Juniper SRX – Getting Started

Reference: KB15694

Logging In for the First Time

After installing the SRX Series device, log in as the root user. There is initially no password for the root user. After you initially log in as root, the shell prompt (%) appears. Enter cli at the prompt to start the CLI and enter operational mode. The operational mode prompt is the right angle bracket (>).

To log in for the first time:

  1. At the login prompt, log in as root.
      SRX240 (ttyd0)
      login: root
      ** Welcome to JUNOS:                                              **
      **                                                                **
      **     To run the console configuration wizard, please run the    **
      **     command 'config-wizard' at the 'root%' prompt.             **
      **                                                                **
      **     To enter the JUNOS CLI, please run the command 'cli'.      **
      **                                                                **
  2. At the shell prompt, enter cli.
      root@% cli

    The CLI is started in operational mode.


There is initially no password for the root user, it is required that you set a password for the root user so that you can log in as superuser and gain root-level access to the device and commit the configuration changes that you make. If the root password is not set, you will not be able to commit any configurations. For more information, see Configuring the Root Password.

Edit Your Configuration

Enter configuration mode.

When you first log into the device, the device is in operational mode. You must explicitly enter configuration mode. When you do, the CLI prompt changes from user@host> to user@host# and the hierarchy level appears in square brackets.

user@host> configure



Create a statement hierarchy.

You can use the edit command to simultaneously create a hierarchy and move to that new level in the hierarchy. You cannot use the edit command to change the value of identifiers.

user@host# edit security zones security-zone myzone

[edit security zones security-zone myzone]


Create a statement hierarchy and set identifier values.

The set command is similar to edit except that your current level in the hierarchy does not change.

user@host# set security zones security-zone myzone


Navigate the Hierarchy

Navigate down to an existing hierarchy level.

user@host# edit security zones

[edit security zones]


Navigate up one level in the hierarchy.

[edit security zones]
user@host# up

[edit security]


Navigate to the top of the hierarchy.

[edit security zones]
user@host# top


Commit or Revert Changes

Commit your configuration.

user@host# commit
commit complete


Roll back changes from the current session.

Use the rollback command to revert all changes from the current configuration session. When you run the rollback command before exiting your session or committing changes, the software loads the most recently committed configuration onto the device. You must enter the rollback statement at the edit level in the hierarchy.

user@host# rollback
load complete

Exit Configuration Mode

Commit the configuration and exit configuration mode.

user@host# commit and-quit



Exit configuration mode without committing your configuration.

You must navigate to the top of the hierarchy using the up or top commands before you can exit configuration mode.

user@host# exit
The configuration has been changed but not committed
Exit with uncommitted changes? [yes,no] (yes)

Get Help

Display a list of valid options for the current hierarchy level.

[edit ]
user@host# edit security zones ?
Possible completions: <[Enter]>
Execute this command > functional-zone
Functional zone > security-zone
Security zones | Pipe through a command [edit]

Configuring the Name of the Router, IP Address, and System ID

The following example shows how to configure the router’s name, map the name to an IP address and alias, and configure a system identifier:

user@host# set system host-name srx240-firewall
user@host# set system static-host-mapping srx240-firewall inet
user@host# set system static-host-mapping srx240-firewall alias firewall
user@host# set system static-host-mapping srx240-firewall sysid 1921.6800.1077
user@host# show
system {
    host-name router-sj1;

    static-host-mapping {

        router-sj1 {
            alias sj1;
            sysid 1921.6800.1077;



Mau jadi Reseller Essenzo klik : Reseller Essenzo

Mau Belajar Bisnis Digital klik : Akademi Bisnis Digital

Bila berkenan, bagikan ke social media anda