device is not on the same
network segment as the DHCP server
(or other device providing IP address
resolution), configure an existing
device as an intermediate to receive
TFTP and DNS requests and forward
them to the TFTP server and the DNS
server. You must configure the LAN
or serial interface on the
intermediate device with the IP
addresses of the hosts providing
TFTP and DNS service. Connect this
interface to the new device.
CONFIDENTIAL
FSSSRX650
If you configure the DHCP server to provide only the TFTP server hostname, add an IP
address-to-hostname mapping entry for the TFTP server to the DNS database file on the
DNS server in the network.
If the new device is not on the same network segment as the DHCP server (or other device
providing IP address resolution), configure an existing device as an intermediate to receive
TFTP and DNS requests and forward them to the TFTP server and the DNS server. You must
configure the LAN or serial interface on the intermediate device with the IP addresses of the
hosts providing TFTP and DNS service. Connect this interface to the new device.
CourseFSSSRX650
Slide46
If you are using hostname.conf files

for autoinstallation of host-specific
configuration files, you must also
complete the following tasks:
Configure the DHCP server to provide
a hostname.conf filename to each
new services gateway. Each device
uses its hostname.conf filename to
request a configuration file from the
TFTP server. Copy the necessary
hostname.conf configuration files to
the TFTP server.
CONFIDENTIAL
FSSSRX650
Finally, if you are using hostname.conf files for autoinstallation of host-specific configuration
files, you must also configure the DHCP server to provide a hostname.conf filename to each
new services gateway. Each device uses its hostname.conf filename to request a
configuration file from the TFTP server . Copy the necessary hostname.conf configuration
files to the TFTP server.
CourseFSSSRX650
Slide47
Create a default configuration file

named network.conf, and copy it to
the TFTP server. This file contains IP
address-to-hostname mapping
entries. If the DHCP server does not
send a hostname.conf filename to a
new device, the services gateway
uses network.conf to resolve its
hostname based on its IP address.
Alternatively, you can add the IP

address-to-hostname mapping entry
for the new services gateway to a DNS
database file. The device uses the
hostname to request a hostname.conf
file from the TFTP server.
CONFIDENTIAL
FSSSRX650
You must also create a default configuration file named network.conf, and copy it to the
TFTP server. This file contains IP address-to-hostname mapping entries. If the DHCP server
does not send a hostname.conf filename to a new device, the services gateway uses
network.conf to resolve its hostname based on its IP address.
Alternatively, you can add the IP address-to-hostname mapping entry for the new services
gateway to a DNS database file. The device uses the hostname to request a hostname.conf
file from the TFTP server.
CourseFSSSRX650
Slide48
Verifying Autoinstallation Status on the SRX650 Services Gateway
To display and verify the

autoinstallation status on the SRX650
Services Gateway, enter the show
system autoinstallation status
command in the CLI.
CONFIDENTIAL
FSSSRX650
To display and verify the autoinstallation status on the SRX650 services gateway, enter the
show system autoinstallation status command in the CLI.
CourseFSSSRX650
Slide49
Section Summary
In this section, you learned to
configure auto installation on the
SRX650 Services Gateway.
you you should now be able to:
Describe the supported autoinstallation
interfaces and protocols;
Configure autoinstallation on the
SRX650 Services Gateway; and
Verify that autoinstallation has been
completed.
CONFIDENTIAL
FSSSRX650
In this section, you learned to configure autoinstallation on the SRX650 Services Gateway.
More specifically, after completing this section, you should now be able to:
Describe the supported autoinstallation interfaces and protocols;
Configure autoinstallation on the SRX650 Services Gateway; and
Verify that autoinstallation has been completed.
CourseFSSSRX650
Slide50

Configuration.
Configuring the SRX650 Services

Gateway
CourseFSSSRX650
Slide51
Section Objectives
In this section, you will learn to configure
the SRX650 Services Gateway.
you will be able to:
Access an SRX device.
Perform basic device configuration with
the
J-Web user interface.
the CLI.
Reset the default configuration file.
CONFIDENTIAL
FSSSRX650
In this section, you will learn to configure the SRX650 Services Gateway.
Perform basic device configuration with the
J-Web user interface.
Perform basic device configuration with the CLI, and
CourseFSSSRX650
Slide52
Accessing the SRX650 Services Gateway
The Junos OS is preinstalled on the

services gateway. When the device is
powered on, it is ready to be
configured.
If you are setting up a services
gateway for the first time, you can use
either J-Web Quick Configuration or a
configuration editor to configure basic
connectivity.
CONFIDENTIAL
FSSSRX650
The Junos OS is preinstalled on the services gateway. When the device is powered on, it is
ready to be configured.
If you are setting up a services gateway for the first time, you can use either J-Web Quick
Configuration or a configuration editor to configure basic connectivity.
If you are setting up many services gateways, autoinstallation can help automate the
configuration process
CourseFSSSRX650
Slide53

To configure the SRX Series Services
Gateway, youll need:
A management device, such as a
laptop, with an Ethernet port (and a
serial port and an asynchronous
terminal application such as Microsoft
HyperTerminal if performing the initial
configuration with the CLI)
The Ethernet cable that came with the
device
Click each link for more information

about SRX Series Services Gateway
access and management options:
Console port
J-Web user interface (WebUI)
Telnet and SSH
CONFIDENTIAL
FSSSRX650
To configure the SRX Series Services Gateway, youll need a management device, such as a
laptop, with an Ethernet port and the Ethernet cable that came with the device.
If youre performing the initial configuration with the CLI instead of the J-Web user interface,
your management device will also need a serial port and an asynchronous terminal
application (such as Microsoft HyperTerminal).
You can configure and manage an SRX Series Services Gateway in several ways. To access
the SRX Series Services Gateway, you can use any of the following options:
Console port
J-Web User Interface (or WebUI)
Telnet and SSH
CourseFSSSRX650
Slide54
The console port on the device allows

you to:
Access the device by using a serial
cable.
Enter the command-line interface
(CLI) commands on your terminal or
in a terminal-emulation program.
The J-Web User Interface:

Provides access to the device through
a Web browser.
Accessed device through the built-in
Ethernet ports.
Is also available through a secure
server that uses Secure Sockets
Layer (SSL) with secure HTTP
(HTTPS).
CONFIDENTIAL
FSSSRX650
The console port on the device allows you to access the device through a serial cable
connected to your workstation or terminal. Then, to configure the device, you type Junos OS
command-line interface (or CLI) commands on your terminal or in a terminal-emulation
program on your computer.
The J-Web User Interface (or WebUI) is a graphical interface available through a browser. To
initially use the J-Web, you access the SRX device through the built-in Ethernet ports. You
can also access the WebUI through a secure server using Secure Sockets Layer (or SSL) with
secure HTTP (or HTTPS).
CourseFSSSRX650
Slide55
Telnet and SSH are applications that

allow you to:
Access to device is through an IP
network.
Type the Junos OS CLI commands.
Accessing through Telnet:

Allows access to execute commands
from a remote system.
CLI connections are not encrypted and
therefore can be intercepted.
Prohibited to the root user. You must
use more secure methods, such as
SSH, to log in as root.
Accessing through SSH:

Allows access the CLI to execute
commands from a remote system.
Encrypts traffic so that it cannot be
intercepted (unlike Telnet).
CONFIDENTIAL
FSSSRX650
Telnet and SSH are applications that allow you to access devices through an IP network. To
configure the device, you enter Junos OS CLI commands from your workstation.
Telnet allows you to connect to the services gateway and access the CLI to execute
commands from a remote system. Telnet CLI connections are not encrypted and therefore
can be intercepted. Telnet access to the root user is prohibited. You must use more secure
methods, such as SSH, to log in as root.
SSH allows you to connect to the device and access the CLI to execute commands from a
remote system. It also encrypts traffic so that it cannot be intercepted (unlike Telnet).
CourseFSSSRX650
Slide56
Built-In Ethernet Port on the SRX650 Services Gateway
Built-in Gigabit Ethernet ports are the

ports through which you perform initial
device setup:
SRX650 - ge-0/0/0 - ge-0/0/1
SRX - ge-0/0/0 - ge-0/0/15
Any built-in Gigabit Ethernet port can
be used to perform initial configuration.
When the factory default configuration
is active, the device attempts to
perform autoinstallation by obtaining a
device configuration through all its
connected interfaces, including ge0/0/0. The services gateway acts as a
DHCP client out of the built-in Ethernet
ports. (See section 3 for more
information on autoinstallation.)
CONFIDENTIAL
FSSSRX650
The four built-in Gigabit Ethernet ports, ge-0/0/0 and ge-0/0/3 on the front panel of the
SRX650, are the ports through which you perform initial device setup. Any built-in Gigabit
Ethernet port can be used to perform initial configuration. After the initial configuration is
complete, you can attach the built-in Ethernet port that you are using for management
purposes to the management network.
Before initial configuration, when the factory default configuration is active, the device
attempts to perform autoinstallation by obtaining a device configuration through all its
connected interfaces, including ge-0/0/0. The services gateway acts
as a DHCP client out of the built-in Ethernet ports.
CourseFSSSRX650
Slide57
If the services gateway does not find a

DHCP server within a few seconds, it
sets the address of the ports as
follows:
Port
ge-0/0/0
Address
192.168.1.1/24
The services gateway becomes a

DHCP server out of
the ge-0/0/0 port.
ge-0/0/1 (if used)
192.168.2.1/24
ge-0/0/2 through ge-0/0/3

192.168.3.1/24192.168.8.1/24
CONFIDENTIAL
FSSSRX650
If the services gateway does not find a DHCP server within a few seconds, it sets the address
of the ports
CourseFSSSRX650
Slide58
With the device temporarily acting as

a DHCP server, manually configure it
with the J-Web interface. Any DHCP
client host directly connected to ge0/0/0 receives an address on the
192.168.1.1/24 network.
The DHCP functionality for initial
setup is different from the
configurable DHCP server
functionality of the services gateway
during operation. Once connected to
ge-0/0/0, use a Web browser to visit
the address 192.168.1.1/24,
access the J-Web Quick
Configuration Set Up page, and
complete the initial configuration of
the device.
CONFIDENTIAL
FSSSRX650
With the device temporarily acting as a DHCP server, you can manually configure it with the
J-Web interface. Any DHCP client host, for example, a PC or laptop computer, directly
connected to ge-0/0/0 receives an address on the 192.168.1.1/24 network.
NOTE: The DHCP functionality for initial setup is different from the configurable DHCP server
functionality of the services gateway during operation.
Once you connect your laptop or PC to ge-0/0/0, you can use a Web browser to visit the
address 192.168.1.1/24, access the J-Web Quick Configuration Set Up page, and complete
the initial configuration of the device.
CourseFSSSRX650
Slide59
Perform the initial configuration and

commit it by clicking Apply or OK on the
Quick Configuration Set Up page. Then
the configured device can no longer act
as a DHCP server. To continue using the
device as a management interface,
configure the IP address of the interface
as part of the initial configuration.
CONFIDENTIAL
FSSSRX650
After you perform the initial configuration and commit it by clicking Apply or OK on the Quick
Configuration Set Up page, the configured device can no longer act as a DHCP server.
Therefore, to continue using the device as a management interface you should configure the
IP address of the interface as part of the initial configuration.
CourseFSSSRX650
Slide60
Connecting to the J-Web Interface

To use the J-Web interface to configure
the SRX Series Services Gateway, you
must connect through one of the builtin Ethernet management ports.
On initial powering on, the system
looks for a DHCP server. If it does not
find one, the system assigns an IP
address within the 192.168.1.0/24
subnetwork to any devices connected
to the system.
Follow these steps to connect to the JWeb interface through port 0 on the
services gateway:
CONFIDENTIAL
FSSSRX650
If you plan to use the J-Web interface to configure the SRX Series services gateway, you must
connect through one of the built-in Ethernet management ports.
When the services gateway is powered on for the first time, the system looks for a DHCP
server. If it does not find one, the system assigns an IP address within the 192.168.1.0/24
subnetwork to any devices connected to the system.
Follow these steps to connect to the J-Web interface through port 0 on the services gateway,
CourseFSSSRX650
Slide61
From the management device, verify

that the address of the port you
connect to is set to one of the following
values:
The Ethernet address on the
192.168.1/24 subnetwork other
than 192.168.1.1.
The Ethernet address from a DHCP
server
Turn off the power to the management

device.
Plug one end of the Ethernet cable into
the Ethernet port on the management
device.
Connect the other end of the Ethernet
cable to the built-in Gigabit Ethernet
port on the services gateway.
Power on the services gateway by
pressing the power button on the front
panel.
CONFIDENTIAL
FSSSRX650
First, from the management device you use to access the J-Web interface (such as a PC or a
laptop), verify that the address of the port you connect to is set to one of the following
values:
The Ethernet address on the 192.168.1/24 subnetwork other than 192.168.1.1. or
The Ethernet address from a DHCP server
Then, turn off the power to the management device.
Plug one end of the Ethernet cable into the Ethernet port on the management device, as
shown.
Next, connect the other end of the Ethernet cable to the built-in Gigabit Ethernet port on the
services gateway.
Power on the services gateway by pressing the power button on the front panel.
CourseFSSSRX650
Slide62

Wait until the Status LED on the
front panel turns solid green.
Turn on the power to the
management device. The services
gateway assigns an IP address to
the management device within the
192.168.1.0/24 subnetwork if the
services gateway is configured to
use DHCP.
From the management device,
open a Web browser and enter the
IP address 192.168.1.1 in the
address field. The J-Web Quick
Configuration Set Up page appears.
Configure basic settings for your
services gateway.
CONFIDENTIAL
FSSSRX650
Wait until the Status LED on the front panel turns solid green.
Then turn on the power to the management device. The services gateway assigns an IP
address to the management device within the 192.168.1.0/24 subnetwork if the services
gateway is configured to use DHCP.
From the management device, open a Web browser and enter the IP address 192.168.1.1 in
the address field. The J-Web Quick Configuration Set Up page appears.
Finally, configure basic settings for your services gateway.
CourseFSSSRX650
Slide63
You must manually configure the

IP address for the management
port you are using before you
save your initial configuration.
When you save the configuration
for the first time, you will lose the
connection to the services
gateway if you have not manually
configured the IP address. If you
lose the connection through the
management interface, you must
connect through the Console
port.
CONFIDENTIAL
FSSSRX650
NOTE: You must manually configure the IP address for the management port you are using
before you save your initial configuration. When you save the configuration for the first time,
you will lose the connection to the services gateway if you have not manually configured the
IP address. If you lose the connection through the management interface, you must connect
through the Console port.
CourseFSSSRX650
Slide64
To communicate with the services

gateway, the J-Web interface
uses or HTTP. HTTP allows easy
Web access but no encryption.
The data that is transmitted
between the Web browser and
the services gateway by means of
HTTP is vulnerable to interception
and attack. To enable secure
Web access, a services gateway
supports HTTPS. You can enable
HTTP or HTTPS access on specific
interfaces and ports as needed.
CONFIDENTIAL
FSSSRX650
NOTE: To communicate with the services gateway, the J-Web interface uses HTTP. HTTP
allows easy Web access but no encryption. The data that is transmitted between the Web
browser and the services gateway by means of HTTP is vulnerable to interception and attack.
To enable secure Web access, a services gateway supports HTTPS. You can enable HTTP or
HTTPS access on specific interfaces and ports as needed.
CourseFSSSRX650
Slide65
On the services gateway, the HTTP

access is enabled by default on the
built-in management interfaces. By
default, HTTPS access is supported on
any interface with an SSL server
certificate.
You can use J-Web Quick
Configuration or the J-Web
configuration editor to configure
secure Web access. For more
information see the SRX650
Hardware Guide.
CONFIDENTIAL
FSSSRX650
On the services gateway, the HTTP access is enabled by default on the built-in management
interfaces. By default, HTTPS access is supported on any interface with an SSL server
certificate.
You can use J-Web Quick Configuration or the J-Web configuration editor to configure secure
Web access. For more information see the SRX650 Hardware Guide.
CourseFSSSRX650
Slide66
Connecting to the CLI
To use the CLI to configure the SRX

Series Services Gateway, you must
connect through the Console port.
A remote connection to the services
gateway through a modem requires
the cable and connector (provided in
the services gateway accessory box),
plus a DB-9 female to DB-25 male
(or similar) adapter for your modem,
which must be purchased separately.
Follow these steps to connect to the
CLI using a local management device
through the Console port on the
services gateway:
your bare wrist and connect the strap
to the ESD point on the chassis or to
an outside ESD point if the device is
disconnected from earth ground.
CONFIDENTIAL
FSSSRX650
If you plan to use the CLI to configure the SRX Series services gateway, you must connect
through the Console port. In this section, we describe the steps for connecting to a local
management device. A remote connection to the services gateway through a modem
requires the cable and connector (provided in the services gateway accessory box), plus a
DB-9 female to DB-25 male (or similar) adapter for your modem, which you must purchase
separately.
Follow these steps to connect to the CLI using a local management device through the
Console port on the services gateway:
First, attach an ESD grounding strap to your bare wrist and connect the strap to the ESD
point on the chassis or to an outside ESD point if the device is disconnected from earth
ground.
CourseFSSSRX650
Slide67
Turn off power to the services

gateway.
Turn off power to the management
device, such as a PC or laptop
computer, that you are using to
access the CLI.
Plug one end of the Ethernet cable
supplied with your services gateway
into the provided RJ-45 to DB-9 serial
port adapter.
Plug the female end of the supplied
DB-9 adapter into the serial port of
your workstation. Ensure that the DB9 is inserted properly and secured.
Thhe type of DB-9 connector that is
needed is shown on the screen.
Plug the male end of the RJ-45 CAT5
cable into the console port on the
device.
CONFIDENTIAL
FSSSRX650
Then, turn off power to the services gateway and to the management device, such as a PC or
laptop computer, that you are using to access the CLI.
Next, plug one end of the Ethernet cable supplied with your services gateway into the
provided RJ-45 to DB-9 serial port adapter.
Then, plug the female end of the supplied DB-9 adapter into the serial port of your
workstation. Ensure that the DB-9 is inserted properly and secured. The type of DB-9
connector that is needed is shown on the screen.
Then, plug the male end of the RJ-45 CAT5 cable into the console port on the device.
Turn on the power to the management device.
CourseFSSSRX650
Slide68
Turn on the power to the

management device.
Start your asynchronous terminal
emulation application (such as
Microsoft HyperTerminal) and select
the appropriate COM port to use (for
example, COM1).
Configure the port settings as
follows:
Bits per second rate: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow Control: None
CONFIDENTIAL
FSSSRX650
Turn on the power to the management device.

Start your asynchronous terminal emulation application (such as Microsoft HyperTerminal)
and select the appropriate COM port to use (for example, COM1).
Then, configure the port settings as follows:
Bits per second rate: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow Control: None
CourseFSSSRX650
Slide69
Power on the services gateway by

pressing the power button on the
front panel. Verify that the Power
LED on the front panel turns green.
The terminal emulation screen on
your management device displays
the startup sequence. When the
services gateway has finished
starting up, a login prompt appears.
Log in as the user root. No password
is required at initial connection, but
you must assign a root password
before committing any configuration
settings.
CONFIDENTIAL
FSSSRX650
Power on the services gateway by pressing the power button on the front panel. Verify that
the Power LED on the front panel turns green.
The terminal emulation screen on your management device displays the startup sequence.
When the services gateway has finished starting up, a login prompt appears.
Finally, log in as the user root. No password is required at initial connection, but you must
assign a root password before committing any configuration settings.
CourseFSSSRX650
Slide70
Basic Configuration with J-Web
Follow these steps to configure basic

settings with J-Web Quick
Configuration:
Select Configuration > Quick
Configuration > Set Up if the Quick
Configuration Set Up page is not
displayed.
Enter information into the Quick
Configuration Set Up page. Click the
links on screen to get detailed
information on each field.
CONFIDENTIAL
FSSSRX650
Once youve connected to the SRX device, you can configure basic settings with J-Web Quick
Configuration, as follows:
To start, select Configuration>Quick Configuration >Set Up if the Quick Configuration Set Up
page is not automatically displayed.
Then, enter information into the Quick Configuration Set Up page. Click the links on screen
to get detailed information on each field. When youre ready to move on, Click Continue.
CourseFSSSRX650
Slide71

Links:
IDENTIFICATION
Host Name
Domain Name
Root Password
Verify Root Password
TIME
Time Zone
NTP Servers
Current System Time
NETWORK
DNS Name Servers
Domain Search
Default Gateway
Loopback Address
MANAGEMENT ACCESS
Allow Telnet Access
Allow Junoscript over Clear-Text Access
Allow SSH Access
CONFIDENTIAL
FSSSRX650
Once youve configured the settings, click one of the following buttons:
CourseFSSSRX650
Slide72
Click one of the following

buttons:
Click Apply to apply the
configuration and remain on
the Quick Configuration Set
Up page.
Click OK to apply the
configuration and return to
the Quick Configuration page.
Click Cancel to cancel your
entries and return to the
Quick Configuration page.
CONFIDENTIAL
FSSSRX650
Click Apply to apply the configuration and remain on the Quick Configuration Set Up page.
Click OK to apply the configuration and return to the Quick Configuration page, or
Click Cancel to cancel your entries and return to the Quick Configuration page.
CourseFSSSRX650
Slide73
After initial configuration is

complete, the services gateway
stops functioning as a DHCP
server. If you change the IP
address of ge-0/0/0 and have
the management device
configured to use DHCP, you lose
your DHCP lease and your
connection to the services
gateway through the J-Web
interface. To reestablish a
connection, either set the IP
address on the management
device manually or connect ge0/0/0 to the management
network and access the services
gateway another wayfor
example, through the Console
port.
CONFIDENTIAL
FSSSRX650
NOTE: After initial configuration is complete, the services gateway stops functioning as a
DHCP server. If you change the IP address of ge-0/0/0 and have the management device
configured to use DHCP, you lose your DHCP lease and your connection to
the services gateway through the J-Web interface. To reestablish a connection, either set the
IP address on the management device manually or connect ge-0/0/0 to the management
network and access the services gateway another wayfor example, through the Console
port.
The Host Name field is a required field and defines the hostname of the services gateway.
Enter the hostname here.
The Domain Name field Defines the network or subnetwork that the services gateway
belongs to. Enter the domain name here.
The Root Password field is also a required field and sets the password that user root can use
to log into the services gateway. Enter a plaintext password that the system encrypts. NOTE:
After a root password has been defined, it is required when you log into the J-Web user
interface or the CLI.
The Verify Root Password field is also a required field and verifies the root password has
been typed correctly. Reenter the password here.
The Time Zone field identifies the time zone in which the services gateway is located. From
the list, select the appropriate time zone.
CourseFSSSRX650
The NTP Servers field specifies an NTP server that the services
gateway can reach to synchronize the system time. To add an IP address, type it in the box to
the left of the Add button, then click Add. To delete an IP address, click on it in the box above
the Add button, then click Delete.
The Current System Time field synchronizes the system time with the NTP server or allows
you to manually set the system time and date. To set the time using the NTP server, click Set
Time via NTP. The services gateway sends a request to the NTP server and synchronizes the
system time.
NOTE: If you are configuring other settings on this page, the services gateway also
synchronizes the system time using the NTP server when you click Apply or OK.
To set the time manually, click Set Time Manually. A window allows you to select the current
date and time from lists.
The DNS Name Servers specifies a DNS server that the services
gateway can use to resolve hostnames into addresses. To add an IP address, type it in the
box to the left of the Add button, then click Add. To delete an IP address, click on it in the box
above the Add button, then click Delete.
The Domain Search field adds each domain name that includes the services gateway to the
configuration so that each domain is included in a DNS search. To add a domain name, type
it in the box to the left of the Add button, then click Add. To delete a domain name, click on it
in the box above the Add button, then click Delete.
The Default Gateway field defines a default gateway through which to direct packets
addressed to networks not explicitly listed in the routing table. Enter a 32-bit IP address in
dotted decimal notation.
The Loopback Address field defines a reserved IP address that is always available on the
services gateway. If no address is entered, this address is set to 127.0.0.1/32. Enter a 32-bit
IP address and prefix length in dotted decimal notation.
The Allow Telnet Access field allows remote access to the services gateway using Telnet. To
enable Telnet access, select the box.
The Allow JUNOScript over Clear-Text Access field allows JUNOScript to access the services
gateway using a protocol for sending unencrypted text over a TCP connection. To enable
JUNOScript access over clear text, select the box.
The Allow SSH Access field allows remote access to the services
gateway using SSH. To enable SSH access, select the box.
To verify that the services gateway has the settings you configured, you should display the
basic connectivity configurations. Because the basic connectivity settings appear in different
CourseFSSSRX650
places in the configuration hierarchy, displaying the entire configuration at once makes
viewing the settings easier.
To display the basic connectivity settings, select
Configuration>View and Edit>View Configuration Text
CourseFSSSRX650
Slide74
Basic Configuration with the CLI
Basic Configuration Commands

Set host-name: set host-name
Set domain-name: set domain-name
Allow SSH remote access: set
services ssh
Define root authentication: set rootauthentication ssh-rsa
Set time zone: set time-zone
Set NTP server address: set ntp
server
Set DNS server address: set nameserver
Set domain: set domain-search
CONFIDENTIAL
FSSSRX650
Once youve connected to the SRX device, you can use the CLI to configure basic settings.
To set the hostname of the device, use the set host-name command. In this example, weve
set the host-name to device A.
To name the domain in which the device is located, use the set domain-name command. In
this example, weve set the domain-name to lab.device.net.
To allow SSH remote access, use the set services ssh command.
To define root authentication for access to the device, use the set root-authentication sshrsa command.
To set the time zone, use the set time-zone command. Here, we set the time zone to Pacific
time.
To set the address of the NTP server, use the set ntp server command. In this example, we
set the NTP server address as 10.148.2.21.
To set the address of the DNS server, use the set name-server command. In this example,
we set the name server address as 10.148.2.32.
To set the domain to which the device belongs, use the set domain-search command. Here,
we specified two domains to be searched, lab.device.net and device.net.
CourseFSSSRX650
Slide75
Basic Configuration with the CLI

Set loopback address:
From the [edit] hierarchy level, enter
edit interfaces
Delete existing address: delete lo0
unit 0 family inet address
Set new address/prefix length: set lo0
unit 0 family inet address
To display the basic connectivity

settings: show
CONFIDENTIAL
FSSSRX650
To set the loopback interface address, first navigate to the edit hierarchy level. Then enter
the edit interfaces command. Then delete the existing IP address using the command delete
lo0 unit 0 family inet address. Finally, set the new IP address and prefix length with the
command set lo0 unit 0 family inet address. In this case, we set it to IP address
172.16.1.24/32.
Remember to commit the changes before quitting.
To verify that the services gateway has the settings you configured, you should display the
basic connectivity configurations. Because the basic connectivity settings appear in different
places in the configuration hierarchy, displaying the entire configuration at once makes
viewing the settings easier.
To display the basic connectivity settings, from configuration mode in the CLI, enter the show
command.
CourseFSSSRX650
Slide76
Resetting the Configuration File on the SRX650
If a configuration fails or denies

management access to the services
gateway, you can use the Reset Config
button to restore the device to the
factory default configuration or a rescue
configuration
The Reset Config button is recessed to
prevent it from being pressed
accidentally.
The rescue configuration is a previously
committed, valid configuration. You
must have previously set the rescue
configuration through the J-Web
interface or the CLI. To press the Reset
Config button, insert a small probe into
the pinhole on the front panel.
CONFIDENTIAL
FSSSRX650
If a configuration fails or denies management access to the services gateway, you can use
the Reset Config button to restore the device to the factory default configuration or a rescue
configuration. For example, if someone inadvertently commits a configuration that denies
management access to a services gateway, you can delete the invalid configuration and
replace it with a rescue configuration by pressing the Reset Config button.
The Reset Config button is recessed to prevent it from being pressed accidentally.
The rescue configuration is a previously committed, valid configuration. You must have
previously set the rescue configuration through the J-Web interface or the CLI. To press the
Reset Config button, insert a small probe (such as a straightened paper clip) into the pinhole
on the front panel.
CourseFSSSRX650
Slide77
Resetting the Configuration File on the SRX650
By default, pressing and quickly

releasing the Reset Config button loads
and commits the rescue configuration
through the J-Web interface or the CLI.
The Status LED glows amber during this
time.
By default, pressing and holding the
Reset Config button for 15 seconds or
moreuntil the Status LED glows
amberdeletes all configurations on
the device, including the backup
configurations and rescue
configuration, and loads and commits
the factory configuration.
You can change the default operation of
the Reset Config button by limiting how
the button resets the services gateway.
For more information, see the SRX650
Hardware Guide.
CONFIDENTIAL
FSSSRX650
By default, pressing and quickly releasing the Reset Config button loads and commits the
rescue configuration through the J-Web interface or the CLI. The Status LED glows amber
during this time.
By default, pressing and holding the Reset Config button for 15 seconds or moreuntil the
Status LED glows amberdeletes all configurations on the device, including the backup
configurations and rescue configuration, and loads and commits the factory configuration.
You can change the default operation of the Reset Config button by limiting how the button
resets the services gateway. For more information, see the SRX650 Hardware Guide.
CourseFSSSRX650
Slide78
Section Summary
In this section, you learned to configure
the SRX Series Services Gateway.
the J-Web user interface.
the CLI.
CONFIDENTIAL
FSSSRX650
In this section, you learned to configure the SRX Series Services Gateway.
Access an SRX device;
Perform basic device configuration with the J-Web user interface; and
Perform basic device configuration with the CLI, and
CourseFSSSRX650
Slide79

Configuration.
Air Filter Replacement
CourseFSSSRX650
Slide80
Section Overview
In this section, you will learn to replace the air
filter on the SRX650 Services Gateway.
Tools and Parts Required
The services gateway has one air filter that

installs vertically in the rear of the chassis on the
right side. The air filter is hot-swappable.
Power cord with a plug appropriate

for your geographical location
Electrostatic discharge (ESD)
grounding strap
The SRX650 Services Gateway doesnt

automatically ship with an air filter. This
component must be ordered separately.
Four mounting screws

#2 Phillips screwdriver
After successfully completing this section, you will

be able to:
Describe the air filter on the SRX650
Services Gateway.
Describe the procedure to replace the air
CONFIDENTIAL
FSSSRX650
In this section, you will learn to replace the air filter on the SRX650 Services Gateway.
The services gateway has one air filter that installs vertically in the rear of the chassis on the
right side. The air filter is hot-swappable.
Note: The SRX650 Services Gateway doesnt automatically ship with an air filter. This
component needs to be ordered separately.
Describe the air filter on the SRX650 Services Gateway, and
Describe the procedure to replace the air filter on the SRX650 Services Gateway.
CourseFSSSRX650
Slide81
To remove or install an air filter

on an SRX650 Services
Gateway, you need:
An ESD grounding wrist strap
A # 1 Phillips screwdriver
CONFIDENTIAL
FSSSRX650
To remove or install an air filter on an SRX650 Services Gateway, you need an ESD
grounding wrist strap, and a number 1 Phillips screwdriver.
CourseFSSSRX650
Slide82
Removing the Air Filter
Always keep the air filter in place while the

services gateway is operating, except during
replacement. Because the fans are very
powerful, they could pull small bits of wire or
other materials into the services gateway
through the unfiltered air intake, damaging
the services gateway components.
A single handle with two screws holds both
the fan tray and air filter on the back of the
services gateway.
You can replace the air filter while the
services gateway is running.
CONFIDENTIAL
FSSSRX650
Always keep the air filter in place while the services gateway is operating, except during
replacement. Because the fans are very powerful, they could pull small pieces of wire or
other materials into the services gateway through the unfiltered air intake, damaging the
services gateway components.
A single handle with two screws holds both the fan tray and air filter on the back of the
services gateway.
You can replace the air filter while the services gateway is running.
CourseFSSSRX650
Slide83
Removing the Air Filter
Follow these steps to remove just

the air filter:
your bare wrist and connect the
strap to one of the ESD points on the
chassis.
Using a #1 Phillips screwdriver,
loosen both captive screws on the
handle.
Carefully slide out the fan tray.
Remove the air filter.
CONFIDENTIAL
FSSSRX650
Follow these steps to remove just the air filter:

First, attach an ESD grounding strap to your bare wrist and connect the strap to one of the
ESD points on the chassis.
Then, using a #1 Phillips screwdriver, loosen both captive screws on the handle.
Next, carefully slide out the fan tray.
Finally, remove the air filter.
CourseFSSSRX650
Slide84
Installing the Air Filter

Follow these steps to install the
fan tray:
your bare wrist and connect the
strap to one of the ESD points on the
chassis.
Grasp the fan tray handle and insert
it straight into the chassis. Note the
correct orientation by the this side
up label on the top surface of the
fan tray.
tighten the center screw on the fan
tray faceplate to secure it in the
chassis.
CONFIDENTIAL
FSSSRX650
Follow these steps to install the fan tray,

Then, grasp the fan tray handle and insert it straight into the chassis. Note the correct
orientation by the this side up label on the top surface of the fan tray.
Finally, using a #2 Phillips screwdriver, tighten the center screw on the fan tray faceplate to
secure it in the chassis.
CourseFSSSRX650
Slide85
Section Summary
In this section, you learned to replace the air

Describe the air filter on the SRX650
Services Gateway.
Describe the procedure to replace the air
CONFIDENTIAL
FSSSRX650
In this section, you learned to replace the air filter on the SRX650 Services Gateway.
Describe the air filter on the SRX650 Services Gateway, and
Describe the procedure to replace the air filter on the SRX650 Services Gateway.
CourseFSSSRX650
Slide86

Configuration.
Power Supply Replacement
CourseFSSSRX650
Slide87
Section Overview
In this section, you will learn to replace the AC power
supply on the SRX650 Services Gateway.
The redundant AC power supplies in the SRX650
Services Gateway are hot-swappable. To maintain
proper cooling and prevent thermal shutdown of the
operating power supply unit, each power supply slot
must contain either a power supply or a blank panel.
If you remove a power supply, you must install a
replacement power supply or a blank panel shortly
after the removal.
After successfully completing this section, you will be
able to:
Describe the AC power supply on the SRX650 Services
Gateway.
Describe the procedure to replace the AC power supply
on the SRX650 Services Gateway.
CONFIDENTIAL
FSSSRX650
In this section, you will learn to replace the AC power supply on the SRX650 Services
Gateway.
The redundant AC power supplies in the SRX650 Services Gateway are hot-swappable. To
maintain proper cooling and prevent thermal shutdown of the operating power supply unit,
each power supply slot must contain either a power supply or a blank panel. If you remove a
power supply, you must install a replacement power supply or a blank panel shortly after the
removal.
Describe the AC power supply on the SRX650 Services Gateway, and
Describe the procedure to replace the AC power supply on the SRX650 Services Gateway.
CourseFSSSRX650
Slide88
To remove or install an AC power supply

on an SRX650 Services Gateway, you
need:
An electrostatic bag or antistatic mat
supply on the SRX650 Services
Gateway.
CONFIDENTIAL
FSSSRX650
To remove or install an AC power supply on an SRX650 Services Gateway, you need an

electrostatic bag or antistatic mat and an ESD grounding wrist strap.
CourseFSSSRX650
Slide89
Removing an AC Power Supply
Up to two power supplies can be located

at the rear of the chassis on the right
side. Each AC power supply is hotswappable.
Do not leave a power supply slot empty
for more than 30 minutes while the
services gateway is operational. For
proper airflow, the power supply must
remain in the chassis, or a blank panel
must be used in an empty slot.
After powering off a power supply,
wait at least 60 seconds before turning it
back on.
supply on the SRX650 Services
Gateway.
CONFIDENTIAL
FSSSRX650
Up to two power supplies can be located at the rear of the chassis on the right side. Each AC
power supply is hot-swappable.
CAUTION: Do not leave a power supply slot empty for more than 30 minutes while the
services gateway is operational. For proper airflow, the power supply must remain in the
chassis, or a blank panel must be used in an empty slot.
NOTE: After powering off a power supply, wait at least 60 seconds before turning it back on.
CourseFSSSRX650
Slide90
Removing an AC Power Supply

Follow these steps to remove an AC power
supply:
Switch off the dedicated facility circuit
breaker for the power supply, and
remove the power cord from the AC
power source. Follow the ESD and
disconnection instructions for your site.
Attach an ESD grounding strap to your
bare wrist and connect the strap to one
of the ESD points on the chassis.
Remove the power cord from the power
supply.
Press the latch on the power supply to
the right.
Pull the power supply straight out of the
chassis.
Place the power supply in the
electrostatic bag or on the antistatic
mat.
CONFIDENTIAL
FSSSRX650
Follow these steps to remove an AC power supply:

First, switch off the dedicated facility circuit breaker for the power supply, and remove the
power cord from the AC power source. Follow the ESD and disconnection instructions for
your site.
Then, attach an ESD grounding strap to your bare wrist and connect the strap to one of the
Next, remove the power cord from the power supply.
Press the latch on the power supply to the right.
Pull the power supply straight out of the chassis.
Finally, pace the power supply in the electrostatic bag or on the antistatic mat.
CourseFSSSRX650
Slide91
Installing an AC Power Supply
Follow these steps to install an AC power

supply:
Attach an electrostatic discharge (ESD)
grounding strap to your bare wrist and
connect the strap to one of the ESD
points on the chassis.
Using both hands, slide the power
supply straight into the chassis until the
power supply is fully seated in the
chassis slot. The power supply faceplate
should be flush with any adjacent power
supply faceplate.
Attach the power cord to the power
supply
CONFIDENTIAL
FSSSRX650
Follow these steps to install an AC power supply:

First, attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect
the strap to one of the ESD points on the chassis.
Next, using both hands, slide the power supply straight into the chassis until the power
supply is fully seated in the chassis slot. The power supply faceplate should be flush with any
adjacent power supply faceplate.
Attach the power cord to the power supply.
CourseFSSSRX650
Slide92
Follow these steps to install an AC power

supply:
Route the power cord along the cable
restraint towards the left or right corner
of the chassis. If needed to hold the
power cord in place, thread plastic cable
ties, which you must provide, through
the openings on the cable restraint.
Attach the power cord to the AC power
source, and switch on the dedicated
facility circuit breaker for the power
supply. Follow the ESD and connection
instructions for your site.
If the power supply is correctly installed
and functioning normally, the POWER
LED lights steadily. on the SRX650
Services Gateway.
CONFIDENTIAL
FSSSRX650
Then, route the power cord along the cable restraint towards the left or right corner of the
chassis. If needed to hold the power cord in place, thread plastic cable ties, which you must
provide, through the openings on the cable restraint.
Attach the power cord to the AC power source, and switch on the dedicated facility circuit
breaker for the power supply. Follow the ESD and connection instructions for your site.
Finally, if the power supply is correctly installed and functioning normally, the POWER LED
lights steadily.
CourseFSSSRX650
Slide93

In this section, you learned to replace the AC power supply
Describe the AC power supply on the SRX650 Services
Gateway.
Describe the procedure to replace the AC power supply on the
CONFIDENTIAL
FSSSRX650
In this section, you learned to replace the AC power supply on the SRX650 Services Gateway.
Describe the AC power supply on the SRX650 Services Gateway, and
Describe the procedure to replace the AC power supply on the SRX650 Services Gateway.
CourseFSSSRX650
Slide94

Configuration.
Services and Routing Engine (SRE)

Replacement
CourseFSSSRX650
Slide95
Section Overview
In this section, you will learn to replace the Services and Routing Engine
(SRE) on the SRX650 Services Gateway.
The SRE module provides processing power for security services, routing
protocol processes, and other software processes that control the services
gateway interfaces, some of the chassis components, system
management, and user access to the device. The services gateway must
have at least one SRE installed. You can install additional SREs to increase
processing power or to create SRE redundancy.
Describe the Services and Routing Engine on the SRX650 Services Gateway.
Describe the procedure to replace the SRE on the SRX650 Services Gateway..
CONFIDENTIAL
FSSSRX650
In this section, you will learn to replace the Services and Routing Engine (or SRE) on the
The SRE module provides processing power for security services, routing protocol processes,
and other software processes that control the services gateway interfaces, some of the
chassis components, system management, and user access to the device.
The services gateway must have at least one SRE installed. You can install additional SREs
to increase processing power or to create SRE redundancy.
Describe the Services and Routing Engine on the SRX650 Services Gateway, and
Describe the procedure to replace the SRE on the SRX650 Services Gateway.
CourseFSSSRX650
Slide96
To remove or install an SRE in an

SRX650 Services Gateway, you need:
An electrostatic bag or antistatic mat
A # 2 Phillips screwdriver
CONFIDENTIAL
FSSSRX650
To remove or install an SRE in an SRX650 Services Gateway, you need an electrostatic bag
or antistatic mat, an ESD grounding wrist strap, and a number 2 Phillips screwdriver.
CourseFSSSRX650
Slide97
Removing an SRE
The SRE is located at the back

panel of the chassis and can be
installed in the horizontal slots
labeled SRE0 and SRE1.0/1.1.
SREs are not Online Insertion and
Removal (OIR) capable. You must
power off the services gateway
before removing or inserting an
SRE.
CONFIDENTIAL
FSSSRX650
The SRE is located at the back panel of the chassis and can be installed in the horizontal
slots labeled SRE0 and SRE1.0/1.1.
CAUTION: SREs are not Online Insertion and Removal (or OIR) capable. You must power off
the services gateway before removing or inserting an SRE.
CourseFSSSRX650
Slide98
Removing an SRE
Follow these steps to remove the SRE:

bare wrist and connect the strap to
one of the ESD points on the chassis.
Power off the services gateway.
loosen the captive screws on each
side of the SRE.
Grasp the locking levers on each side
of the SRE and pull toward you to
unlock the SRE.
Slide the SRE straight out of the
chassis.
CONFIDENTIAL
FSSSRX650

Next, power off the services gateway.
Then, using a #2 Phillips screwdriver, loosen the captive screws on each side of the SRE.
Grasp the locking levers on each side of the SRE and pull toward you to unlock the SRE.
Slide the SRE straight out of the chassis.
CourseFSSSRX650
Slide99
Removing an SRE

Place the SRE in the electrostatic bag
or on the antistatic mat.
If you are not replacing the SRE,
install a blank panel in the empty slot
to maintain proper cooling of the
services gateway.
CONFIDENTIAL
FSSSRX650
Place the SRE in the electrostatic bag or on the antistatic mat.

Finally, if you are not replacing the SRE, install a blank panel in the empty slot to maintain
proper cooling of the services gateway.
CourseFSSSRX650
Slide100
Installing an SRE
The SRE installs at the back

panel of the chassis in the
horizontal slots labeled SRE0 and
SRE1.0/1.1.
SREs are not Online Insertion and
Removal (OIR) capable. You must
power off the services gateway
before removing or inserting an
SRE.
CONFIDENTIAL
FSSSRX650
The SRE installs at the back panel of the chassis in the horizontal slots labeled SRE0 and
SRE1.0/1.1.
CAUTION: SREs are not Online Insertion and Removal (OIR) capable. You must power off the
services gateway before removing or inserting an SRE.
CourseFSSSRX650
Slide101
Installing an SRE
. Follow these steps to install the

SRE:
bare wrist and connect the strap to one
of the ESD points on the chassis.
Power off the services gateway.
If a blank panel is installed in the SRE
slot, remove it.
Carefully align the sides of the SRE
with the guides inside the chassis. Also
ensure that the locking levels on each
side of the SRE are in the open
position.
CONFIDENTIAL
FSSSRX650
Follow these steps to install the SRE:

Then, power off the services gateway.
Next, if a blank panel is installed in the SRE slot, remove it.
Carefully align the sides of the SRE with the guides inside the chassis. Also ensure that the
locking levels on each side of the SRE are in the open position.
CourseFSSSRX650
Slide102
Installing an SRE
Follow these steps to install the

SRE:
Slide the SRE into the chassis
until you feel resistance, carefully
ensuring that it is correctly
aligned.
With your thumbs, push the
locking levers into place to fully
lock the SRE into the slot.
If the locking levers are not
aligned properly with the edge of
the SRE slot, the SRE will not be
properly seated into the SRE
backplane receptacle.
tighten the captive screws on
each side of the locking levels.
Power on the services gateway
and verify that the SRE LED
indicators on the chassis and the
SRE LED are green..
CONFIDENTIAL
FSSSRX650
Slide the SRE into the chassis until you feel resistance, carefully ensuring that it is correctly
aligned.
Then, with your thumbs, push the locking levers into place to fully lock the SRE into the slot.
WARNING: If the locking levers are not aligned properly with the edge of the SRE slot, the
SRE will not be properly seated into the SRE backplane receptacle.
Using a #2 Phillips screwdriver, tighten the captive screws on each side of the locking levels.
Finally, power on the services gateway and verify that the SRE LED indicators on the chassis
and the SRE LED are green.
CourseFSSSRX650
Slide103
Section Summary
In this section, you learned to replace a Services

and Routing Engine on the SRX650 Services
Gateway.
Describe the SRE on the SRX650 Services
Gateway.
Describe the procedure to replace the SRE on the
CONFIDENTIAL
FSSSRX650
In this section, you learned to replace a Services and Routing Engine on the SRX650
Services Gateway.
Describe the SRE on the SRX650 Services Gateway, and
Describe the procedure to replace the SRE on the SRX650 Services Gateway.
CourseFSSSRX650
Slide104

Configuration
Additional Information
CourseFSSSRX650
Slide105
Section Summary
CONFIDENTIAL
FSSSRX650
For additional information about the SRX650 Services Gateway, access the Juniper Networks
Web site.
Click the first URL to get a list of technical publications about the Juniper Networks devices,
appliances and systems, and management products.
Click the second URL to get up-to-date information on instructor-led training, certification,
and Juniper Networks books.
Click the third URL to access the SRX Series Services Gateway Hardware Installation and
Configuration Guide.
CourseFSSSRX650
Slide106

Configuration
Conclusion
CourseFSSSRX650
Slide107
Conclusion
Congratulations!
In this course, you learned to:
Install the SRX650 Services Gateway.

Perform auto-installation.
Perform initial configuration.
Replace SRX650 Gigabit-Backplane
Pluggable Interface Modules (GPIMs).
Replace the fan tray.
Replace the air filter.
Replace the AC power supply.
Replace the Services and Routing
Engine (SRE).
Thank you for taking this course.
CONFIDENTIAL
FSSSRX650
Congratulations! You have come to the end of this course. In this course, you learned to
install the SRX650 Services Gateway and perform auto-installation and initial configuration.
You also learned to replace SRX650 Gigabit-Backplane Pluggable Interface Modules (or
GPIMs), the fan tray, air filter, AC power supply, as well as the SRX650 Services and Routing
Engine (or SRE).
Thank you for taking this course.
CourseFSSSRX650
Slide109
2010 Juniper Networks, Inc.
Juniper Networks, Inc. All rights reserved. Juniper Networks, the

Juniper Networks logo, Junos, NetScreen and ScreenOS are
registered trademarks of Juniper Networks, Inc. in the United States
and other countries. JunosE is a trademark of Juniper Networks, Inc.
All other trademarks, service marks, registered trademarks or
registered service marks are the property of their respective owners.
Juniper Networks reserves the right to change, modify, transfer or
otherwise revise this publication without notice.
CONFIDENTIAL
FSSSRX650
Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo,
Junos, NetScreen and ScreenOS are registered trademarks of Juniper Networks, Inc. in the
United States and other countries. JunosE is a trademark of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks or registered service marks are the
property of their respective owners. Juniper Networks reserves the right to change, modify,
transfer or otherwise revise this publication without notice.
CourseFSSSRX650

FSSSRX650A

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

FSSSRX650A

Hochgeladen von

Copyright:

Verfügbare Formate

education services courseware

SRX650 Services Gateway Installation

SRX650 Services Gateway

2010 Juniper Networks, Inc. All rights reserved.

Welcome to the SRX650 Services Gateway Installation and Initial

2010 Juniper Networks, Inc. All rights reserved.

2010 Juniper Networks, Inc. All rights reserved.

SRX650 Services Gateway

Installing the SRX650 Services

2010 Juniper Networks, Inc. All rights reserved.

SRX650 Services Gateway

2010 Juniper Networks, Inc. All rights reserved.

The SRX650 is a mid-range dynamic services gateway that consolidates network

SRX650 Services GatewayFeatures

2010 Juniper Networks, Inc. All rights reserved.

SRX650 Services Gateway

Permit only trained and qualified

2010 Juniper Networks, Inc. All rights reserved.

Before installing the device, read the

2010 Juniper Networks, Inc. All rights reserved.

Mount the device at the bottom of

2010 Juniper Networks, Inc. All rights reserved.

2010 Juniper Networks, Inc. All rights reserved.

SRX650 Hardware Guides

2010 Juniper Networks, Inc. All rights reserved.

SRX650 Services Gateway

Installing the SRX650

Tools and Components Required

Tools and Parts Required

2010 Juniper Networks, Inc. All rights reserved.

Unpacking the SRX650 Services Gateway

2010 Juniper Networks, Inc. All rights reserved.

Installing the Equipment

Steps to rack-mount a SRX650

If you are installing multiple devices in

2010 Juniper Networks, Inc. All rights reserved.

Installing the Equipment

2010 Juniper Networks, Inc. All rights reserved.

To rack mount a SRX650 Services Gateway, perform the following steps:

Installing the Equipment

2010 Juniper Networks, Inc. All rights reserved.

Connecting the Interface Cables

2010 Juniper Networks, Inc. All rights reserved.

Connecting the Interface Cables

Arrange the cable as follows to prevent

2010 Juniper Networks, Inc. All rights reserved.

Grounding the SRX650 Services Gateway

2010 Juniper Networks, Inc. All rights reserved.

Grounding the SRX650 Services Gateway

Follow these steps to ground the device:

2010 Juniper Networks, Inc. All rights reserved.

Follow these steps to ground the device:

Grounding the SRX650 Services Gateway

Secure the grounding cable lug to

2010 Juniper Networks, Inc. All rights reserved.

Powering an SRX Series Services Gateway On and Off

Follow these steps to power on an

2010 Juniper Networks, Inc. All rights reserved.

Follow these steps to power on an SRX650 Services Gateway,

Powering an SRX Series Services Gateway On and Off

To power off an SRX650 Services

2010 Juniper Networks, Inc. All rights reserved.

Powering an SRX Series Services Gateway On and Off

2010 Juniper Networks, Inc. All rights reserved.