Congratulations! Your SRX is Up and Running
Your SRX320 is now online and providing secure Internet access to devices attached to the LAN ports. You can manage
the device locally and remotely, using the Junos CLI, J-Web, or a cloud based provisioning service. Here's what your
network looks like:
jn-000155
Sky Enterprise
Remote Management
Station
SRX320
(Factory Default
+ Initial CLI Config)
DHCP Clients
Internet
CSO
DHCP Server
UntrustTrust
ge-0/0/0
(DHCP Client)
SNAT
(DHCP Server
192.168.1.0/24)
Local Management
Station (Optional)
ge-0/0/1-6
A few things to keep in mind about your new SRX320 branch network:
•
You access the SRX CLI or J-Web user interface locally using the 192.168.1.1 address. To access the SRX remotely,
specify the IP address assigned by the WAN provider. Simply issue a show interfaces ge-0/0/0 terse CLI command to
confirm the address in use by the WAN interface.
•
Devices attached to the LAN ports are configured to use DHCP. They receive their network configuration from the
SRX. These devices obtain an IP address from the 192.168.1.0/24 address pool and use the SRX as their default gateway.
•
All LAN ports are in the same subnet with Layer 2 connectivity. All traffic is permitted between trust zone interfaces.
•
All traffic originating in the trust zone is permitted in the untrust zone. Matching response traffic is allowed back from
the untrust to the trust zone. Traffic that originates from the untrust zone is blocked from the trust zone.
•
The SRX performs source NAT (S-NAT) using the WAN interface’s IP for traffic sent to the WAN that originated from
the trust zone.
•
Traffic associated with specific system services (HTTPS, DHCP, TFTP, and SSH) is permitted from the untrust zone to
the local host. All local host services and protocols are allowed for traffic that originates from the trust zone.
11
To Next Page
Loading...
Need help?
General
Weight and Dimensions
