APPLICATION NOTE QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS Configuring Basic Security and Connectivity on Branch SRX Series Services Gateways Copyright © 2009, Juniper Networks, Inc.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways Table of Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways Introduction The purpose of this application note is to walk the reader through the steps necessary to configure Juniper Networks® SRX Series Services Gateways out of the box to provide secure connectivity to the Internet and remote sites. The example configurations can be leveraged to build more complicated configurations that will meet the security requirements of modern branch and remote offices.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways UNTRUST ZONE fe-0/0/7 1.1.1.1/30 TRUST ZONE INTERNET ge-0/0/0 192.168.1.0/24 Untrust Zone Trust Zone Figure 1: Corporate and branch-office network infrastructure Configuration SRX Series Services Gateways can be configured from the command-line interface (CLI) or through the Juniper Networks J-Web Software GUI. To use J-Web, connect a management PC to interface ge-0/0/0.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways root> configure Entering configuration mode [edit] root# Next, the SRX Series device will be configured to allow secure management access and NAT will be applied to all outbound traffic. 1. Create an administrative user to manage the SRX Series device. set system login user johndoe class super-user set system login user johndoe authentication plain-text-password (will prompt for password) 2.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways Firewall Configuration for Outbound Access Using IRB To eliminate the need for an external switch (if the SRX Series device has enough available ports), SRX Series Services Gateways can be configured to provide switching and routing simultaneously. An SRX Series device uses virtual L3 interfaces to support integrated routing and bridging (IRB) or equivalently, routing between a set of switched and routed interfaces.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways 4. Assign VLAN interface to the default VLAN. set vlans default l3-interface vlan.0 Note: SRX Series Services Gateways are preconfigured with a system-defined VLAN with name “default” and VLAN-ID “1.” 5. Assign the VLAN interface to trust security zone. set security zones security-zone trust interfaces vlan.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways Configuration To illustrate the simplicity of setting up IPsec tunnels, the command sequence is divided into four repeatable steps. Readers should refer to standard Juniper Networks documentation to further understand the various IKE/IPsec configuration options. 1. Create a secure tunnel interface. set interfaces st0 unit 0 family inet set security zones security-zone trust interfaces st0.0 2. Configure routing.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways UTM Configuration The example continues with the addition of several common unified threat management (UTM) features to the configuration. Before configuring any UTM features, the UTM feature license must be installed on the device. The license keys can be installed using one of the two following methods. These commands are operational mode commands. 1. Download from LMS server directly.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways Web Filtering Configuration Using the SRX Series Services Gateways to filter Web traffic is also very straightforward. 1. Configure the SRX Series device to use the integrated Web filtering engine. set security utm feature-profile web-filtering type surf-control-integrated 2. Configure the predefined Web filtering profile “junos-wf-cpa-default” to use the utm-policy configured earlier.
APPLICATION NOTE - Quickstart Guide for Branch SRX Series Services Gateways Summary Juniper Networks SRX Series Services Gateways provide all the features required to securely connect modern remote and branch offices in a one-box solution. JUNOS Software offers users unparalleled flexibility designed to meet the most demanding network requirements. After reading this document, you will be able to configure a branch SRX Series device to securely pass traffic.
