Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Onboard SRX Series Firewalls for WAN Configuration

In a Juniper Mist™ network, you must onboard your Juniper Networks® SRX Series Firewalls by assigning them to sites. Complete the onboarding by attaching hub profiles and spoke templates to the respective hub sites and spoke sites. This final step brings the topology together.

Before You Begin

We assume that you have your SRX Series Firewall already onboarded to the Juniper Mist™ cloud. We also assume that the physical connections such as cabling are already in place and that you are using valid interfaces and VLANs in your sandbox.

For details on getting your SRX Series Firewall up and running in the Mist cloud, see Cloud-Ready SRX Firewalls

Assign a WAN Edge Spoke Template to a Site

You can attach the templates that you configured in the Juniper Mist™ cloud to one or more sites.

The template that you created in Configure WAN Edge Templates for SRX Series Firewalls now exists in the Juniper Mist cloud as an object that you can assign to one or more sites. WAN edge templates are a quick and easy way to group the common attributes of WAN edge spoke devices. You can apply a single template to multiple sites. Any changes to the WAN edge template are applied to all the sites without any additional steps.

If a site already has a template assigned to it, assigning another template will replace the existing template. That is, one site cannot have two templates, and the newer template will overwrite the older template.

To assign a WAN edge spoke template to a site:

  1. In the Juniper Mist portal, select Organization > WAN > WAN Edge Templates and select the required template.
  2. Scroll to the top of the WAN Edge Templates page, and click Assign to Sites.
    Figure 1: Assign Spoke Templates to Sites Assign Spoke Templates to Sites
  3. In the Assign Template to Sites window, select the required sites and click Apply.
    Figure 2: Select Sites to Assign Spoke Templates Select Sites to Assign Spoke Templates
The WAN Edge Templates page reflects the updated status. Figure 3 indicates that three sites are using the template.
Figure 3: WAN Edge Templates Applied to Sites WAN Edge Templates Applied to Sites

Assign an SRX Series Firewall to a Site

To assign your SRX Series Firewall devices to sites, the devices must be present in the Juniper Mist inventory. You can claim or adopt your SRX Series Firewall to onboard it in the Juniper Mist cloud. After the device is on board, the organization inventory shows the device. For details on onboarding, see SRX Adoption.

To assign an SRX Series Firewall to a site:

  1. In the Juniper Mist portal. click Organization > Admin > Inventory.
  2. Refresh your browser and check under WAN Edges to find out if your SRX Series Firewall is part of the inventory.
    Figure 4: SRX Series Firewall in Inventory SRX Series Firewall in Inventory
    Tip:

    For virtual SRX Series Firewalls, you onboard the device and then assign it to the site. Alternatively, you can use the system MAC address or serial number for assigning the device to the site. Use the following CLI commands to get the device MAC address and serial number:
  3. Assign each SRX Series Firewall to an individual site using the Assign to Site option.
    Figure 5: Assign SRX Series Firewalls to Sites Assign SRX Series Firewalls to Sites
  4. On the Assign WAN Edges page, select the site you want to assign from the list of available sites.
    Figure 6: Select a Site Select a Site

    • Do not select the Manage configuration with Mist option. If you do, you may see unwanted changes on your SRX Series Firewall. You can enable the option later if required, after you've assigned the device to the site.

  5. Check the Use site setting for APP Track license option if you have a valid Application Security license, and then click Assign to Site.
    Figure 7 shows changes in the inventory once you assign the device to the site.
    Figure 7: Site Assignment Summary Site Assignment Summary

Assign a Hub Profile to the SRX Series Firewall

A hub profile comprises the set of attributes that are associated with a particular hub device. Each hub device in a Juniper Mist™ cloud topology must have its own profile. You apply the hub profile to an individual device that’s at a hub site.

To assign a hub profile to the SRX Series Firewall, which is part of a hub site:

  1. In the Juniper Mist portal, click Organization > WAN > Hub Profiles. The Hub Profile displays the list of existing profiles.
  2. Click the hub profile that you want to assign to a site.
  3. Under the Applies To option, select the site from the list of available sites.
    Figure 8: Select Devices on Sites Select Devices on Sites
  4. Click Save to continue.
  5. Repeat the same steps to add more hub sites. You can see the result on the Hub Profiles page.
    Figure 9: Hub Profile Assignment Summary Hub Profile Assignment Summary

See Also