Juniper SRX Firewall Initial Configuration

Juniper SRX is the next generation firewall designed to provides high-speed, highly effective security services—even with multiple services enabled. The firewall released with a vast range of integrated security features suitable for securing medium to large scale enterprise Data Centers. Juniper has Virtual version vSRX focusing on security of cloud infrastructure.

The following steps describe the basic configuration settings of Juniper SRX Firewall.

We will be focusing on interface configuration, zone configuration and policy configuration

Following are the topics discussing over here.

Read more

1. Initialising SRX Firewall

2. Login to the firewall using console or GUI.

3. Configuring basic settings.

4. Configure interfaces.

5. Configure Zones and zone properties.

6. Configure firewall policies.


1. Initialising SRX Firewall and Login to the firewall

  • Unpack and power on the device. 
  • Plug one end of the CAT-5e (Ethernet cable) supplied with your firewall into the RJ-45 to DB-9 serial port adapter supplied with your firewall
  • Plug the RJ-45 to DB-9 serial port adapter into the serial port on the PC
  • Connect the other end of the Ethernet cable to the console port on the services gateway.
  • Open Hyper terminal and select COM1 with following settings

Port Settings Value

Bits per second : 9600

Data bits  :       8

Parity : None

Stop bits  :       1

Flow control : None

  • Log in as the user root. No password is required at initial connection, but you must assign a root password before committing any configuration settings
 

2. Configuring basic settings

Start the CLI

root# cli

Enter configuration mode:

[email protected]>configure

[edit]

Set root password
[email protected]set system root-authentication plain-text-password

New password: password

Retype new password: password

Set admin password

[edit]

[email protected]set system login user admin class super-user authentication plain-text-password

Set System host name

[edit]

root# set system hostname

 

Set DNS Servers

[edit]

root# set system name-server 8.8.8.8

[edit]

root# set system name-server 8.8.4.4

Commit the configuration and login with admin user. 

[edit]

3. Configure interfaces

We will use the following scenario to configure interfaces and zones.

Assign IP address for untrust interface

[edit]

root#set interface ge-0/0/0 unit 0 family inet address 192.168.1.1/24

Assign IP address for trust interface

[edit]

root#set interface ge-0/0/1 unit 0 family inet address 10.10.10.1/24

Configure default route

[edit]

[email protected]set routing-options static route 0.0.0.0/0 next-hop gateway

4. Configure Zones
Create untrust zone and assign interface 
[edit]
root# set security zones security-zone untrust interfaces ge-0/0/0.0
Create trust zone and assign interface
[edit]
root# set security zones security-zone trust interfaces ge-0/0/1.0

Enable ssh and https for firewall management on trust interface

[edit]

root# set system services ssh

[edit]

root# set security zones security-zone trust host-inbound-traffic system-services ssh

[edit]

root# set security zones security-zone trust host-inbound-traffic system-services http

[edit]

root# set system services web-management https system-generated-certificate

[edit]

root# set security zones security-zone trust host-inbound-traffic system-services https

 

5. Configure Firewall policy

Create a firewall policy to enable all the traffic from trust zone to internet.

[edit]

[email protected]set security policies from-zone trust to-zone untrust policy policy-name match source-address any 

destination-address any application any

[email protected]set security policies from-zone trust to-zone untrust policy policy-name then permit

Commit the configuration to active on the gateway.

[edit]

[email protected]commit

commitcomplete

 That’s it..! You are done with the initial configuration of a Juniper SRX firewall this system and is ready for production. Please watch this space for more posts on advanced configurations.
You may find more posts on firewall here.

Palo Alto Firewall Packet Flow

The following topics describe the basic packet processing in Palo Alto firewall. Focusing beginners who are finding difficulty to understand packet flow process in Palo Alto firewall, we have tried to simplify the steps as possible.

Let’s see what happens if a new packet comes to Palo Alto firewall in the following flow-chart.

Read more

——————————- Post continues below ——————————-

 

——————————- Post continues below ——————————-

 

 

Hope this helped you in understanding the packet flow. Please feel free to comment if you have any suggestions/questions.

You may find more posts on firewall here.