Configure Basic Settings
You are here: Device Administration > Basic Settings.
Use this page to configure your device basic settings.
You can do the following:
Save—Saves all the basic settings configuration and returns to the main configuration page.
Note:For all the configuration options under Basic Settings:
Tool tip on the right-side represents different icons for notifications, validation errors, and successful configuration.
When you make a configuration change and navigate to a different page without saving it, a pop-up message is displayed to save the configuration.
Cancel—Cancels all your entries and returns to the main configuration page.
Commit—Commits all the basic settings configuration and returns to the main configuration page.
Expand all—Click the arrow pointing outwards icon to expand all the options.
Collapse all—Click the arrow pointing inwards to collapse or hide all the options.
Table 1 describes the fields on the Basic Settings page.
Field |
Action |
---|---|
System Identity | |
Hostname |
Enter a hostname for the device. |
Domain name |
Enter a domain name to specify the network or subnetwork to which the device belongs. |
Root password |
Enter a password for the root user. Note:
After you have defined a root password, that password is required when you log in to the J-Web or the CLI. |
Confirm root password |
Re-enter the password to confirm. |
DNS servers |
Select an option to specify the DNS server settings:
|
Domain search |
Select an option:
|
Time | |
Time zone |
Select the time zone from the list in which the router resides. |
Time source |
Select an option from the list to set the system time: |
NTP Servers—Synchronizes the system time with the NTP server that you select. Click one of the following options:
|
|
Computer—Uses the computer that you are currently logged into to determine the system time for the device. Note:
When you select this option, the PC time that will be used is displayed in the Current Date & Time field. |
|
Manual—Enables you to manually select the date and time for the device. Set the date and time using the calendar pick tool and time fields. Note:
After you configure the time manually, the session will expire. Log in to J-Web. |
|
Device date & time |
Displays the device date and time. |
Current date & time |
Displays the current date and time. |
Management and Loopback Address | |
Management address |
Enter IPv4 address for the device. |
Subnet |
Enter subnet of the IPv4 address. |
Loopback address |
Enter IP address and subnet for the loopback address. Note:
If the SRX Series Firewall does not have a dedicated management port (fxp0), then Loopback Address and Subnet are the only options available for the management access configuration. |
Subnet |
Enter the address, for example, 255.255.255.0. You can also specify the address prefix. Specifies the range of logical addresses within the address space that is assigned to an organization. |
Default gateway |
Enter the default gateway address for IPv4. |
System Services | |
Telnet |
Select this option to enable telnet. |
SSH |
Select this option to enable SSH connections. |
FTP |
Select this option to enable FTP for secure file transfer. |
NETCONF |
Select this option to enable NETCONF connections. |
Junoscript over SSL |
Select this option to enable Junoscript connections over SSL. |
Junoscript certificate |
Select the local certificate for SSL from the list. |
HTTP |
Select this option to enable HTTP connection settings. |
Interface |
Select the interface in order of your preference and click on the left arrow/right arrow to add. |
HTTPS |
Select this option to enable HTTPS connection settings. |
Interface |
Select the interface in order of your preference and click on the left arrow/right arrow to add. |
HTTPS certificate |
Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs. Select the HTTPS certificate from the list. |
PKI certificate |
Select the PKI certificate for HTTPS from the list. Note:
This option is available only if you select pki-local-certificate in the HTTPS Certificate options. |
Local certificate |
Select the local certificate for HTTPS from the list. Note:
This option is available only if you select local-certificate in the HTTPS Certificate options. |
Web API |
Select to enable Web API configuration. |
Client |
Select to enable client for the Web API. |
Hostname |
Provides the address of permitted HTTP/HTTPS request originators. To add, click + and enter the IPv4 address of the permitted HTTP/HTTPS request originator and click tick mark to save the changes. To delete, select the hostname and click the delete icon. Then, click Yes to delete it. |
HTTP |
Select to enable unencrypted HTTP connection settings. |
HTTP port |
Click top or bottom arrows to select the TCP ports for incoming HTTP connections. |
HTTPs |
Select to enable encrypted HTTPS connection settings. |
HTTPS port |
Click top or bottom arrows to select the TCP ports for incoming HTTP connections. |
Certificate type |
Select to specify the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs for Web API:
|
User |
Select this option to enable user credentials. |
Name |
Enter a username. |
Password |
Enter the user password. |
REST API |
Enable this option to allow RPC execution over HTTP(S) connection. |
Explorer |
Select this option to enable REST API explorer. |
Control |
Select this option to enable control the REST API process. |
Allowed sources |
Provides the source IP address. Click + and enter the IPv4 address of the source. Then, click tick mark. To delete, select an existing address and click the delete icon. Then, click Yes to delete it. |
Connection limit |
Click top or bottom arrows to select the number of simultaneous connections. |
HTTP |
Select to enable unencrypted HTTP connections for REST API. |
Address |
Click + and enter the IPv4 address for the incoming connections for HTTP of REST API. Then, click tick mark to add it. To delete, select an existing address and click the delete icon. Then, click Yes to delete it. |
Port |
Click top or bottom arrows to select the HTTP port to accept HTTP connections for REST API. Note:
The default port for HTTP of REST API is 3000. |
HTTPS |
Select to enable encrypted HTTPS connections for REST API. |
Address |
Click + and enter the IPv4 address for the incoming connections for HTTPS of REST API. Then, click tick mark to add it. To delete, select an existing address and click the delete icon. Then, click Yes to delete it. |
Cipher list |
Select the Cipher suites in order of your preference and click on the left arrow or right arrow to add. |
Port |
Click top or bottom arrows to select the HTTPS port to accept the HTTPS connection of REST API. Note:
The default port for HTTPS of REST API is 3443. |
Server certificate |
Select server certificate from the list. See Import a Device Certificate to import a device certificate. |
CA Profile |
Select the certificate authority profile for HTTPS of REST API from the list. To create Certificate Authority inline:
|
Security Logging | |
Stream mode logging |
Select this option to enable logging. Note:
The Enable Traffic Logs option is available for user logical system and tenants. |
UTC timestamp |
Select this option to enable UTC Timestamp for security log timestamps. |
Log on |
Select one of the log on types for logging.
|
IP address |
Enter the source IP address. Note:
This option is available if you select the log on type as Source Address. |
Format |
Specifies the format in which the logs are stored. Select a format in which the logs are stored from the list.
By default, None logging format is selected. |
Transport protocol |
Select an option from the list to specify the type of logging transport protocol:
By default, None is selected. |
Connections |
Select the TCP or TLS connections for logging using up and down arrows. Note:
This option is available if you select the transport protocol option as TCP or TLS. |
TLS profile |
Select a TLS profile from the list. Note:
This option is available if you select the transport protocol option as TLS. |
Syslog server |
Enables you to configure syslog servers. You can configure a maximum of three syslog servers. Perform one of the following tasks:
|
On-box reporting |
Enable this option to generate on-box reports. Note:
We recommend you use Stream mode logging to syslog server. |
SNMP | |
Contact information |
Enter any contact information for the administrator of the system (such as name and phone number). |
System description |
Enter any information that describes the system. |
Local engine ID |
Enter the MAC address of Ethernet management port 0. Specifies the administratively unique identifier of an SNMPv3 engine for system identification. The local engine ID contains a prefix and a suffix. The prefix is formatted according to specifications defined in RFC 3411. The suffix is defined by the local engine ID. Generally, the local engine ID suffix is the MAC address of Ethernet management port 0. |
System location |
Enter any location information for the system (lab name or rack name, for example). |
System name override |
Specifies the option to override the system hostname. Enter the name of the system. |
Community |
Specifies the name and authorization for the SNMP community.
Click tick mark. |
Trap groups | |
Name |
Click + to add a trap group. Enter the SNMP trap group being configured. |
Categories |
Select trap categories to add to the trap group being configured. The options available are:
|
Targets |
Specifies one or more IP addresses that specify the systems to receive SNMP traps that are generated by the trap group being configured. Click +, enter the target IP address for SNMP trap group, and click tick mark. |
Health monitoring |
Enable the option to check the SNMP health monitor on the device. The health monitor periodically checks the following key indicators of device health:
|
Interval |
Specifies the sampling frequency interval, in seconds, over which the key health indicators are sampled and compared with the rising and falling thresholds. For example, if you configure the interval as 100 seconds, the values are checked every 100 seconds. Select a value from 1 through 24855. The default value is 300 seconds. |
Rising threshold |
Specifies the value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is increasing. For example, if the rising threshold is 90, SNMP generates an event when the value of any key indicator reaches or exceeds 90 seconds. Select a value from 1 through 100. The default value is 90 seconds. |
Falling threshold |
Specifies a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator is decreasing. For example, if the falling threshold is 80, SNMP generates an event when the value of any key indicator falls back to 80 seconds or less. Select a value 0 through 100. The default value is 80 seconds. |
Redundant
PSU Note:
SRX380 devices support power supply redundancy for power management. |
|
Power Supply 0 |
Displays if the power supply is present or not. |
Power Supply 1 |
Displays if the redundant power supply is present or not. |
PSU Redundancy |
Enable this option to manage power on the SRX380 device. Note:
This option is available only when the device is in the standalone mode. |