SRX Services Gateway
Highlighted
SRX Services Gateway

SRX240 setup problems

‎05-04-2018 05:54 PM

I am a novice at JunOS and am just getting my feet wet in setting up this SRX240 device. I got past the first stumble which was the device not running JWeb until a root password was set, and now have JWeb running.

 

This device is being used to run an extensive home network that has approximately 120 devices hooked up to it - bitcoin miners, 8-10 computers at any one time, multiple NAS devices with ~100 TB storage, 2 PS4s, 2 Xboxes, TVs, Blu-ray players, a stereo running an internet radio, etc. I previously was running this through a Netgear Nighthawk R8000 but found that the R8000 was overheating and needing frequent resets. Therefore I upped my game to a router that could handle the traffic. My hope is to eventually bring my business server in house instead of using a hosting service.

 

Two issues (at least) now. I ran through the setup wizard and set up port 0 as the internet port connected to the cable modem, set up a DMZ on ports 2-4 for future use of my business web site, and set ports 5-15 up as Internal. I then set a zone policy (temporarily) with all services and ports open on the Internal network. I am a newbie at JunOS, and just wanted to test the configuration. I will of course later set up some restrictions on the Internal network.

 

First of all, when using the wizard the SRX240 creates a vlan1 connection that supposedly contains all of the chassis ports 5-15, but although it asks about what connections to allow the wizard apparently does not create a zone policy for these chassis ports. I had to go and manually add a policy for each of these ports.

 

The SRX240 was then able to connect all my computers and bitcoin miners, and I had full access to the web as expected. I was not able to set up a connection to the PS4s. When I went to the PS4s "setup a network connection" and tried automatically to obtain an IP address from DHCP it failed. I then set up a manual IP address on the PS4s on the 192.168.1.* subnet but connection testing failed. I understand the PS4 uses NAT to connect, but I do not know how to set this up on the Juniper router yet.

 

I also tried to connect the Netgear Nighthawk R8000 router in AP mode. The R8000 should have been assigned an IP on the 192.168.1.* subdomain, but this did not happen. Various attempts have shown the R8000 to continue to keep it's original 192.168.1.1 IP, or switch to 10.0.0.1. I am not sure what I need to do to get the SRX240 to assign it an IP in the 192.168.1.* subdomain.

 

I know that this is a lot of information, and I am asking a lot of questions. I appreciate any help that you can give me. I am an engineer by training and am pretty good at picking up this stuff, but I am also a cardiologist and this is really a weekend warrior project for me. Any help that you can provide would be greatly appreciated.

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: SRX240 setup problems

‎05-04-2018 06:43 PM

If you post your config with passwords removed as well as what ports the PS4 and Nighthawk are connected to we can take a look. Also, expect to get about 600-700Mb/s of aggregate real-world throughput with an srx240.

Highlighted
SRX Services Gateway

Re: SRX240 setup problems

‎05-05-2018 03:15 AM

First of all, when using the wizard the SRX240 creates a vlan1 connection that supposedly contains all of the chassis ports 5-15, but although it asks about what connections to allow the wizard apparently does not create a zone policy for these chassis ports. I had to go and manually add a policy for each of these ports.

 

I assume this created a vlan.1 interface with your layer 3 gateway address and made ports 5-15 members of this associated VLAN.

 

Then the interface vlan.1 is assigned to your Internal zone.

 

This would be the correct setup.  The physical interfaces are layer two bridged into the VLAN.  Only layer 3 interfaces need to be declared in the zone setup.

 

When I went to the PS4s "setup a network connection" and tried automatically to obtain an IP address from DHCP it failed. I then set up a manual IP address on the PS4s on the 192.168.1.* subnet but connection testing failed. I understand the PS4 uses NAT to connect, but I do not know how to set this up on the Juniper router yet.

 

To get DHCP active on your internal network for clients you will need to choose a pool range that you will not use for static devices and setup the DHCP parameters.  In Jweb this is under Services.

 

Your outbound internet NAT is working already since you have web access.  The main thing to confirm is that both DNS and the SRX gateway are correct here as both are needed to make the connection.  Also some gaming services have strict nat setup checks what is the specific error you get here.

 

I also tried to connect the Netgear Nighthawk R8000 router in AP mode. The R8000 should have been assigned an IP on the 192.168.1.* subdomain, but this did not happen.

 

This should also be fixed when you add DHCP to the subnet.

 

You might also find these two free books helpful.

 

https://forums.juniper.net/t5/Day-One-Books/Day-One-Book-Configuring-SRX-Series-with-J-Web/ba-p/6152...

 

https://forums.juniper.net/t5/Day-One-Books/Day-One-Book-Deploying-SRX-Series-Services-Gateways/ba-p...

 

The newest SRX book at the top of the forum will be for the SRX300 series and new Junos that what your SRX240 can run as a retiring hardware platform.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Feedback