Modifying the Basic Configuration for Security Devices

You can use the Basic Setup section on the Modify Configuration page to modify the basic configuration for a device. You can modify settings related to hostname and device name, system time, basic protocols, users, DNS, and SNMP.

Note:

Refer to the Junos OS documentation at https://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/ for a particular release and device. There you can find detailed information on the configuration parameters for that device.

To modify the basic configuration:

Select Devices > Security Devices.
The Security Devices page appears.
Select the devices to modify configuration.
From the More or right-click menu, select Configuration > Modify Configuration.
The Modify Configuration page appears with the Basic Setup section selected by default.
Modify the configuration according to the guidelines provided in Table 1.
After modifying the configuration, you can cancel the changes, save the changes, preview the changes, or save the changes and deploy the configuration on the device. See Modifying the Configuration of Security Devices.

Table 1: Basic Setup
Setting	Guideline
Hostname	Modify the hostname of the device.
Domain Name	Modify the domain name in which the device is located.
Root Password	Enter an alphanumeric password. It must be from 6 up to 128 characters long. It can include uppercase letters, lowercase letters, numbers, punctuation marks, and other special characters.
Confirm Password	Re-enter the password for the root user.
DNS Server	Configure a Domain Name System (DNS) for a device. Specify a server that the device can use to resolve hostnames into addresses. To add a DNS Server: Click + icon. The Add DNS Server page is displayed. Enter the IPv4 or IPv6 address of the DNS Server. Click OK. If the fields entered are valid, a DNS server is created and a confirmation message is displayed at the top of the Modify Configuration page. You can also edit or delete the DNS Server.
Domain Search	Specifies the DNS domain name. To include the domain name of the device in a DNS search: Click + icon. The Add Domain Name page is displayed. Enter the domain name. Enter a string with an alphanumeric character. You can include underscores, hyphen, slash, and dot. Spaces are not allowed. Click OK. You can also edit or delete the existing DNS names.
System Time Setting
Time Zone	Select the local time zone in which the device is located.
Time Source	Specifies the method the device uses to set the system time. Sync with NTP Server synchronizes the system time with the NTP server that you select.
NTP Server	Existing NTP servers are displayed in a table with the server name, authentication key, NTP server version, and whether the server is preferred (True) or not (False). You can perform the following actions: Add an NTP Server: Click + to add an NTP server. The Add NTP Server page is displayed. Complete the configuration according to the guidelines provided in Table 2. Click OK. If the fields entered are valid, an NTP server is created and a confirmation message is displayed at the top of the Modify Configuration page. Modify NTP server settings—Select an NTP server and click the pencil icon to modify the settings. The Edit NTP Server page appears, showing the same fields that are presented when you create an NTP server. You can modify some of the fields on this page. See Table 2 for an explanation of the fields. Delete NTP servers—Select one or more NTP servers and click the X icon to delete the NTP servers. The Warning page appears. Click Yes to confirm the deletion. The selected NTP servers are deleted.
Management Access Configuration
Web API	Select the checkbox to enable Web API configuration.
Client	Select the checkbox to enable web API client.
Host Name	Provides the address of permitted HTTP or HTTPS request originators. To add a hostname: Click + icon. The Add WebAPI Hostname page is displayed. Enter the IPv4 address of the request originator. Click OK. To edit the hostname, select the hostname and click the pencil icon. Click the delete icon to delete the hostname.
HTTP	Select the checkbox to enable unencrypted HTTP connection settings.
HTTP Port	Select a HTTP port. Provides TCP ports for incoming HTTP connections. The range is from 1 through 65535.
HTTPS	Select the checkbox to enable encrypted HTTPS connection settings.
HTTPS Port	Select a HTTPs port. Provides TCP ports for incoming HTTPS connections. The range is from 1 through 65535.
Certificate Type	Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs for Web API. Select an option: Default—Specifies the default certificate to be used. PKI Certificate—Specifies the name of the certificate that is generated by public key infrastructure (PKI). PKI Certificate—Select the PKI certificate for HTTPS of Web API. Local Certificate—Specifies the name of the local certificate. Upload Certificate—Browse and upload the certificate. Certificate Path—Displays the file path of the uploaded certificate. Certificate Key—Browse and upload the certificate key. Certificate Key Path—Displays the file path of the uploaded certificate key.
User	Select the checkbox to provide the user credential details.
Name	Enter the username.
Password	Enter the password.
REST API	Select the checkbox to enable REST API. Allows RPC execution over HTTP(S) connection.
Explorer	Select the checkbox to enable REST API explorer.
Control	Select the checkbox to specify the allowed source IP addresses and maximum number of simultaneous connections for the REST API process.
Allowed Sources	Specifies the source IP address for the REST API process. To add the source IP address for the REST API process: Click + icon. The Add Allowed Source page is displayed. Enter the IPv4 address of the source. Click OK.
Connection Limit	Select the maximum number of simultaneous connections for the REST API process.
HTTP	Select the checkbox to enable unencrypted HTTP connections for REST API.
Address	Provides addresses for the incoming connections for HTTP of REST API. To add the address: Click + icon. The Add Address page is displayed. Enter the IPv4 address. Click OK.
HTTP Port	Select the HTTP port. Provides port to accept HTTP connections for REST API. The range is from 1024 through 65535.
HTTPS	Select the checkbox to enable encrypted HTTPS connections for REST API.
Address	Provides addresses for the incoming connections for HTTPS of REST API. To add the address: Click + icon. The Add Address page is displayed. Enter the IPv4 address. Click OK.
HTTPS Port	Select the port to accept the HTTPS connection of REST API. The range is 1024 through 65535.
Cipher List	Select the Cipher suites in order of your preference and click the right arrow to add. Provides the Cipher suites for HTTPS of REST API.
Server Certificate	Select the server certificate for HTTPS of REST API.
Certificate	Specifies the certificate name to secure HTTPS connections. To add a local certificate: Click the + icon. The Add Local Certificate page is displayed. Enter the name and certificate content. Click OK. Select the certificate and click pencil icon to edit the certificate. Click the delete icon to delete the certificate.
System Services
FTP File Transfers	Select the checkbox to allow FTP file transfers to and from the device.
SSH Access	Select the checkbox to allow SSH access to the device.
Telnet Login	Select the checkbox to allow telnet access to the device.
NetConf Session	Select the checkbox to enable network configuration protocol connections.
RFC Complaint	Select the checkbox to enable the network configuration protocol sessions compliant to RFC 4741.
NetConf -> SSH	Select the checkbox to enable network configuration protocol connections over SSH connections.
HTTP Services	Select the checkbox to enable unencrypted HTTP connection settings.
HTTP Port	Select the TCP port for incoming HTTPS connections. The range is 1 through 65535.
Interface	Select interfaces that acccept http access.
HTTPS Services	Select the checkbox to enable encrypted HTTPS connection settings.
Interface	Select interfaces that acccept https access.
HTTPS Certificate	Select the certificate that you want to use to secure the connection from the HTTPS certificates list. This is applicable only if you allow HTTPS Services. local-certificate—Specifies the name of the local certificate to use. pki-local-certificate—Specifies the name of the certificate that is generated by public key infrastructure (PKI). system-generated-certificate—Specifies the automatically generated self-signed certificate for enabling HTTPS services.
HTTPS Port	Select the TCP port for incoming HTTPS connections. The range is from 1 through 65535. This is applicable only if you allow HTTPS Services.
SNMP
Location	Enter the location information where the device is physically located such as a lab name or a rack name.
Contact Information	Enter the contact information such as name and phone number of an administrator of the system.
System Description	Enter the description for the system.
Local Engine ID	Enter the MAC address of Ethernet management port 0. The local engine ID is unique identifier of an SNMPv3 engine for system identification. The local engine ID contains a prefix and a suffix. The prefix is formatted according to specifications defined in RFC 3411. The suffix is defined by the local engine ID. The local engine ID suffix is the MAC address of Ethernet management port 0.
Community	Existing SNMP communities are displayed in a table with the name and authorization for each community. You can perform the following actions: Add an SNMP community: Click + to add an SNMP community on the device. The Add SNMP Community page appears. Specify the following fields: Name—Specify the name of the SNMP community string. Authorization—Select the authorization for the SNMP community. If you select read-only, the user can read the information from the device by using the SNMP GET command. If you select read-write, in addition to reading the information, the user can also modify the configuration on the device using the SNMP SET command. Click OK. If the fields entered are valid, an SNMP community is created and a confirmation message is displayed at the top of the Modify Configuration page. Modify an SNMP community—Select an SNMP community and click the pencil icon to modify the settings. The Edit SNMP Community page appears, showing the same fields that are presented when you create an SNMP community. You can modify some of the fields on this page. See the preceding bullet for an explanation of the fields. Delete SNMP community entries—Select one or more SNMP community entries and click the X icon to delete the communities. The Warning page appears. Click Yes to confirm the deletion. The selected SNMP communities are deleted.
Trap Group	Existing SNMP trap groups are displayed in a table with the name and category for each trap group. You can perform the following actions: Add an SNMP trap group Click + to add an SNMP trap group on the device. The Add SNMP Trap Group page appears. In the Name field, specify the name of the SNMP trap group. Select the SNMP trap types or categories to be associated with the trap group. Click OK. If the fields entered are valid, an SNMP trap group is created and a confirmation message is displayed at the top of the Modify Configuration page. Modify an SNMP trap group—Select an SNMP trap group and click the pencil icon to modify the settings. The Edit SNMP Trap Group page appears, showing the same fields that are presented when you create an SNMP trap group. You can modify some of the fields on this page. See the preceding bullet for an explanation of the fields. Delete SNMP trap groups—Select one or more trap groups and click the X icon to delete the trap groups. The Warning page appears. Click Yes to confirm the deletion. The selected SNMP trap group are deleted.
Health Monitoring	Select the checkbox to enable the SNMP health monitor on the device. The health monitor periodically checks the following key indicators of device health: Percentage of file storage used Percentage of Routing Engine CPU used Percentage of Routing Engine memory used Percentage of memory used for each system process Percentage of CPU used by the forwarding process Percentage of memory used for temporary storage by the forwarding process
Interval	Select an interval to specify the sampling frequency interval, in seconds, over which the key health indicators are sampled and compared with the rising and falling thresholds. For example, if you configure the interval as 100 seconds, the values are checked every 100 seconds. The range is from 1 through 24855. The default value is 300 seconds.
Rising Threshold	Select a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator reaches or exceeds the rising threshold value. For example, if the rising threshold is 90, SNMP generates an event when the value of any key indicator reaches or exceeds 90 seconds. The range is from 1 through 100. The default value is 90 seconds.
Falling Threshold	Select a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator reaches or falls below the falling threshold value. For example, if the falling threshold is 80, SNMP generates an event when the value of any key indicator is 80 seconds or less. The range is from 0 through 100. The default value is 80 seconds.

Table 2: Add NTP Server Settings
Setting	Guideline
Name	Specify the name or IP address of the remote NTP server.
Key	Specify the key number used to encrypt authentication fields in all packets sent to the NTP server.
Version	Specify the version number used in outgoing NTP server packets.
Prefer	Specify the NTP server as the preferred server if you configured more than one.
Routing Instance	Enter the routing instance through which the server is reachable.

Modifying the Basic Configuration for Security Devices

Related Documentation