Step 1: Begin
This guide walks you through the simple steps to onboard Juniper Networks® SRX Series Firewalls to the Juniper® Security Director Cloud. You can onboard SRX Series Firewalls to Juniper Security Director Cloud using the following options:
-
Greenfield onboarding: Onboard new cloud-ready SRX Series Firewalls.
-
Brownfield onboarding: Onboard existing, in-service SRX Series Firewalls.
You can also onboard SRX Series Firewalls using the following methods:
- To onboard SRX Series Firewalls to Juniper Security Director Cloud using ZTP, see Add Devices Using Zero Touch Provisioning.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using JWeb, see Add SRX Series Firewalls to Juniper Security Director Cloud Using JWeb.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Juniper Security Director Cloud using Security Director on-prem, see Add Devices to Juniper Security Director Cloud.
- To onboard cloud-ready SRX Series Firewalls using Mist, see Cloud-Ready SRX Firewalls with Mist.
- To onboard (adopt) existing, in-service (brownfield), SRX Series Firewalls into Mist, see SRX Adoption.
Greenfield Onboarding: Add Cloud-Ready SRX Series Firewalls to Juniper Security Director Cloud Using QR Code
Install the rack and power on your cloud-ready SRX Series Firewall. For instructions specific to your device, see the applicable hardware guide.
Firewall |
Install and Maintain Hardware |
---|---|
SRX1600 |
|
SRX2300 |
|
SRX4300 |
DHCP is enabled on all interfaces on cloud-ready SRX Series Firewalls in the factory-default configuration. Make sure that you can connect to the Internet using one of the interfaces.
Brownfield Onboarding: Add SRX Series Firewalls to Juniper Security Director Cloud Using Commands
-
Make sure SRX Series Firewall can communicate with Juniper Security Director Cloud fully qualified domain name (FQDN) on respective ports. The FQDN of each home region is different. See the following table for FQDN mapping details.
Table 2: Home Region to FQDN Mapping Region Purpose Port FQDN North Virginia, US
ZTP
443
jsec2-virginia.juniperclouds.net
Outbound SSH
7804
srx.sdcloud.juniperclouds.net
Syslog TLS
6514
srx.sdcloud.juniperclouds.net
Ohio, US
ZTP
443
jsec2-ohio.juniperclouds.net
Outbound SSH
7804
srx.jsec2-ohio.juniperclouds.net
Syslog TLS
6514
srx.jsec2-ohio.juniperclouds.net
Montreal, Canada
ZTP
443
jsec-montreal2.juniperclouds.net
Outbound SSH
7804
srx.jsec-montreal2.juniperclouds.net
Syslog TLS
6514
srx.jsec-montreal2.juniperclouds.net
Frankfurt, Germany
ZTP
443
jsec-frankfurt.juniperclouds.net
Outbound SSH
7804
srx.jsec-frankfurt.juniperclouds.net
Syslog TLS
6514
srx.jsec-frankfurt.juniperclouds.net
-
Use TCP port 53 and UDP port 53 to connect to Google DNS servers (IP addresses—8.8.8.8 and 8.8.4.4). The Google DNS servers are specified as the default servers in the factory settings of the SRX Series Firewalls. You must use these default DNS servers when you use ZTP to onboard the firewalls. You can use private DNS servers when you use other methods to onboard the firewalls. Note that you must make sure that the private DNS servers can resolve the Juniper Security Director Cloud FQDNs.
It will take few seconds for the device discovery. After device discovery is successful, verify the following fields on the Devices page:
-
Management Status changes from Discovery in progress to Up.
-
Inventory Status and Device Config Status changes from Out of Sync to In Sync.
In case of discovery failure, go to Administration > Jobs page to view the status.
You’re ready to associate devices to your Juniper Security Director Cloud subscription. To continue, proceed to Step 2: Up and Running.