Juniper SRX380 User manual

Category
Gateways/controllers
Type
User manual
SRX380 Services Gateway Hardware Guide
Published
2020-03-31
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in
the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks
are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
SRX380 Services Gateway Hardware Guide
Copyright © 2020 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with)
Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement
(“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you
agree to the terms and conditions of that EULA.
ii
Table of Contents
About the Documentation | vii
Documentation and Release Notes | vii
Using the Examples in This Manual | vii
Merging a Full Example | viii
Merging a Snippet | ix
Documentation Conventions | ix
Documentation Feedback | xii
Requesting Technical Support | xii
Self-Help Online Tools and Resources | xiii
Creating a Service Request with JTAC | xiii
Overview
1
SRX380 Services Gateway Overview | 15
Overview | 15
SRX380 Services Gateway FRUs | 16
Benefits of the SRX380 Services Gateway | 16
SRX380 Chassis | 17
SRX380 Chassis Overview | 17
SRX380 Front Panel | 17
Chassis Status LEDs | 19
Management Port and Network Port LEDs | 20
SRX380 Back Panel | 21
SRX380 Interface Modules Overview | 22
SRX380 Cooling System | 23
SRX380 Power System | 23
SRX380 Services Gateway Power Supply | 24
AC Power Supply LEDs on SRX380 Services Gateways | 25
Power Specifications for SRX380 Services Gateways | 25
AC Power Cord Specifications for SRX380 | 26
iii
Site Planning, Preparation, and Specifications
2
SRX380 Site Preparation Checklist | 29
SRX380 Site Guidelines and Requirements | 30
General Site Installation Guidelines for the SRX380 Services Gateway | 31
SRX380 Services Gateway Environmental Specifications | 31
SRX380 Services Gateway Electrical Wiring Guidelines | 32
SRX380 Services Gateway Physical Specifications | 33
SRX380 Services Gateway Clearance Requirements for Airflow and Hardware
Maintenance | 33
Rack Requirements | 34
Cabinet Requirements | 35
Initial Installation and Configuration
3
Unpacking and Mounting the SRX380 | 37
Unpacking the SRX380 Services Gateway | 37
Verifying Parts Received with the SRX380 Services Gateway | 38
Mounting the SRX380 Services Gateway in a Rack | 39
Connecting the SRX380 to Power | 42
Required Tools and Parts for Grounding the SRX380 Services Gateway | 42
Connecting the SRX380 Grounding Cable | 42
Connecting the SRX380 Services Gateway to an AC Power Supply | 44
Powering Off the SRX380 Services Gateway | 45
Connecting the SRX380 to External Devices | 47
Connecting an SRX380 to a Network for Out-of-Band Management | 47
Connecting an SRX380 to a Management Console by Using an RJ-45 Connector | 48
Connecting an SRX380 to a Management Console by Using the Mini-USB Type-B Console
Port | 49
Configuring Junos OS on the SRX380 | 50
Configure Root Authentication | 50
Plug and Play | 51
Configure the SRX380 Using J-Web | 52
Configuring the SRX380 Services Gateway Using CLI | 54
iv
Maintaining Components
4
Maintaining SRX380 Components | 60
Routine Maintenance Procedures for the SRX380 Services Gateway | 60
Maintaining the SRX380 Services Gateway Cooling System Components | 60
Maintaining the SRX380 Services Gateway Power Supply | 60
Removing and Installing SRX380 Power System Components | 61
Remove an AC Power Supply on SRX380 Devices | 62
Install an AC Power Supply on SRX380 Devices | 63
Removing and Installing Mini-PIMs | 65
Remove a Mini-Physical Interface Module | 65
Install a Mini-Physical Interface Module | 66
Contacting Customer Support and Returning the Chassis or Components
5
Returning the SRX380 Chassis or Components | 69
Contacting Customer Support | 69
Returning an SRX380 Services Gateway or Component to Juniper Networks | 70
Locating the Chassis Serial Number | 70
Locating the Mini-PIM Serial Number Label | 71
Listing the SRX380 Services Gateway Component Details by Using the CLI | 71
Required Tools and Parts for Packing the SRX Series Services Gateway | 72
Packing the SRX Series Services Gateway for Shipment | 72
Packing SRX Series Services Gateway Components for Shipment | 73
Safety and Compliance Information
6
Definitions of Safety Warning Levels | 76
General Safety Guidelines and Warnings | 79
Restricted Access Warning | 81
Qualified Personnel Warning | 84
Prevention of Electrostatic Discharge Damage | 84
v
Fire Safety Requirements | 86
Fire Suppression | 86
Fire Suppression Equipment | 86
Laser and LED Safety Guidelines and Warnings | 87
General Laser Safety Guidelines | 87
Class 1 Laser Product Warning | 88
Class 1 LED Product Warning | 89
Laser Beam Warning | 90
Radiation from Open Port Apertures Warning | 91
Maintenance and Operational Safety Guidelines and Warnings | 92
Battery Handling Warning | 93
Jewelry Removal Warning | 94
Lightning Activity Warning | 96
Operating Temperature Warning | 97
Product Disposal Warning | 99
Action to Take After an Electrical Accident | 100
General Electrical Safety Guidelines and Warnings | 100
AC Power Electrical Safety Guidelines | 101
SRX380 Services Gateway Agency Approvals | 102
SRX380 Services Gateway EMC Requirements | 104
Canada | 104
European Community | 104
Israel | 104
Japan | 105
United States | 105
BSMI Statement (Taiwan) | 105
vi
About the Documentation
IN THIS SECTION
Documentation and Release Notes | vii
Using the Examples in This Manual | vii
Documentation Conventions | ix
Documentation Feedback | xii
Requesting Technical Support | xii
Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX380 Services Gateway. After completing the installation and basic configuration
procedures covered in this guide, refer to the Junos OS documentation for information about further
software configuration.
Documentation and Release Notes
To obtain the most current version of all Juniper Networks
®
technical documentation, see the product
documentation page on the Juniper Networks website at https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the documentation, follow the
product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject matter experts.
These books go beyond the technical documentation to explore the nuances of network architecture,
deployment, and administration. The current list can be viewed at https://www.juniper.net/books.
Using the Examples in This Manual
If you want to use the examples in this manual, you can use the load merge or the load merge relative
command. These commands cause the software to merge the incoming configuration into the current
candidate configuration. The example does not become active until you commit the candidate configuration.
vii
If the example configuration contains the top level of the hierarchy (or multiple hierarchies), the example
is a full example. In this case, use the load merge command.
If the example configuration does not start at the top level of the hierarchy, the example is a snippet. In
this case, use the load merge relative command. These procedures are described in the following sections.
Merging a Full Example
To merge a full example, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration example into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following configuration to a file and name the file ex-script.conf. Copy the
ex-script.conf file to the /var/tmp directory on your routing platform.
system {
scripts {
commit {
file ex-script.xsl;
}
}
}
interfaces {
fxp0 {
disable;
unit 0 {
family inet {
address 10.0.0.1/24;
}
}
}
}
2. Merge the contents of the file into your routing platform configuration by issuing the load merge
configuration mode command:
[edit]
user@host# load merge /var/tmp/ex-script.conf
load complete
viii
Merging a Snippet
To merge a snippet, follow these steps:
1. From the HTML or PDF version of the manual, copy a configuration snippet into a text file, save the
file with a name, and copy the file to a directory on your routing platform.
For example, copy the following snippet to a file and name the file ex-script-snippet.conf. Copy the
ex-script-snippet.conf file to the /var/tmp directory on your routing platform.
commit {
file ex-script-snippet.xsl; }
2. Move to the hierarchy level that is relevant for this snippet by issuing the following configuration mode
command:
[edit]
user@host# edit system scripts
[edit system scripts]
3. Merge the contents of the file into your routing platform configuration by issuing the load merge
relative configuration mode command:
[edit system scripts]
user@host# load merge relative /var/tmp/ex-script-snippet.conf
load complete
For more information about the load command, see CLI Explorer.
Documentation Conventions
Table 1 on page x defines notice icons used in this guide.
ix
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware
damage.
Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page x defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type
the configure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on
the terminal screen.
Fixed-width text like this
A policy term is a named structure
that defines match conditions and
actions.
Junos OS CLI User Guide
RFC 1997, BGP Communities
Attribute
Introduces or emphasizes important
new terms.
Identifies guide names.
Identifies RFC and Internet draft
titles.
Italic text like this
x
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
Configure the machine’s domain
name:
[edit]
root@# set system domain-name
domain-name
Represents variables (options for
which you substitute a value) in
commands or configuration
statements.
Italic text like this
To configure a stub area, include
the stub statement at the [edit
protocols ospf area area-id]
hierarchy level.
The console port is labeled
CONSOLE.
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy
levels; or labels on routing platform
components.
Text like this
stub <default-metric metric>;Encloses optional keywords or
variables.
< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between the
mutually exclusive keywords or
variables on either side of the symbol.
The set of choices is often enclosed
in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamic MPLS
only
Indicates a comment specified on the
same line as the configuration
statement to which it applies.
# (pound sign)
community name members [
community-ids ]
Encloses a variable for which you can
substitute one or more values.
[ ] (square brackets)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
Identifies a level in the configuration
hierarchy.
Indention and braces ( { } )
Identifies a leaf statement at a
configuration hierarchy level.
; (semicolon)
GUI Conventions
xi
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
In the Logical Interfaces box, select
All Interfaces.
To cancel the configuration, click
Cancel.
Represents graphical user interface
(GUI) items you click or select.
Bold text like this
In the configuration editor hierarchy,
select Protocols>Ospf.
Separates levels in a hierarchy of
menu selections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You can use either
of the following methods:
Online feedback system—Click TechLibrary Feedback, on the lower right of any page on the Juniper
Networks TechLibrary site, and do one of the following:
Click the thumbs-up icon if the information on the page was helpful to you.
Click the thumbs-down icon if the information on the page was not helpful to you or if you have
suggestions for improvement, and use the pop-up form to provide feedback.
E-mail—Send your comments to [email protected]. Include the document or topic name,
URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC).
If you are a customer with an active Juniper Care or Partner Support Services support contract, or are
xii
covered under warranty, and need post-sales technical support, you can access our tools and resources
online or open a case with JTAC.
JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User
Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
Product warranties—For product warranty information, visit https://www.juniper.net/support/warranty/.
JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week,
365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called
the Customer Support Center (CSC) that provides you with the following features:
Find CSC offerings: https://www.juniper.net/customers/support/
Search for known bugs: https://prsearch.juniper.net/
Find product documentation: https://www.juniper.net/documentation/
Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
Download the latest versions of software and review release notes:
https://www.juniper.net/customers/csc/software/
Search technical bulletins for relevant hardware and software notifications:
https://kb.juniper.net/InfoCenter/
Join and participate in the Juniper Networks Community Forum:
https://www.juniper.net/company/communities/
Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool:
https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC
You can create a service request with JTAC on the Web or by telephone.
Visit https://myjuniper.juniper.net.
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
https://support.juniper.net/support/requesting-support/.
xiii
1
CHAPTER
Overview
SRX380 Services Gateway Overview | 15
SRX380 Chassis | 17
SRX380 Cooling System | 23
SRX380 Power System | 23
SRX380 Services Gateway Overview
IN THIS SECTION
Overview | 15
SRX380 Services Gateway FRUs | 16
Benefits of the SRX380 Services Gateway | 16
Overview
The Juniper Networks SRX380 Services Gateway consolidates security, routing, and switching to provide
an all-in-one networking platform for software-defined WAN (SD-WAN) and next-generation firewall
(NGFW) deployments. The SRX380 is designed for enterprise (large branch offices, small campus, SD-WAN)
and service provider (managed WAN CPE, SD-WAN) deployments.
The SRX380 Services Gateway is 1 rack unit (U) tall and provides high port density with 16 on-board
PoE-enabled 1-Gigabit Ethernet ports and 4 10-Gigabit Ethernet ports that support small form-factor
pluggable plus (SFP+) transceivers. All the ports support AES-256 MACsec encryption. The SRX380 has
a 100 GB on-board Serial Advanced Technology Attachment (SATA) solid-state drive (SSD).
The SRX380 supports dual power supplies and up to four Mini-Physical Interface Modules (Mini-PIMs).
Figure 1 on page 15 shows the SRX380 Services Gateway.
Figure 1: SRX380 Services Gateway
g100932
Key features supported on the SRX380 include VPN, Intrusion Detection and Prevention (IDP), AppSecure,
Juniper Networks Sky Advanced Threat Prevention (Sky ATP), and UTM. For more information about the
features supported on the SRX380 Services Gateway, see Feature Explorer.
15
You can manage the SRX380 Services Gateway by using the same interfaces that you use for managing
other devices that run Junos OS—the CLI, the J-Web graphical interface, and Junos Space.
The first supported version of Junos OS for the SRX380 Services Gateway is Release 20.1R1.
This video provides a brief overview of the SRX380.
Video: SRX380 Hardware Overview
SRX380 Services Gateway FRUs
Field-replaceable units (FRUs) are components that you can replace at your site. The FRUs in the SRX380
Services Gateway are:
Power supplies
If only one power supply is installed in your device, you must power off the device before removing the
power supply.
Mini-PIMs
The Mini-PIMs are not hot-swappable. You must power off the device before removing or installing
Mini-PIMs.
NOTE: If you have a Juniper J-Care service contract, register any addition, change, or upgrade
of hardware components at https://www.juniper.net/customers/support/tools/updateinstallbase/.
Failure to do so can result in significant delays if you need replacement parts. This note does
not apply if you replace existing components with the same type of component.
Benefits of the SRX380 Services Gateway
Multiple WAN connectivity options—The SRX380 supports multiple options such as Ethernet, serial,
T1/E1, VDSL2, Wi-Fi, and 3G/4G LTE wireless for WAN or Internet connectivity to link sites.
Comprehensive security—The SRX380 provides security in every layer with AES-256 MACsec encryption,
IPS, UTM, Juniper Sky Advanced Threat Prevention, and Application Security for protection against
potential vulnerabilities.
16
SRX380 Chassis
IN THIS SECTION
SRX380 Chassis Overview | 17
SRX380 Front Panel | 17
SRX380 Back Panel | 21
SRX380 Interface Modules Overview | 22
The SRX380 Services Gateway chassis is a rigid sheet metal structure that houses all of the other
components.
SRX380 Chassis Overview
The SRX380 chassis installs in standard 800–mm (or larger) enclosed cabinets, 19-in. equipment racks, or
telecommunications open-frame racks.
CAUTION: Before removing or installing components of a functioning services gateway,
attach an electrostatic discharge (ESD) strap to an ESD point and place the other end
of the strap around your bare wrist. Failure to use an ESD strap could result in damage
to the device.
The services gateway must be connected to earth ground during normal operation. The protective earthing
terminal on the side of the chassis is provided to connect the services gateway to ground.
SRX380 Front Panel
Figure 2 on page 18 shows the front panel of the SRX380. Table 3 on page 18 provides details about the
front panel components.
17
Figure 2: SRX380 Services Gateway Front Panel
g100930
ALARM
PWR
A
HA
mPIM1
mPIM2
mPIM3
mPIM4
mPIM
1
2
T TS
3 4
0 / 8 0/9 0 / 10 0/ 11 0 / 12 0 / 13 0 / 14 0/ 15 0 / 16 0 / 17 0/ 18 0 / 19
1
2
4
6791011 8
21
4
5
3
Table 3: SRX380 Services Gateway Front Panel Components
DescriptionComponentCallout
Indicate component and system status.LEDs1
Returns the services gateway to the rescue configuration or
the factory-default configuration.
Reset Config button2
Accepts a Mini-B type USB cable plug. A USB cable with
Mini-B and Type A USB plugs is supplied with the services
gateway. To use the mini-USB console port, you must
download a USB driver to the management device from the
Downloads page at
https://www.juniper.net/support/downloads/?p=junos-srx#sw.
To download the driver for Windows OS, select 6.5 from the
Version drop-down list.
To download the driver for Mac OS, select 4.10 from the
Version drop-down list.
Mini-USB console port3
Four slots for Mini-PIMs, which can provide LAN and WAN
functionality along with connectivity to various media types.
Mini-PIM slots4
ESD outlet5
Four 1 or 10-Gigabit Ethernet SFP or SFP+ ports for network
traffic.
1-Gigabit Ethernet or
10-Gigabit Ethernet SFP
or SFP+ ports
6
18
Table 3: SRX380 Services Gateway Front Panel Components (continued)
DescriptionComponentCallout
Sixteen 1-Gigabit Ethernet LAN ports that are PoE-enabled.
The ports have the following characteristics:
Use an RJ-45 connector
Operate in full-duplex and half-duplex modes
Support autonegotiation
The ports can be used to:
Function as front-end network ports
Provide LAN and WAN connectivity to hubs, switches,
local servers, and workstations
Forward incoming data packets to the services gateway
Receive outgoing data packets from the services gateway
1-Gigabit Ethernet ports7
Use the management (MGMT) port to connect to the device
over the network.
Management port8
One USB port that accepts a USB storage device.USB port9
Supports RS-232 serial ports.RJ-45 console port10
Use the Power button to shut down the services gateway.Power button11
NOTE: The SRX380 ships with tamperproof labels for the Mini-PIM slots and SSD slots.
Chassis Status LEDs
Figure 3 on page 20 shows the LEDs on the front panel of the SRX380.
19
Figure 3: SRX380 Services Gateway Front Panel LEDs
g100931
A
1
2
T T
4
Table 4 on page 20 lists the front panel LEDs.
Table 4: SRX380 Services Gateway Front Panel LEDs
DescriptionComponent
Solid amber (noncritical alarm)
Solid red (critical alarm)
Off (no alarms)
ALARM
Solid green (operating normally)
Solid red (error detected)
STAT
Solid green (receiving power)
Solid amber (Power-off triggered)
Off (no power)
PWR
Solid green (all HA links are available)
Solid amber (some HA links are unavailable)
Solid red (HA links are not functional)
Off (HA is disabled)
HA
Solid green (Mini-PIM is functioning normally)
Solid red (Mini-PIM hardware failure)
Off (Mini-PIM is not installed or Mini-PIM is not
detected by the device)
mPIM1, mPIM2, mPIM3, and mPIM4
Management Port and Network Port LEDs
The management port and network port have two LEDs each that indicate the link activity and status of
the ports. Figure 4 on page 21 shows the LEDs.
Table 5 on page 21 describes the management port and network port LEDs.
20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105

Juniper SRX380 User manual

Category
Gateways/controllers
Type
User manual

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI