Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Step 1: Begin

This guide walks you through the simple steps to onboard Juniper Networks® SRX Series Firewalls to the Juniper® Security Director Cloud. You can onboard SRX Series Firewalls to Juniper Security Director Cloud using the following options:

  • Greenfield onboarding: Onboard new cloud-ready SRX Series Firewalls.

  • Brownfield onboarding: Onboard existing, in-service SRX Series Firewalls.

Figure 1: Onboard SRX Series Firewalls to Juniper Security Director Cloud Onboard SRX Series Firewalls to Juniper Security Director Cloud
Note:

You can also onboard SRX Series Firewalls using the following methods:

Greenfield Onboarding: Add Cloud-Ready SRX Series Firewalls to Juniper Security Director Cloud Using QR Code

Your firewall is cloud-ready if it has a QR claim code on the front or back panel. You can onboard the cloud-ready SRX Series Firewalls using your mobile phone.
Before You Begin

Install the rack and power on your cloud-ready SRX Series Firewall. For instructions specific to your device, see the applicable hardware guide.

Table 1: Juniper Security Director Cloud Supported Cloud-Ready SRX Series Firewalls and Related Documentation

Firewall

Install and Maintain Hardware

SRX1600

SRX1600 Firewall Hardware Guide

SRX2300

SRX2300 Firewall Hardware Guide

SRX4300

SRX4300 Firewall Hardware Guide

Note:

DHCP is enabled on all interfaces on cloud-ready SRX Series Firewalls in the factory-default configuration. Make sure that you can connect to the Internet using one of the interfaces.

  1. Decide which Juniper Security Director Cloud Subscriptions you need and contact your sales representative or account manager to purchase subscriptions. You can also use a 30-day trial subscription that is available in the portal by default.
  2. Go to https://sdcloud.juniperclouds.net/ and click Create an organization account.
    Follow the on-screen instructions to activate your account. It takes up to 7 working days to approve your account.
  3. To add the purchased subscriptions, log in to the Juniper Security Director Cloud portal, click Add Subscriptions, enter details, and click OK.

    View your added subscriptions from Subscriptions>SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.

  4. Use your mobile phone to scan the QR code on the cloud-ready SRX Series Firewall. Click the displayed link and select Claim to SD Cloud to go to Juniper Security Director Cloud login page.
  5. Read the prerequisites, enter your e-mail address, and click Next.
  6. Follow the on-screen instructions to sign in.
  7. Select the organization to add your device, enter the root password, and click Add Device.
    Congratulations! You've successfully registered your device to the organization and added your device to Juniper Security Director Cloud. Log out from the page in your mobile phone.
  8. Power on you cloud-ready SRX Series Firewall and log in to Juniper Security Director Cloud portal using your laptop or desktop. View the newly added device on the SRX > Device Management > Devices page.
    Note:

    Device discovery takes a few seconds to complete. After successful device discovery, you can see the following status updates:

    • Inventory Status: In Sync

    • Device Config Status: In Sync

    • Management Status: Up

    Congratulations! You've successfully onboarded your cloud-ready SRX Series Firewall. You’re now ready to associate devices to your Juniper Security Director Cloud subscription.

    To continue, proceed to Step 2: Up and Running.

Brownfield Onboarding: Add SRX Series Firewalls to Juniper Security Director Cloud Using Commands

Before You Begin:
  • Make sure SRX Series Firewall can communicate with Juniper Security Director Cloud fully qualified domain name (FQDN) on respective ports. The FQDN of each home region is different. See the following table for FQDN mapping details.

    Table 2: Home Region to FQDN Mapping
    Region Purpose Port FQDN

    North Virginia, US

    ZTP

    443

    jsec2-virginia.juniperclouds.net

    Outbound SSH

    7804

    srx.sdcloud.juniperclouds.net

    Syslog TLS

    6514

    srx.sdcloud.juniperclouds.net

    Ohio, US

    ZTP

    443

    jsec2-ohio.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec2-ohio.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec2-ohio.juniperclouds.net

    Montreal, Canada

    ZTP

    443

    jsec-montreal2.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec-montreal2.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec-montreal2.juniperclouds.net

    Frankfurt, Germany

    ZTP

    443

    jsec-frankfurt.juniperclouds.net

    Outbound SSH

    7804

    srx.jsec-frankfurt.juniperclouds.net

    Syslog TLS

    6514

    srx.jsec-frankfurt.juniperclouds.net

  • Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.

  1. Decide which Juniper Security Director Cloud Subscriptions you need and contact your sales representative or account manager to purchase subscriptions.
  2. Go to https://sdcloud.juniperclouds.net/ and click Create an organization account.
    Follow the on-screen instructions to activate your account. It takes up to 7 working days to approve your account activation request.
  3. Log in to the Juniper Security Director Cloud portal, click Add Subscriptions, enter details, and click OK.

    View your added subscriptions from Subscriptions>SRX Management Subscriptions. If you do not see your subscriptions, go to Administration > Jobs page to view the status.

  4. Go to Juniper Security Director Cloud, select SRX > Device Management > Devices, and click the + icon to add your devices.
  5. Click Adopt SRX Devices and select one of the following:
    • SRX Devices

    • SRX Clusters

    • SRX Multinode High Availability (MNHA) Pairs

    Follow the on-screen instructions to continue.
  6. Copy and paste the commands from the devices page to the SRX Series Firewall or the primary cluster device console or each device in the MNHA pair, and commit the changes.

It will take few seconds for the device discovery. After device discovery is successful, verify the following fields on the Devices page:

  • Management Status changes from Discovery in progress to Up.

  • Inventory Status and Device Config Status changes from Out of Sync to In Sync.

Note:

In case of discovery failure, go to Administration > Jobs page to view the status.

You’re ready to associate devices to your Juniper Security Director Cloud subscription. To continue, proceed to Step 2: Up and Running.