ThePowerConnect J-SRX  series includes a default configuration providing out-of-the-box connectivity that can be used as a starting point for new installations. This walkthrough will cover the initial setup and configuration of the SRX, including IP configuration, management authentication, creating a rescue configuration, restoring to factory defaults, and adding licenses for separately purchased features.

Out-of-Box Contents

The following hardware components are included with the SRX:

  • PowerConnect J-SRX chassis
  • Power supply adapter (SRX100 and SRX210 only)
  • 2-prong power cord (SRX100 and SRX210 only)
  • Serial console DB-9 to RJ-45 adapter with 7ft RJ45 cable (white) - the cable can be detached from the adapter if longer lengths are required

Dell Service Tag: The service tag is located on the SRX rear chassis panel, and is used to identify the device for technical support and warranty services.

SRX100:

PowerConnect J-SRX Initial Configuration - The Dell TechCenter

SRX240:

PowerConnect J-SRX Initial Configuration - The Dell TechCenter



Default Configuration


The default SRX configuration designates the first port, 0/0 for connectivity to the Internet/WAN by placing this port in the "untrust" security zone. The remaining ports are designated for LAN devices and are placed into a single VLAN as switching ports, and this VLAN is placed into the "trust" security zone.


PowerConnect J-SRX Initial Configuration - The Dell TechCenter

Interfaces: For the J-SRX100, the first port is a 100mbit interface, and is referred as fe-0/0/0 (fast ethernet). For all other SRX models, the first port is a 1GbE interface, and referred as ge-0/0/0 (gigabit ethernet). For this document, the ports will be referenced as fe-0/0/x ports.

Untrust Zone: The untrust zone interface, fe-0/0/0, is configured to receive an IP address via DHCP. During the initial configuration, this can be changed to use a static IP if provided by the ISP or WAN provider.

Trust Zone: The trust zone VLAN has a default static IP of 192.168.1.1/24, and the SRX enables a DHCP server that will automatically issue IPs in the 192.168.1.2 - 192.168.1.254 range to any device plugged into the trust interfaces (by default, all ports other than fe-0/0/0).

Source NAT security rule: For Internet/WAN connectivity, the SRX enables source NAT for traffic originating in the trust zone and destined for any address in the untrust zone. This source NAT rule allows multiple devices in trust zone to share the IP assigned to the untrust 0/0 interface (this is also the default behavior on many off-the-shelf SOHO style router/gateway devices).

PowerConnect J-SRX Initial Configuration - The Dell TechCenter

In the above example diagram, the SRX interface fe-0/0/0 is connected to a typical ISP cable/DSL modem. In this topology:

  • Untrust interface fe-0/0/0 requests an IP via DHCP and receives 1.1.1.1/24 from the ISP.
  • Client systems connected to the trust zone interfaces receive IP addresses from the SRX DHCP server in the 192.168.1.0/24 IP subnet.
  • The default source NAT security rule translates the multiple trust zone 192.168.1.0/24 addresses to the single untrust zone fe-0/0/0 interface address 1.1.1.1/24.

At this point, all trust zone systems have connectivity to the Internet without requiring any further configuration.


Physical Connectivity


For initial setup:

1. Connect the Internet/WAN uplink to the first SRX port, fe-0/0/0.
2. Connect a client system to one of the remaining ports on the SRX.
3. Configure the client system to obtain an IP address via DHCP.
4. Connect the power adapter to the SRX100 and SRX210. For the SRX240, use the provided standard IEC power cable.



Initial Configuration


Once all devices are correctly cabled, the SRX is ready for initial configuration:


1. Power on the SRX using the front panel power button.
o During the initial configuration, the Alarm indicator will be amber - this is due to the lack of a rescue configuration, which can be set after initial configuration is complete.

PowerConnect J-SRX Initial Configuration - The Dell TechCenter

2. After 3-4 minutes, the SRX will complete boot and will begin assigning IPs via DHCP to the trust zone devices.
o During boot, the Status indicator will be amber, and will turn green when booting is complete. The physical interfaces will be activated 1-2 minutes after Status indicator turns green.
3. Verify that the client system receives an IP in the 192.168.1.2 - 192.168.1.254 range.

4. Using a web browser, connect to the SRX web interface at http://192.168.1.1
o If there are any issues connecting via the web interface, verify that you are able to ping 192.168.1.1 - if the ping fails, verify that the client is set to use DHCP and has received an address in the 192.168.1.x range (netmask 255.255.255.0).

5. Login using the default user name "root", with a blank password field.


PowerConnect J-SRX Initial Configuration - The Dell TechCenter


6. Configure the following required fields:
o Host name - the unique network name for the SRX
o Root password

PowerConnect J-SRX Initial Configuration - The Dell TechCenter

7. If the SRX will use a static IP on the untrust fe-0/0/0 interface:
o Deselect "Enable DHCP on fe-0/0/0.0".
o Enter the static IP in the "fe-0/0/0.0 Address" field.
o Enter the next hop IP address to your ISP/WAN provider in the "Default Gateway" field.
o Enter the DNS servers in the "DNS Name Servers" field.

8. To access the SRX CLI securely using SSH, verify that "Allow SSH Access" is selected.
o For security, the default "root" user cannot login using telnet - root is only permitted on SSH connections.

9. When complete, click "Apply" to complete the initial configuration.


At this point, the SRX will commit the new configuration. After 1-2 minutes, the client system should be able to successfully connect to the Internet or WAN. The J-Web GUI and CLI will also be available at 192.168.1.1.

SRX Management


After initial setup, the SRX can be managed using the J-Web interface and via SSH if configured. The J-Web interface is split into the following sections:

PowerConnect J-SRX Initial Configuration - The Dell TechCenter

  • Dashboard - provides a quick overview of the current interfaces status, system identification information, resource utilization, and alarms.
  • Configure - includes multiple organized categories to configure switching, routing, and security features.
  • Monitor - provides detailed information on current connections, traffic policies, and events.
  • Maintain - includes configuration file, software image, and licensing management.
  • Troubleshoot - provides common network troubleshooting tools such as ping, traceroute, and packet captures.

Activating configuration changes:

After making any configuration changes, select the "Commit Options" dropbox from the top toolbar, and select "Commit" to activate the changes. This process ensures that you have an opportunity to completely configure a new feature before the SRX begins to process traffic using the new policies.

Configuration Files and Rescue Configuration


Once the SRX is configured as needed, the configuration can be downloaded for offline backup, as well as stored as the rescue configuration in case of future issues.

1. Within the J-Web interface, navigate to Maintain -> Config Management -> History.

PowerConnect J-SRX Initial Configuration - The Dell TechCenter

2. In the Configuration History, navigate to the "Current" configuration row, and click Download.


To set a rescue configuration:

1. Navigation to Maintain -> Config Management -> Rescue.

PowerConnect J-SRX Initial Configuration - The Dell TechCenter

2. Select "Set rescue configuration".
3. The rescue config will be saved, and the amber alarm indicator on the front of the SRX will turn green indicating that the previous alarm (for a missing rescue configuration) has been cleared.

License Management


Several features including Dynamic VPN, Unified Threat Management (Web Filtering, Anti-Virus, and Anti-Spam), and IDP (Intrusion, Detection, and Prevention) are separately licensed - once purchased, the licenses can be activated and added to the SRX.

After licenses are activated and associated with the SRX serial number, the SRX can retrieve the license keys automatically if the SRX is directly connected to the Internet:

1. From J-Web, navigate to Maintain -> Licenses.

PowerConnect J-SRX Initial Configuration - The Dell TechCenter


2. Select "Update".
3. The SRX will report that a request has been sent to automatically retrieve the license keys.

If the SRX is not connected to the Internet or if there are any issues with the automatic retrieval, the license keys can be added directly:

1. Navigate to Maintain -> Licenses.
2. Select "Add"
3. Copy/paste the license key text directly into the text field. The key begins with "JUNOSxxxxxx" in the first row:

PowerConnect J-SRX Initial Configuration - The Dell TechCenter


4. After the licenses are added, an offline copy can be saved by clicking "Download Keys".

Restoring the Rescue Configuration / Resetting to Factory Defaults


The SRX includes a "RESET CONFIG" hardware button on the front chassis panel. Depending on how long the button is held, the SRX will either load the rescue configuration, or erase all configuration (including the rescue configuration and licenses) and load the SRX back to factory defaults.

  • Load and commit the rescue config: Briefly press and release the Reset Config button.
    • The Status indicator will turn amber after the button is released to indicate that the rescue config is being committed, and will turn green when the commit is complete (up to 1-2 minutes).
  • Erase all configuration and reset to factory defaults: Hold the Reset Config button for 15 seconds or more until the Status indicator turns amber.

Additional Resources