Step 1: Begin
This guide walks you through the simple steps to onboard Juniper Networks® SRX Series Firewalls to the Juniper® Security Director Cloud. You can onboard SRX Series Firewalls to Juniper Security Director Cloud using the following options:
-
Greenfield onboarding: Onboard new cloud-ready SRX Series Firewalls.
-
Brownfield onboarding: Onboard existing, in-service SRX Series Firewalls.
You can also onboard SRX Series Firewalls using the following methods:
- To onboard SRX Series Firewalls to Juniper Security Director Cloud using ZTP, see Add Devices Using Zero Touch Provisioning.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using JWeb, see Add SRX Series Firewalls to Juniper Security Director Cloud Using JWeb.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using Security Director on-prem, see Add Devices to Juniper Security Director Cloud.
- To onboard cloud-ready SRX Series Firewalls using Mist, see Cloud-Ready SRX Firewalls with Mist.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Mist, see SRX Adoption.
Greenfield Onboarding: Add Cloud-Ready SRX Series Firewalls to Juniper Security Director Cloud Using QR Code
Install the rack and power on your cloud-ready SRX Series Firewall. For instructions specific to your device, see the applicable hardware guide.
Firewall |
Install and Maintain Hardware |
|---|---|
|
SRX1600 |
|
|
SRX2300 |
|
|
SRX4300 |
DHCP is enabled on all interfaces on cloud-ready SRX Series Firewalls in the factory-default configuration. Make sure that you can connect to the Internet using one of the interfaces.
-
To add the purchased subscriptions, log in to the Juniper Security Director Cloud portal, click Add Subscriptions, enter details,
and click OK.
View your added subscriptions from Subscriptions>SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.
-
Use your mobile phone to scan the QR code on the cloud-ready SRX Series
Firewall. Click the displayed link and select Claim to SD
Cloud to go to Juniper Security Director Cloud login page.
-
Read the prerequisites, enter your e-mail address, and click
Next.
-
Follow the on-screen instructions to sign in.
-
Select the organization to add your device, enter the root password, and
click Add Device.
Congratulations! You've successfully registered your device to the organization and added your device to Juniper Security Director Cloud. Log out from the page in your mobile phone.
-
Power on you cloud-ready SRX Series Firewall and log in to Juniper Security Director Cloud portal using your laptop or desktop. View the
newly added device on the SRX > Device
Management > Devices page.
Note:Device discovery takes a few seconds to complete. After successful device discovery, you can see the following status updates:
-
Inventory Status: In Sync
-
Device Config Status: In Sync
-
Management Status: Up
Congratulations! You've successfully onboarded your cloud-ready SRX Series Firewall. You’re now ready to associate devices to your Juniper Security Director Cloud subscription.
To continue, proceed to Step 2: Up and Running.
-
Brownfield Onboarding: Add SRX Series Firewalls to Juniper Security Director Cloud Using Commands
-
Make sure SRX Series Firewall can communicate with Juniper Security Director Cloud fully qualified domain name (FQDN) on respective ports. The FQDN of each home region is different. See the following table for FQDN mapping details.
Table 2: Home Region to FQDN Mapping Region Purpose Port FQDN North Virginia, US
ZTP
443
jsec2-virginia.juniperclouds.net
Outbound SSH
7804
srx.sdcloud.juniperclouds.net
Syslog TLS
6514
srx.sdcloud.juniperclouds.net
Ohio, US
ZTP
443
jsec2-ohio.juniperclouds.net
Outbound SSH
7804
srx.jsec2-ohio.juniperclouds.net
Syslog TLS
6514
srx.jsec2-ohio.juniperclouds.net
Montreal, Canada
ZTP
443
jsec-montreal2.juniperclouds.net
Outbound SSH
7804
srx.jsec-montreal2.juniperclouds.net
Syslog TLS
6514
srx.jsec-montreal2.juniperclouds.net
Frankfurt, Germany
ZTP
443
jsec-frankfurt.juniperclouds.net
Outbound SSH
7804
srx.jsec-frankfurt.juniperclouds.net
Syslog TLS
6514
srx.jsec-frankfurt.juniperclouds.net
-
Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.
-
Log in to the Juniper Security Director Cloud portal, click
Add Subscriptions, enter details, and click
OK.
View your added subscriptions from Subscriptions>SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.
-
Click Adopt SRX Devices and select one of the
following:
-
SRX Devices
-
SRX Clusters
-
SRX Multinode High Availability (MNHA) Pairs
Follow the on-screen instructions to continue. -
-
Copy and paste the commands from the devices page to the SRX Series
Firewall or the primary cluster device console or each device in the MNHA
pair, and commit the changes.
It will take few seconds for the device discovery. After device discovery is successful, verify the following fields on the Devices page:
-
Management Status changes from Discovery in progress to Up.
-
Inventory Status and Device Config Status changes from Out of Sync to In Sync.
In case of discovery failure, go to Administration > Jobs page to view the status.
You’re ready to associate devices to your Juniper Security Director Cloud subscription. To continue, proceed to Step 2: Up and Running.