SRX

Hello!

I have an SRX550, if I do a "load factory-default" I can access through port ge-0/0/1 to ge-0/0/5 and it works perfectly, but I want to configure the device from 0 with a delete and I have tried to configure it but I cannot access, steps that I have followed:

root @ ok> delete
root @ ok> load factory-default
root @ ok> set system root-authentication plain-text-password
... I put the password ...
root @ ok> commit
root @ ok> configure
root @ ok # set system services ssh
root @ ok # set interface fxp0 unit 0 family inet address 192.168.1.2/24
or
root @ ok # set interface ge-0/0/0 unit 0 family inet address 192.168.1.2/24
or
root @ ok # set interface ge-0/0/3 unit 0 family inet address 192.168.1.2/24

What do I need to access through SSH? What is the problem?
Thank you very much

Hi,

Can you please add "set system services ssh root-login allow" and check if SSH works.

Default root-login is deny in latest releases.

Thanks,
Pradeep
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

Hello! I've tried again connecting the ethernet cable to the port ge-0/0/0 and ge-0/0/1 and it doesn't work, my configuration is this:

root@ok> show configuration
## Last commit: 2019-10-07 11:06:14 UTC by root
version 12.3X48-D85.1;
system {
root-authentication {
encrypted-password "$1$O1bh.aLw$1PuvLOQXet1Be6/X.hHL0."; ## SECRET-DATA
}
services {
ssh {
root-login allow;
}
}
}
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.1.3/24;
}
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.1.2/24;
}
}
}
}

root@ok>

#Thank you!

By default interface 0/0/0 is in the untrust zone facing the internet and ssh is not permitted in that zone setting.

Either move the interface to the trust zone or change the untrust zone settings to permit ssh under host inbound traffic

In the steps followed, I see load factory-default followed by delete. if that's the case, there should be more configuration on the device.

If yes, delete the fxp0 interface configuration and connect to the port ge-0/0/1 using the IP 192.168.1.3, it should work.

If you have deleted entire confguration without loading the factory-default, then you might have to:

configure security zones,

bind interface to a specific zone,

enable host-inbound-traffic for ssh under system-services for that specific zone,

then configure interface with an IP.

https://www.juniper.net/documentation/en_US/release-independent/junos/topics/concept/services-gateway-srx550-built-in-ethernet-port.html

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-edit-system-service-zone-host-inbound-traffic.html

Please read through above links for understanding of how interfaces work with factory-default config.

Thanks and Regards,

Pradeep.

Ok, thank you very much, I will try to introduce the zones to see if this works, greetings.

Hello, thank your for pradkm, spuluka.

This is the final configuration, it works!

root> show configuration
## Last commit: 2019-10-08 10:16:59 UTC by root
version 12.3X48-D85.1;
system {
root-authentication {
encrypted-password "$1$7zMZ0rtR$.Nokl4oVffYWIcyRhZlAP0"; ## SECRET-DATA
}
services {
ssh;
web-management {
https {
port 443;
system-generated-certificate;
interface ge-0/0/0.0;
}
}
}
}
security {
zones {
security-zone trust {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
https;
ssh;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.1.2/24;
}
}
}
}

root>