SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX connection to Internet using Public IP address

    Posted 09-05-2021 05:47
    Hi there,

    I am new to Juniper devices. I have got an SRX345 device and I am able to do the basic configuration such as setting the device name, DNS, NTP. Now I want to connect it with the internet using Public IP (such as172.168.0.1) provided by ISP. Do I need to setup DHCP on my device or anything else. If someone can guide me regarding that, it would be great.

    Many thanks

    ------------------------------
    Abdul Qurashi
    ------------------------------


  • 2.  RE: SRX connection to Internet using Public IP address

    Posted 09-05-2021 13:59
    Remove any existing configuration on the interface connecting to the ISP.

    Then add the dhcp client configuration to the interface.
    And allow dhcp and the add the interface to the untrust security zone.

    kb example
    https://kb.juniper.net/InfoCenter/index?page=content&id=KB15753

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: SRX connection to Internet using Public IP address

    Posted 09-05-2021 20:08
    Thanks for your answer. After doing the above steps do I need to set the interface IP address to  Public IP (such as172.168.0.1) provided by ISP?  Is this would be enough to give my device connectivity to the internet. Because eventually, I would like to connect a device (such as PC1) under the firewall which will be able to connect to the internet.

    Thanks 
    Abdul Wahab


    ------------------------------
    Abdul Qurashi
    ------------------------------



  • 4.  RE: SRX connection to Internet using Public IP address

    Posted 09-05-2021 20:13
    Sorry I assumed you were connecting to a dhcp ISP interface.

    If you have a static assigned address then you would add it to the connected interface directly.
    set interfaces ge-#/#/# unit 0 family inet address  #.#.#.#/##​

    Add the ISP default gateway address in #.#.#.#
    set routing-options static route 0.0.0.0/0 next-hop #.#.#.#​

    And add the interface as noted in the kb to the zone.​

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: SRX connection to Internet using Public IP address

    Posted 09-07-2021 05:43
    Edited by Juniper Community Admin 09-07-2021 08:54
    I am trying to achieve the below network diagram. I am new to Juniper and I have gathered all the information from the Juniper platform so if you could please guide me that below are the steps required. Feel free to correct me. Thanks for your help again.


    For static IP address on interface ge-0/0/06:
    set interfaces ge-0/0/6 unit 0 family inet address 6.81.126.198/28​

    Adding ISP default gateway:
    gateway address in 6.81.126.193 (Not sure about the command. Kindly correct it)

    Set static route:

    set routing-options static route 0.0.0.0/0 next-hop 6.81.126.193​ (next hop is going to be default gateway?)

    Setting the DHCP on ge-0/0/6:
    set interfaces ge-0/0/6 unit 0 family inet dhcp
    set security zones security-zone untrust interfaces ge-0/0/6.0 host-inbound-traffic system-services dhcp

    Setting the pool for users(Pool name is users):
    edit access address-asignment pool users branch family inet
    set range users low 172.29.1.100 high 172.29.1.200
    set dhcp attributes maximum-lease time 3600
    set dhcp-attributes name-server 8.8.8.8
    set dhcp-attributes router 6.81.126.198

    Allowing the DHCP traffic to flow on ge-0/0/5:
    edit system services users interface ge-0/0/5
    set interfaces ge-0/0/5 host-inbound-traffic system-services dhcp

    ------------------------------
    Abdul Qurashi
    ------------------------------