Discarding configuration changes for a Juniper SRX router/firewall
If you've been entering commands for configuration changes on a
Juniper Neworks
SRX router/firewall, which runs the
Juniper Network Operating System, Junos OS, but haven't committed those
changes to make them active, you can discard them using the command
rollback 0. which will replace the "candidate config", i.,e., the
one you've been editing, with the active configuration, which is also the
boot configuration.
root@Alder# rollback 0
load complete
[edit]
root@Alder#
The device can store multiple prior configurations and you can revert to
one of those other prior configurations, instead, using rollback n
where n is the number for the prior configuration. You can
also rollback to a saved "rescue" configuration with rollback
rescue. You an see a list of the stored configurations to which you can
revert using the command rollback ?.
[ More Info ]
[/security/firewalls/SRX]
permanent link
Allowing the untrusted interface on a Juniper SRX router/firewall to be pinged
If you wish to allow the
untrust interface, which is usually
the Internet-facing interface on a
Juniper
Networks SRX
router/
firewall
running the
Junos operating system, to be pinged from external systems, you can use the
command
set security zone security-zone untrust interface ge-0/0/0.0
host-inbound-traffic system-services ping after placing the device in
configuration mode with the
configure command, presuming, of
course, that the untrust interface is
ge-0/0/0.0. If it is some
other port on the router, substitute that port identifier, instead.
root@Alder> configure
Entering configuration mode
[edit]
root@Alder# set security zone security-zone untrust interface ge-0/0/0.0 host-inbound-traffic system-services ping
[edit]
root@Alder# commit
commit complete
[edit]
root@Alder#
Afer committing the configuration, you should be able to successfully
ping the IP
address of the untrusted, i.e., Internet side of the device.
[/security/firewalls/SRX]
permanent link
Creating a rescue configuration for a Juniper SRX Firewall
You can create a rescue configuration to be used in the event you make some
change to a
Juniper Networks SRX
router/
firewall, which runs
Junos OS,
that makes the device inaccessible. With a
rescue configuration saved
on the device, you can return the router/firewall to a known operational
state. The rescue configuration saved on the device can provide a last resort
means of quickly restoring the device to operational status. You can use
either the web-based
graphical user interface (GUI) method to create a saved rescue configuration
via a web browser connection to the system or a
command line interface (CLI)
method.
[ More Info ]
[/security/firewalls/SRX]
permanent link
Setting up a Juniper Networks SRX100 Router/Firewall
You can configure a Juniper Networks router/firewall, such as a
Dell J-SRX100H, which is manufacturered by Juniper Networks by connecting a
network cable between one of the 0/1 through 0/7 ports on the SRX100; don't use
the 0/0 port, because that is the default port for the "untrusted" side of the
device, i.e., for connections on the "outside" or Internet-facing side of the
device. If you have the connected device set to obtain an IP address by the
Dynamic Host Configuration Protocol (DHCP), it will be assigned an address from
the 192.168.1.1/24 subnet, 192.168.1.2. You can then log into the router
by opening a browser window and pointing the browser to http://192.168.1.1.
[ More Info ]
[/security/firewalls/SRX100]
permanent link
