Modifying the Basic Configuration for Security Devices
You can use the Basic Setup section on the Modify Configuration page to modify the basic configuration for a device. You can modify settings related to hostname and device name, system time, basic protocols, users, DNS, and SNMP.
Refer to the Junos OS documentation at https://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/ for a particular release and device. There you can find detailed information on the configuration parameters for that device.
To modify the basic configuration:
Setting |
Guideline |
---|---|
Hostname |
Modify the hostname of the device. |
Domain Name |
Modify the domain name in which the device is located. |
Root Password |
Enter an alphanumeric password. It must be from 6 up to 128 characters long. It can include uppercase letters, lowercase letters, numbers, punctuation marks, and other special characters. |
Confirm Password |
Re-enter the password for the root user. |
DNS Server |
Configure a Domain Name System (DNS) for a device. Specify a server that the device can use to resolve hostnames into addresses. To add a DNS Server:
You can also edit or delete the DNS Server. |
Domain Search |
Specifies the DNS domain name. To include the domain name of the device in a DNS search:
You can also edit or delete the existing DNS names. |
System Time Setting | |
Time Zone |
Select the local time zone in which the device is located. |
Time Source |
Specifies the method the device uses to set the system time. Sync with NTP Server synchronizes the system time with the NTP server that you select. |
NTP Server |
Existing NTP servers are displayed in a table with the server name, authentication key, NTP server version, and whether the server is preferred (True) or not (False). You can perform the following actions:
|
Management Access Configuration | |
Web API |
Select the checkbox to enable Web API configuration. |
Client |
Select the checkbox to enable web API client. |
Host Name |
Provides the address of permitted HTTP or HTTPS request originators. To add a hostname:
To edit the hostname, select the hostname and click the pencil icon. Click the delete icon to delete the hostname. |
HTTP |
Select the checkbox to enable unencrypted HTTP connection settings. |
HTTP Port |
Select a HTTP port. Provides TCP ports for incoming HTTP connections. The range is from 1 through 65535. |
HTTPS |
Select the checkbox to enable encrypted HTTPS connection settings. |
HTTPS Port |
Select a HTTPs port. Provides TCP ports for incoming HTTPS connections. The range is from 1 through 65535. |
Certificate Type |
Specifies the certificate that you want to use to secure the connection from the HTTPS certificates list when you enable HTTPs for Web API. Select an option:
|
User |
Select the checkbox to provide the user credential details. |
Name |
Enter the username. |
Password |
Enter the password. |
REST API |
Select the checkbox to enable REST API. Allows RPC execution over HTTP(S) connection. |
Explorer |
Select the checkbox to enable REST API explorer. |
Control |
Select the checkbox to specify the allowed source IP addresses and maximum number of simultaneous connections for the REST API process. |
Allowed Sources |
Specifies the source IP address for the REST API process. To add the source IP address for the REST API process:
|
Connection Limit |
Select the maximum number of simultaneous connections for the REST API process. |
HTTP |
Select the checkbox to enable unencrypted HTTP connections for REST API. |
Address |
Provides addresses for the incoming connections for HTTP of REST API. To add the address:
|
HTTP Port |
Select the HTTP port. Provides port to accept HTTP connections for REST API. The range is from 1024 through 65535. |
HTTPS |
Select the checkbox to enable encrypted HTTPS connections for REST API. |
Address |
Provides addresses for the incoming connections for HTTPS of REST API. To add the address:
|
HTTPS Port |
Select the port to accept the HTTPS connection of REST API. The range is 1024 through 65535. |
Cipher List |
Select the Cipher suites in order of your preference and click the right arrow to add. Provides the Cipher suites for HTTPS of REST API. |
Server Certificate |
Select the server certificate for HTTPS of REST API. |
Certificate |
Specifies the certificate name to secure HTTPS connections. To add a local certificate:
Select the certificate and click pencil icon to edit the certificate. Click the delete icon to delete the certificate. |
System Services | |
FTP File Transfers |
Select the checkbox to allow FTP file transfers to and from the device. |
SSH Access |
Select the checkbox to allow SSH access to the device. |
Telnet Login |
Select the checkbox to allow telnet access to the device. |
NetConf Session |
Select the checkbox to enable network configuration protocol connections. |
RFC Complaint |
Select the checkbox to enable the network configuration protocol sessions compliant to RFC 4741. |
NetConf -> SSH |
Select the checkbox to enable network configuration protocol connections over SSH connections. |
HTTP Services |
Select the checkbox to enable unencrypted HTTP connection settings. |
HTTP Port |
Select the TCP port for incoming HTTPS connections. The range is 1 through 65535. |
Interface |
Select interfaces that acccept http access. |
HTTPS Services |
Select the checkbox to enable encrypted HTTPS connection settings. |
Interface |
Select interfaces that acccept https access. |
HTTPS Certificate |
Select the certificate that you want to use to secure the connection from the HTTPS certificates list. This is applicable only if you allow HTTPS Services.
|
HTTPS Port |
Select the TCP port for incoming HTTPS connections. The range is from 1 through 65535. This is applicable only if you allow HTTPS Services. |
SNMP | |
Location |
Enter the location information where the device is physically located such as a lab name or a rack name. |
Contact Information |
Enter the contact information such as name and phone number of an administrator of the system. |
System Description |
Enter the description for the system. |
Local Engine ID |
Enter the MAC address of Ethernet management port 0. The local engine ID is unique identifier of an SNMPv3 engine for system identification. The local engine ID contains a prefix and a suffix. The prefix is formatted according to specifications defined in RFC 3411. The suffix is defined by the local engine ID. The local engine ID suffix is the MAC address of Ethernet management port 0. |
Community |
Existing SNMP communities are displayed in a table with the name and authorization for each community. You can perform the following actions:
|
Trap Group |
Existing SNMP trap groups are displayed in a table with the name and category for each trap group. You can perform the following actions:
|
Health Monitoring |
Select the checkbox to enable the SNMP health monitor on the device. The health monitor periodically checks the following key indicators of device health:
|
Interval |
Select an interval to specify the sampling frequency interval, in seconds, over which the key health indicators are sampled and compared with the rising and falling thresholds. For example, if you configure the interval as 100 seconds, the values are checked every 100 seconds. The range is from 1 through 24855. The default value is 300 seconds. |
Rising Threshold |
Select a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator reaches or exceeds the rising threshold value. For example, if the rising threshold is 90, SNMP generates an event when the value of any key indicator reaches or exceeds 90 seconds. The range is from 1 through 100. The default value is 90 seconds. |
Falling Threshold |
Select a value at which you want SNMP to generate an event (trap and system log message) when the value of a sampled indicator reaches or falls below the falling threshold value. For example, if the falling threshold is 80, SNMP generates an event when the value of any key indicator is 80 seconds or less. The range is from 0 through 100. The default value is 80 seconds. |
Setting |
Guideline |
---|---|
Name |
Specify the name or IP address of the remote NTP server. |
Key |
Specify the key number used to encrypt authentication fields in all packets sent to the NTP server. |
Version |
Specify the version number used in outgoing NTP server packets. |
Prefer |
Specify the NTP server as the preferred server if you configured more than one. |
Routing Instance |
Enter the routing instance through which the server is reachable. |