Juniper SRX320 Manuale utente

Categoria
Gateway / controllori
Tipo
Manuale utente
SRX320 Services Gateway Hardware Guide
Published
2020-08-19
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
SRX320 Services Gateway Hardware Guide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.
ii
Table of Contents
About the Documentation | viii
Documentation and Release Notes | viii
Using the Examples in This Manual | viii
Merging a Full Example | ix
Merging a Snippet | x
Documentation Conventions | x
Documentation Feedback | xiii
Requesting Technical Support | xiii
Self-Help Online Tools and Resources | xiv
Creating a Service Request with JTAC | xiv
Overview
1
SRX320 Services Gateway Overview | 16
SRX320 Services Gateway Description | 16
SRX320 Services Gateway Field Replaceable Units Overview | 17
Benefits of the SRX320 Services Gateway | 17
SRX320 Chassis | 18
SRX320 Services Gateway Chassis Overview | 18
SRX320 Services Gateway Front Panel | 18
Network Port LEDs | 21
SRX320 Services Gateway Back Panel | 21
SRX320 Services Gateway Interface Modules Overview | 23
SRX320 Cooling System | 23
SRX320 Power System | 24
Understanding the SRX320 Services Gateway Power Supply | 25
SRX320 Services Gateway Power Specifications and Requirements | 25
Power Cord Specifications for SRX320 | 26
iii
Site Planning, Preparation, and Specifications
2
SRX320 Site Preparation Checklist | 29
SRX320 Site Guidelines and Requirements | 31
SRX320 Services Gateway General Site Guidelines | 31
SRX320 Services Gateway Environmental Specifications | 32
SRX320 Services Gateway Electrical Wiring Guidelines | 32
SRX320 Services Gateway Grounding Specifications | 34
SRX320 Services Gateway Physical Specifications | 34
SRX320 Services Gateway Clearance Requirements for Airflow and Hardware
Maintenance | 35
Rack Requirements | 35
Cabinet Requirements | 36
SRX320 Transceiver Specifications and Pinouts | 37
SRX320 Transceiver Support | 37
RJ-45 Connector Pinouts for the SRX320 Services Gateway Ethernet Port | 37
RJ-45 Connector Pinouts for the SRX320 Services Gateway Console Port | 38
Mini-USB Connector Pinouts for the SRX320 Services Gateway Console Port | 39
Initial Installation and Configuration
3
SRX320 Installation Overview | 41
SRX320 Services Gateway Installation Overview | 41
SRX320 Services Gateway Autoinstallation Overview | 41
Unpacking and Mounting the SRX320 | 43
Unpacking the SRX320 Services Gateway | 43
Verifying Parts Received with the SRX320 Services Gateway | 44
Installing the SRX320 Services Gateway on a Desk | 45
Installing the SRX320 Services Gateway on a Wall | 45
Installing the SRX320 Services Gateway in a Rack | 48
Connecting the SRX320 to Power | 52
Required Tools and Parts for Grounding the SRX320 Services Gateway | 52
Connecting the SRX320 Services Gateway Grounding Cable | 53
Connecting the SRX320 Services Gateway to the Power Supply | 54
iv
Powering On the SRX320 Services Gateway | 55
Powering Off the SRX320 Services Gateway | 56
Connecting the SRX320 Services Gateway to a Management Console | 57
Configuring Junos OS on the SRX320 | 58
SRX320 Services Gateway Software Configuration Overview | 59
Understanding SRX320 Services Gateway Factory-Default Settings | 59
Initial Configuration | 60
Initial Configuration Using J-Web | 61
Initial Configuration Using CLI | 62
Plug and Play | 64
Customize the Configuration Using J-Web | 65
Viewing Factory-Default Settings | 66
Maintaining Components
4
Maintaining the SRX320 Components | 69
Required Tools and Parts for Maintaining the SRX320 Services Gateway Hardware
Components | 69
Routine Maintenance Procedures for the SRX320 Services Gateway | 69
Maintaining the SRX320 Services Gateway Cooling System Components | 70
Maintaining the SRX320 Services Gateway Power Supply | 70
Replacing Mini-Physical Interface Modules in the SRX320 Services Gateway | 70
Troubleshooting Hardware
5
Troubleshooting the SRX320 | 73
Troubleshooting Resources for the SRX320 Services Gateway Overview | 73
Troubleshooting Chassis and Interface Alarm Messages on the SRX320 Services Gateway | 73
Troubleshooting the Power System on the SRX320 Services Gateway | 75
Using the RESET CONFIG Button | 75
Changing the RESET CONFIG Button Behavior | 76
Contacting Customer Support and Returning the Chassis or Components
6
Returning the SRX320 Chassis or Components | 78
Contacting Customer Support | 78
Returning a SRX320 Services Gateway Component to Juniper Networks | 79
Locating the SRX320 Services Gateway Chassis Serial Number and Agency Labels | 79
v
Locating the SRX320 Services Gateway Mini-Physical Interface Module Serial Number
Label | 80
Listing the SRX320 Services Gateway Component Details with the CLI | 80
Required Tools and Parts for Packing the SRX320 Services Gateway | 81
Packing the SRX320 Services Gateway for Shipment | 81
Packing SRX320 Services Gateway Components for Shipment | 82
Safety and Compliance Information
7
Definitions of Safety Warning Levels | 85
General Safety Guidelines and Warnings | 88
Restricted Access Warning | 90
Qualified Personnel Warning | 93
Prevention of Electrostatic Discharge Damage | 93
Fire Safety Requirements | 95
Fire Suppression | 95
Fire Suppression Equipment | 95
Laser and LED Safety Guidelines and Warnings | 96
General Laser Safety Guidelines | 96
Class 1 Laser Product Warning | 97
Class 1 LED Product Warning | 98
Laser Beam Warning | 99
Radiation from Open Port Apertures Warning | 100
Maintenance and Operational Safety Guidelines and Warnings | 101
Battery Handling Warning | 102
Jewelry Removal Warning | 103
Lightning Activity Warning | 105
Operating Temperature Warning | 106
Product Disposal Warning | 108
Action to Take After an Electrical Accident | 109
vi
General Electrical Safety Guidelines and Warnings | 109
SRX320 Services Gateway Agency Approvals | 110
SRX320 Services Gateway Acoustic Noise Compliance Statements | 111
SRX320 Services Gateway EMC Requirements | 112
Canada | 112
European Community | 112
Israel | 112
Japan | 112
United States | 113
vii
About the Documentation
IN THIS SECTION
Documentation and Release Notes | viii
Using the Examples in This Manual | viii
Documentation Conventions | x
Documentation Feedback | xiii
Requesting Technical Support | xiii
Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX320 Services Gateway. After completing the installation and basic configuration
procedures covered in this guide, refer to the Junos OS documentation for information about further
software configuration.
Documentation and Release Notes
To obtain the most current version of all Juniper Networks
®
technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.
viii
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
ix
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see CLI Explorer.
Documentation Conventions
Table 1 on page xi defines notice icons used in this guide.
x
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware
damage.
Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page xi defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type
the configure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on
the terminal screen.
Fixed-width text like this
A policy term is a named structure
that defines match conditions and
actions.
Junos OS CLI User Guide
RFC 1997, BGP Communities
Attribute
Introduces or emphasizes important
new terms.
Identifies guide names.
Identifies RFC and Internet draft
titles.
Italic text like this
xi
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
Configure the machine’s domain
name:
[edit]
root@# set system domain-name
domain-name
Represents variables (options for
which you substitute a value) in
commands or configuration
statements.
Italic text like this
To configure a stub area, include
the stub statement at the [edit
protocols ospf area area-id]
hierarchy level.
The console port is labeled
CONSOLE.
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.
Text like this
stub <default-metric metric>;Encloses optional keywords or
variables.
< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamic MPLS
only
Indicates a comment specified on the
same line as the configuration
statement to which it applies.
# (pound sign)
community name members [
community-ids ]
Encloses a variable for which you can
substitute one or more values.
[ ] (square brackets)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
Identifies a level in the configuration
hierarchy.
Indention and braces ( { } )
Identifies a leaf statement at a
configuration hierarchy level.
; (semicolon)
GUI Conventions
xii
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
In the Logical Interfaces box, select
All Interfaces.
To cancel the configuration, click
Cancel.
Represents graphical user interface
(GUI) items you click or select.
Bold text like this
In the configuration editor hierarchy,
select Protocols>Ospf.
Separates levels in a hierarchy of
menu selections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:
Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper
Networks TechLibrary site, and do one of the following:
Click the thumbs-up icon if the information on the page was helpful to you.
Click the thumbs-down icon if the information on the page was not helpful to you or if you have
suggestions for improvement, and use the pop-up form to provide feedback.
E-mail—Send your comments to [email protected]. Include the document or topic name,
URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
xiii
covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.
JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User
Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.
JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,
365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:
Find CSC offerings: https://www.juniper.net/customers/support/
Search for known bugs: https://prsearch.juniper.net/
Find product documentation: https://www.juniper.net/documentation/
Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
Download the latest versions of software and review release notes:
https://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software notifications:
https://kb.juniper.net/InfoCenter/
Join and participate in the Juniper Networks Community Forum:
https://www.juniper.net/company/communities/
Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:
https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC
You can create a service request with JTAC on the Web or by telephone.
Visit https://myjuniper.juniper.net.
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
https://support.juniper.net/support/requesting-support/.
xiv
1
CHAPTER
Overview
SRX320 Services Gateway Overview | 16
SRX320 Chassis | 18
SRX320 Cooling System | 23
SRX320 Power System | 24
SRX320 Services Gateway Overview
IN THIS SECTION
SRX320 Services Gateway Description | 16
SRX320 Services Gateway Field Replaceable Units Overview | 17
Benefits of the SRX320 Services Gateway | 17
SRX320 Services Gateway Description
The SRX320 Services Gateway consolidates security, routing, switching, and WAN interfaces for small
distributed enterprises. With advanced threat mitigation capabilities, the services gateway provides
cost-effective and secure connectivity across distributed enterprises.
With a desktop form-factor chassis, the SRX320 Services Gateway has six 1 G Ethernet ports, two 1 G
SFP ports, 4 GB of DRAM memory, 8 GB of flash memory, and two Mini-Physical Interface Module
(Mini-PIM) slots.
The SRX320 Services Gateway is available with or without Power over Ethernet (PoE) capability. In the
PoE model. the six Ethernet ports are PoE capable.
The SRX320 Services Gateway runs the Junos operating system (Junos OS) and supports the following
features:
Firewall support with key features such as IPsec and VPN
Intrusion Detection and Prevention (IDP)
High availability
QoS
MPLS
You can manage the SRX320 Services Gateway by using the same interfaces that you use for managing
other devices that run Junos OS—the CLI, the J-Web graphical interface, and Junos Space.
16
SRX320 Services Gateway Field Replaceable Units Overview
Field-replaceable units (FRUs) are components that you can replace at your site. The Mini-Physical Interface
Module (MPIM) is the only FRU on the SRX320 Services Gateway.
The Mini-PIMs are not hot-swappable. You must power off the services gateway before removing or
installing Mini-PIMs.
SEE ALSO
Replacing Mini-Physical Interface Modules in the SRX320 Services Gateway | 70
Benefits of the SRX320 Services Gateway
High performance—The SRX320 supports up to 1-Gbps firewall and 300-Mbps IPsec VPN, and is suited
for small distributed enterprise branch office deployments.
Simplified deployment with minimal manual intervention—The Zero Touch Provisioning (ZTP) feature
enables you to provision and configure the SRX300 line automatically, thereby reducing operational
complexity and simplifying the provisioning of new sites.
Multiple WAN connectivity options—The SRX320 supports multiple options such as Ethernet, serial,
T1/E1, VDSL2, and 3G/4G LTE wireless for WAN or Internet connectivity to link sites.
Threat protection—The SRX300 line supports IPsec VPN, Media Access Control Security (MACsec),
Juniper Sky Advanced Threat Prevention, and Trusted Platform Module (TPM) to protect against potential
vulnerabilities.
RELATED DOCUMENTATION
SRX320 Installation Overview | 41
17
SRX320 Chassis
IN THIS SECTION
SRX320 Services Gateway Chassis Overview | 18
SRX320 Services Gateway Front Panel | 18
SRX320 Services Gateway Back Panel | 21
SRX320 Services Gateway Interface Modules Overview | 23
SRX320 Services Gateway Chassis Overview
The SRX320 Services Gateway chassis measures 1.73 in. high, 11.81 in. wide, and 7.52 in. deep. The PoE
model weighs 3.4 lb. and the non-PoE model weighs 3.28 lb.
CAUTION: Before removing or installing components of a functioning services gateway,
attach an electrostatic discharge (ESD) strap to an ESD point and place the other end
of the strap around your bare wrist. Failure to use an ESD strap could result in damage
to the device.
The services gateway must be connected to earth ground during normal operation. The protective earthing
terminal on the rear of the chassis is provided to connect the services gateway to ground.
SRX320 Services Gateway Front Panel
Figure 1 on page 19 shows the front panel of the SRX320 Services Gateway.
18
Figure 1: SRX320 Services Gateway Front Panel
Table 3 on page 19 provides details about the front panel components.
Table 3: SRX320 Services Gateway Front Panel Components
DescriptionComponentNumber
Returns the services gateway to the rescue configuration
or the factory-default configuration.
Reset Config button1
Serial—Connects a laptop to the services gateway for
CLI management. The port uses an RJ-45 serial
connection and supports the RS-232 (EIA-232)
standard.
USB—Connects a laptop to the services gateway for
CLI management through a USB interface. The port
accepts a Mini-B type USB cable plug. A USB cable with
Mini-B and Type A USB plugs is supplied with the
services gateway.
To use the mini-USB console port, you must download
a USB driver to the management device from the
Downloads page at
https://www.juniper.net/support/downloads/?p=junos-srx#sw.
To download the driver for Windows OS, select 6.5
from the Version drop-down list.
To download the driver for Mac OS, select 4.10 from
the Version drop-down list.
Console port2,6
Two slots for Mini-PIMs. Mini-PIMs can be used to
provide LAN and WAN functionality along with
connectivity to various media types.
Mini-PIM slots3
Two 1-GbE MACsec-capable ports for network traffic.1-GbE small form-factor pluggable
(SFP) ports
4
19
Table 3: SRX320 Services Gateway Front Panel Components (continued)
DescriptionComponentNumber
Six LAN ports (0/0 to 0/5)
The ports have the following characteristics:
Operate in full-duplex and half-duplex modes
Support autonegotiation
The ports can be used to:
Function as front-end network ports
Provide LAN and WAN connectivity to hubs, switches,
local servers, and workstations
Forward incoming data packets to the services gateway
Receive outgoing data packets from the services
gateway
1-GbE RJ-45 ports5
The services gateway has one USB port that accepts a
USB storage device.
USB port7
Indicate component and system status at a glance.LEDs8
Use the Power button to power on or power off the
services gateway.
Power button9
Figure 2 on page 20 shows the LEDs on the front panel.
Figure 2: SRX320 Services Gateway Front Panel LEDs
Table 4 on page 21 lists the front panel LEDs.
20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113

Juniper SRX320 Manuale utente

Categoria
Gateway / controllori
Tipo
Manuale utente

in altre lingue