Professional Documents
Culture Documents
Product Description
Juniper Networks® SRX300 line of firewalls delivers a next-generation firewall (NGFW)
and a secure SD-WAN solution that supports the changing needs of enterprise networks.
Whether rolling out new services and applications across locations, connecting to the
cloud, or trying to achieve operational efficiency, the SRX300 line helps organizations
Product Overview realize their business objectives while providing scalable, easy to manage, secure
connectivity and advanced threat mitigation capabilities. Next-generation firewall and
The SRX300 line of firewalls content security capabilities make detecting and proactively mitigating threats easier while
combines effective security, SD- improving the user and application experience.
WAN, routing, switching and
The SRX300 line consists of five models:
WAN interfaces with next-
generation firewalls and • SRX300: Securing small branch or retail offices, the SRX300 Firewall consolidates
advanced threat mitigation security, routing, switching, and WAN connectivity in a small desktop device. The
capabilities for cost-effective, SRX300 supports up to 1.9 Gbps firewall and 336 Mbps IPsec VPN in a single, cost-
secure connectivity across effective networking and security platform.
distributed enterprise locations. • SRX320: Securely connecting small distributed enterprise branch offices, the
By consolidating fast, highly SRX320 Firewall consolidates security, routing, switching, and WAN connectivity in a
available switching, routing, small desktop device. The SRX320 supports up to 1.9 Gbps firewall and 336 Mbps
security, and next-generation IPsec VPN in a single, consolidated, cost-effective networking and security platform.
firewall capabilities in a single
• SRX340: Securely connecting midsize distributed enterprise branch offices, the
device, enterprises can remove
SRX340 firewall consolidates security, routing, switching, and WAN connectivity in a 1
network complexity, protect and
U form factor. The SRX340 supports up to 4.7 Gbps firewall and 733 Mbps IPsec VPN
prioritize their resources, and
in a single, cost-effective networking and security platform.
improve user and application
experience while lowering the • SRX345: Best suited for midsize to large distributed enterprise branch offices, the
total cost of ownership (TCO). SRX345 Firewall consolidates security, routing, switching, and WAN connectivity in a
1 U form factor. The SRX345 supports up to 5 Gbps firewall and 977 Mbps IPsec VPN
in a single, consolidated, cost-effective networking and security platform.
• SRX380: A high-performance and secure SD-WAN gateway, the SRX380 offers
superior and reliable WAN connectivity while consolidating security, routing, and
switching for distributed enterprise offices. The SRX380 features greater port density
than other SRX300 models, with 16x1GbE PoE+ and 4x10GbE ports, and includes
redundant dual power supplies, all in a 1 U form factor. The SRX380 supports up to
20Gbps firewall and 4.4 Gbps IPSec VPN in a single, consolidated, cost-effective
networking and security platform.
1
SRX300 Line of Firewalls for the Branch Datasheet
SRX300 Highlights Juniper meets customers where they are on their journey, helps
The SRX300 line of firewalls consists of secure SD-WAN routers them leverage their existing investments, and empowers them to
that bring high performance and proven deployment capabilities to transition to their preferred architecture at the best pace for
enterprises that need to build a worldwide network of thousands of business by automating their transition with Security Director
remote sites. WAN or Internet connectivity and Wi-Fi module Cloud.
options include:
• Ethernet, T1/E1, ADSL2/2+, and VDSL Juniper Secure Edge
• 3G/4G LTE wireless
Secure the remote workforce anywhere with the fast, reliable, and
• 802.11ac Wave 2 Wi-Fi
secure access they need. Juniper Secure Edge delivers full-stack
Security Service Edge (SSE) capabilities, including FWaaS, SWG,
CASB with DLP, ZTNA, and advanced threat protection. It helps
Comprehensive Security Suite
organizations protect access to web, SaaS, and on-premises
The SRX300 line offers a comprehensive suite of application
applications and keep users secure wherever they are located.
security services, threat defenses and intelligence services. The
services include intrusion prevention system (IPS), application Juniper Secure Edge, managed by Security Director Cloud, uses a
security user role-based firewall controls, and cloud-based antivirus, single policy framework that enables security policies to be created
anti-spam, and enhanced Web filtering, protecting networks from once and applied anywhere and follows users, devices, and
the latest content-borne threats. Integrated threat intelligence via applications wherever they go. Customers don't have to start from
Juniper Networks SecIntel offering adaptive threat protection scratch when adopting cloud-delivered security. With our three-
against Command and Control (C&C)-related botnets and policy click wizard, customers can easily leverage existing campus edge
enforcement based on GeoIP. Customers can also leverage their policies and translate them into an SSE policy. Because it uses a
custom and third-party feeds to protect their networks from single policy framework regardless of the deployment model,
advanced malware and other threats. Integrating the Juniper Secure Edge migrates existing security policies from traditional
Networks Advanced Threat Protection solution, the SRX300 line deployments to its cloud-delivered model in clicks, reducing
detects and enforces automated protection against known malware misconfigurations and risk.
and zero-day threats with a very high degree of accuracy. Whether securing remote users, campus and branch locations,
private cloud, public cloud, or hybrid cloud data centers, Juniper
provides unified management and unbroken visibility across all
Security Director Cloud
architectures. This makes it easy for ops teams to easily and
As Juniper's simple and seamless management experience, Security effectively bridge their current investments with their future
Director Cloud is delivered in a single UI to connect customers' architectural goals, including SASE.
current deployments with their future architectural rollouts.
Juniper has been consistently validated by multiple third-party tests
Management is at the center of the Juniper Connected Security
as the most effective security technology on the market for the
strategy and helps organizations secure every point of connection
past three years, with 100% security efficacy across all use cases.
on their network to safeguard users, applications, and
infrastructure.
Security Director Cloud enables organizations to secure their
architecture with consistent security policies across any
environment—on-premises, cloud-based, cloud-delivered, and
hybrid—and expands zero trust to all parts of the network from the
edge into the data center and to the applications and microservices.
With Security Director Cloud, organizations have unbroken
visibility, policy configuration, administration, and collective threat
intelligence all in one place.
2
SRX300 Line of Firewalls for the Branch Datasheet
3
SRX300 Line of Firewalls for the Branch Datasheet
Business continuity Stateful high availability (HA), IP • Uses stateful HA to synchronize configuration and firewall sessions
monitoring • Supports multiple WAN interfaces with dial-on-demand backup
• Route/link failover based on real-time link performance
SD-WAN Better end-user application and cloud • ZTP simplifies remote device provisioning
experience and lower operational • Advanced Policy-Based Routing (APBR) orchestrates business intent policies across the enterprise WAN
costs
• Application quality of experience (AppQoE) measures application SLAs and improves the end-user experience
• Controls and prioritizes traffic based on application and user role
End-user experience WAN assurance • Complements the Juniper Secure SD-WAN solution with AI-powered automation and service levels
• Provides visibility and insights into users, applications, WAN links, control, data plane, and CPU for proactive remediation
Highly secure IPsec VPN, Remote Access/SSL VPN, • Creates secure, reliable, and fast overlay links over public internet
Media Access Control Security • Employs anti-counterfeit features to protect from unauthorized hardware spares
(MACsec)
• Includes high-performance CPU with built-in hardware to assist IPsec acceleration
• Provides TPM-based protection of device secrets such as passwords and certificates
• Offers secure and flexible remote access SSL VPN with Juniper Secure Connect
Threat protection IPS, antivirus, anti-spam, enhanced • Provides real-time updates to IPS signatures and protects against exploits
web filtering, Juniper Advanced • Protects from zero-day attacks
Threat Prevention Cloud, Encrypted
Traffic Insights, and Threat • Implements industry-leading antivirus and URL filtering
Intelligence Feeds • Integrates open threat intelligence platform with third-party feeds
• Restores visibility that was lost due to encryption without the heavy burden of full TLS/SSL decryption
Application visibility On-box GUI, Security Director • Application updates are provided continually provided by Juniper Threat Labs
• Inspects and detects applications inside the SSL-encrypted traffic
Easy to manage and On-box GUI, Security Director • Includes centralized management for auto-provisioning, firewall policy management, Network Address Translation (NAT),
scale and IPsec VPN deployments, or simple, easy-to-use on-box GUI for local management
Minimize TCO Junos OS • Integrates routing, switching, and security in a single device
• Reduces operation expense with Junos automation capabilities
4
SRX300 Line of Firewalls for the Branch Datasheet
SRX300 Specifications
Software Specifications
Firewall Services
Routing Protocols
• Stateful and stateless firewall
• IPv4, IPv6, ISO, Connectionless Network Service (CLNS)
• Zone-based firewall
• Static routes
• Screens and distributed denial of service (DDoS) protection
• RIP v1/v2
• Protection from protocol and traffic anomaly
• OSPF/OSPF v3
• Integration with Pulse Unified Access Control (UAC)
• BGP with Route Reflector
• Integration with Aruba Clear Pass Policy Manager
• IS-IS
• User role-based firewall
• Multicast: Internet Group Management Protocol (IGMP) v1/v2,
• SSL Inspection (Forward-proxy)
Protocol Independent Multicast (PIM) sparse mode (SM)/dense
mode (DM)/source-specific multicast (SSM), Session
Description Protocol (SDP), Distance Vector Multicast Routing Network Address Translation (NAT)
Protocol (DVMRP), Multicast Source Discovery Protocol
• Source NAT with Port Address Translation (PAT)
(MSDP), Reverse Path Forwarding (RPF)
• Bidirectional 1:1 static NAT
• Encapsulation: VLAN, Point-to-Point Protocol (PPP), Frame
• Destination NAT with PAT
Relay, High-Level Data Link Control (HDLC), serial, Multilink
• Persistent NAT
Point-to-Point Protocol (MLPPP), Multilink Frame Relay
• IPv6 address translation
(MLFR), and Point-to-Point Protocol over Ethernet (PPPoE)
• Virtual routers
• Policy-based routing, source-based routing VPN Features
• Equal-cost multipath (ECMP) • Tunnels: Site-to-Site, Hub and Spoke, Dynamic Endpoint,
AutoVPN, ADVPN, Group VPN (IPv4/ IPv6/ Dual Stack)
• Juniper Secure Connect: Remote access / SSL VPN
QoS Features
• Configuration payload: Yes
• Support for 802.1p, DiffServ code point (DSCP), EXP
• IKE Encryption algorithms: Prime, DES-CBC, 3DES-CBC, AEC-
• Classification based on VLAN, data-link connection identifier
CBC, AES-GCM, SuiteB
(DLCI), interface, bundles, or multifield filters
• IKE authentication algorithms: MD5, SHA-1, SHA-128,
• Marking, policing, and shaping
SHA-256, SHA-384
• Classification and scheduling
• Authentication: Pre-shared key and public key infrastructure
• Weighted random early detection (WRED)
(PKI) (X.509)
• Guaranteed and maximum bandwidth
• IPsec (Internet Protocol Security): Authentication Header
• Ingress traffic policing
(AH) / Encapsulating Security Payload (ESP) protocol
• Virtual channels
• IPsec Authentication Algorithms: hmac-md5, hmac-sha-196,
• Hierarchical shaping and policing
hmac-sha-256
• IPsec Encryption Algorithms: Prime, DES-CBC, 3DES-CBC,
Switching Features AEC-CBC, AES-GCM, SuiteB
• Perfect forward secrecy, anti-reply
• ASIC-based Layer 2 Forwarding
• Internet Key Exchange: IKEv1, IKEv2
• MAC address learning
• Monitoring: Standard-based dead peer detection (DPD)
• VLAN addressing and integrated routing and bridging (IRB)
support, VPN monitoring
support
• VPNs GRE, IP-in-IP, and MPLS
• Link aggregation and LACP
• LLDP and LLDP-MED
• STP, RSTP, MSTP
• MVRP
• 802.1X authentication
5
SRX300 Line of Firewalls for the Branch Datasheet
• Juniper real-time performance monitoring (RPM) and IP- Advanced Routing Services
monitoring • Packet mode
• Juniper flow monitoring (J-Flow)1 • MPLS (RSVP, LDP)
• Bidirectional Forwarding Detection (BFD) • Circuit cross-connect (CCC), translational cross-connect (TCC)
• Two-Way Active Measurement Protocol (TWAMP) • L2/L3 MPLS VPN, pseudowires
• IEEE 802.3ah Link Fault Management (LFM) • Virtual private LAN service (VPLS), next-generation multicast
• IEEE 802.1ag Connectivity Fault Management (CFM) VPN (NG-MVPN)
• MPLS traffic engineering and MPLS fast reroute
1
Offered as advanced security services subscription licenses.
6
SRX300 Line of Firewalls for the Branch Datasheet
Hardware Specifications
Specification SRX300 SRX320 SRX340 SRX345 SRX380
Connectivity
Total onboard ports 8x1GbE 8x1GbE 16x1GbE 16x1GbE 20 (16x1GbE, 4x10GbE)
Onboard RJ-45 ports 6x1GbE 6x1GbE 8x1GbE 8x1GbE 16x1GbE
Onboard small form-factor 2x1GbE 2x1GbE 8x1GbE 8x1GbE 4x10GbE SFP+
pluggable (SFP) transceiver ports
MACsec-capable ports 2x1GbE 2x1GbE 16x1GbE 16x1GbE 16x1GbE
4x10GbE
Out-of-band (OOB) 0 0 1x1GbE 1x1GbE 1x1GbE
management ports
Mini PIM (WAN) slots 0 2 4 4 4
Console (RJ-45 + miniUSB) 1 1 1 1 1
USB 3.0 ports (type A) 1 1 1 1 1
PoE+ ports N/A 62 0 0 16
7
SRX300 Line of Firewalls for the Branch Datasheet
2
SRX320 with PoE+ ports available as a separate SKU: SRX320-POE.
3
SRX345 with dual AC PSU model.
4
SRX320 non PoE model.
5
SRX320-POE with 6 ports PoE+ model.
6
SRX345 with DC power supply (operating temperature as per GR-63 Issue 4 2012 test criteria).
7
As per GR63 Issue 4 (2012) test criteria.
8
Throughput numbers based on UDP packets and RFC2544 test methodology.
9
Throughput numbers based on HTTP traffic with 44 KB transaction size.
10
Route scaling numbers are with enhanced route-scale features turned on.
11
Next-Generation firewall performance is measured with Firewall, Application Security and IPS enabled using 64KB transactions
12
Secure Web Access firewall performance is measured with Firewall, Application Security, IPS, SecIntel, and URL Filtering enabled using 64KB transactions
8
SRX300 Line of Firewalls for the Branch Datasheet
9
SRX300 Line of Firewalls for the Branch Datasheet
10
SRX300 Line of Firewalls for the Branch Datasheet
Accessories
Product Description
Number
SRX300-RMK0 SRX300 rack mount kit with adaptor tray
SRX300-RMK1 SRX300 rack mount kit without adaptor tray
SRX300-WALL-KIT0 SRX300 wall mount kit with brackets
SRX320-P-RMK0 SRX320-POE rack mount kit with adaptor tray
SRX320-P-RMK1 SRX300-POE rack mount kit without adaptor tray
SRX320-RMK0 SRX320 rack mount kit with adaptor tray
SRX320-RMK1 SRX320 rack mount kit without adaptor tray
SRX320-WALL-KIT0 SRX320 wall mount kit with brackets
SRX34X-RMK SRX340 and SRX345 rack mount kit
EX-4PST-RMK SRX380 rack mount kit
JSU-SSD-MLC-100 Juniper Storage Unit, SSD, MLC, 100GB
JPSU-600-AC-AFO SRX380 600W AC PSU, front-to-back
or +1.408.745.2000
www.juniper.net
Copyright 2023 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no
responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Published
2023-08-15
ii
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc.
in the United States and other countries. All other trademarks, service marks, registered marks, or registered service
marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right
to change, modify, transfer, or otherwise revise this publication without notice.
The information in this document is current as of the date on the title page.
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related
limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use
with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License
Agreement ("EULA") posted at https://support.juniper.net/support/eula/. By downloading, installing or using such
software, you agree to the terms and conditions of that EULA.
iii
Table of Contents
About This Guide | vii
1 Overview
SRX300 Firewall Overview | 2
SRX300 Chassis | 3
Rack Requirements | 20
Cabinet Requirements | 21
Required Tools and Parts for Grounding the SRX300 Services Gateway | 37
Connecting the Dial-Up Modem to the Console Port on the SRX300 Services Gateway | 41
Configure the Device Using ZTP with Juniper Networks Network Service Controller | 53
4 Maintaining Components
Maintaining the SRX300 Components | 56
5 Troubleshooting Hardware
Troubleshooting the SRX300 | 58
Locating the SRX300 Firewall Chassis Serial Number and Agency Labels | 65
Battery-Handling Warning | 80
Use this guide to install hardware and perform initial software configuration, routine maintenance, and
troubleshooting for the SRX300 Firewall. After completing the installation and basic configuration
procedures covered in this guide, refer to the Junos OS documentation for information about further
software configuration.
RELATED DOCUMENTATION
Overview
SRX300 Chassis | 3
IN THIS SECTION
The SRX300 Firewall consolidates networking and security capabilities for small retail offices. The
services gateway provides cost-effective, scalable integration of routing, security, and switching in a
single device. The SRX300 Firewall provides firewall support with key features such as IP security (IPsec)
VPN and Content Security .
With a desktop form-factor chassis, the SRX300 Firewall has eight 1 G Ethernet ports, two 1 G SFP
ports, 4 GB of DRAM memory, and 8 GB of flash memory.
The SRX300 Firewall runs the Junos operating system (Junos OS) and supports the following features:
• High availability
• QoS
• MPLS
You can manage the SRX300 Firewall by using the same interfaces that you use for managing other
devices that run Junos OS—the CLI, the J-Web graphical interface, and Junos Space.
• High performance—The SRX300 supports up to 1-Gbps firewall and 300-Mbps IPsec VPN, and is
suited for small branch and retail office deployments.
3
• Simplified deployment with minimal manual intervention—The Zero Touch Provisioning (ZTP) feature
enables you to provision and configure the SRX300 line automatically, thereby reducing operational
complexity and simplifying the provisioning of new sites.
• Threat protection—The SRX300 line supports IPsec VPN, Media Access Control Security (MACsec),
Juniper Juniper Advanced Threat Prevention Cloud, and Trusted Platform Module (TPM) to protect
against potential vulnerabilities.
SRX300 Chassis
IN THIS SECTION
The SRX300 Firewall chassis weighs 4.38 lb. and measures 1.37 in. high, 12.63 in. wide, and 7.52 in.
deep.
The services gateway must be connected to earth ground during normal operation. The protective
earthing terminal on the rear of the chassis is provided to connect the services gateway to ground.
4
IN THIS SECTION
2 Serial Console port Connects a laptop to the services gateway for CLI
management. The port uses an RJ-45 serial
connection and supports the RS-232 (EIA-232)
standard.
5
• Support autonegotiation
4 1-GbE small form-factor pluggable Two 1-GbE MACsec-capable SFP ports for network
(SFP) ports traffic.
6 Mini-USB console port Connects a laptop to the services gateway for CLI
management through a USB interface. The port
accepts a Mini-B type USB cable plug. A USB cable
with Mini-B and Type A USB plugs is supplied with
the services gateway.
7 USB port The services gateway has one USB port that accepts
a USB storage device.
9 Power button Use the Power button to power on or power off the
services gateway.
Component Description
• Solid amber
• Device is starting up
The SFP and Ethernet ports have two status LEDs, LINK and ACT, located above the port.
8
LED Description
Figure 3 on page 8 shows the back panel of the SRX300 Firewall and Table 4 on page 8 lists the
back panel components.
NOTE: We recommend
connecting the services gateway
to ground if required.
9
RELATED DOCUMENTATION
IN THIS SECTION
The power supply for the SRX300 Firewall is external. You must use the AC to DC, 60 W power supply
adapter provided by Juniper Networks to provide power to the services gateway. The adapter provides
an output of 12 VDC, 5 A.
10
SEE ALSO
Table 5 on page 10 lists the power specifications for the SRX300 Firewall power supply adapter.
Table 5: Power Specifications for the SRX300 Firewall Power Supply Adapter
WARNING: The AC power cord for the services gateway is intended for use with only
the power supply adapter provided with the device .
SEE ALSO
Table 6 on page 12 provides a checklist of tasks you need to perform when preparing a site for
installing the SRX300 Firewall.
Environment
Power
"SRX300 Services
• Locate sites for
Gateway Power
connection of system
Specifications and
grounding.
Requirements" on
• Calculate the power page 10
consumption and
requirements.
Rack Requirements
13
Rack Installation
Cabinet Requirements
Wall Installation
14
Desktop Installation
Cables
RELATED DOCUMENTATION
IN THIS SECTION
Rack Requirements | 20
Cabinet Requirements | 21
The following precautions help you plan an acceptable operating environment for your SRX300 Firewall
and avoid environmentally caused equipment failures:
• For the operating temperature of the services gateway to be optimal, the airflow around the chassis
must be unrestricted. Allow sufficient clearance between the front and back of the chassis and
adjacent equipment. Ensure that there is adequate circulation in the installation location.
• Follow the ESD procedures to avoid damaging equipment. Static discharge can cause components to
fail completely or intermittently over time. For more information, see Preventing Electrostatic
Discharge Damage to the SRX300 Services Gateway.
NOTE: The SRX300 Firewall does not include a fan and does not generate any acoustic noise.
16
Table 7 on page 16 provides the required environmental conditions for normal SRX300 Firewall
operations.
Description Value
Table 8 on page 17 describes the factors you must consider while planning the electrical wiring for the
services gateway at your site.
The potential for damage from lightning strikes increases if wires exceed
recommended distances or if wires pass between buildings.
Radio Frequency Interference To reduce or eliminate the emission of RFI from your site wiring:
(RFI)
• Use twisted-pair cable with a good distribution of grounding conductors.
• Use a high-quality twisted-pair cable with one ground conductor for each
data signal when applicable, if you must exceed the recommended
distances.
Electromagnetic Compatibility Provide a properly grounded and shielded environment and use electrical
(EMC) surge-suppression devices.
• Conduct power surges over the lines into the equipment, resulting in an
electrical hazard
SEE ALSO
To meet safety and electromagnetic interference (EMI) requirements and to ensure proper operation, the
SRX300 Firewall must be adequately grounded before power is connected. You must provide a
grounding lug to connect the services gateway to earth ground.
WARNING: Before you connect power to the services gateway, a licensed electrician
must attach a cable lug to the grounding and power cables that you supply. A cable with
an incorrectly attached lug can damage the services gateway (for example, by causing a
short circuit).
The services gateway chassis has one grounding point on the back panel.
Table 9 on page 18 lists the specifications of the grounding cable used with the device.
You must install the SRX300 in a restricted-access location and ensure that the chassis is always
properly grounded. The SRX300 device has a one-hole protective grounding terminal provided on the
chassis. Under all circumstances, use this grounding connection to ground the chassis. For AC-powered
systems, you must also use the grounding wire in the AC power cord along with the one-hole grounding
lug connection. This tested system meets or exceeds all applicable EMC regulatory requirements with
the one-hole protective grounding terminal.
SEE ALSO
Table 10 on page 19 lists the physical specifications for the services gateway.
Weight 4.38 lb
SEE ALSO
When planning the installation site for the SRX300 Firewall, you need to allow sufficient clearance
around the device. Consider the following:
• The SRX300 Firewall does not include a fan and uses natural convection cooling. For the operating
temperature of the services gateway to be optimal, the airflow around the chassis must be
unrestricted.
• For service personnel to remove and install hardware components, there must be adequate space at
the front and back of the device. Allow at least 24 in. (61 cm) both in front of and behind the device.
• If you are mounting the device in a rack with other equipment, or if you are placing it on the desktop
near other equipment, ensure that the exhaust from other equipment does not blow into the intake
vents of the chassis.
Rack Requirements
When installing the services gateway in a rack, you must ensure that the rack complies with a 1U (19 in.
or 48.7 cm) rack as defined in Cabinets, Racks, Panels, and Associated Equipment (document number
EIA-310-D), published by the Electronic Industries Alliance (http://www.ecaus.org/eia/site/index.html).
When selecting a rack, ensure that the physical characteristics of the rack comply with the following
specifications:
• The outer edges of the mounting brackets extend the width of either chassis to 19 in. (48.3 cm).
• The front of the chassis extends approximately 0.5 in. (1.27 cm) beyond the mounting ears.
• Maximum permissible ambient temperature when two devices are placed side by side in a 19 in. rack
is 40° C.
The spacing of the mounting brackets and flange holes on the rack and device mounting brackets are as
follows:
• The holes within each rack set are spaced at 1 U (1.75 in. or 4.5 cm).
• The mounting brackets and front-mount flanges used to attach the chassis to a rack are designed to
fasten to holes spaced at rack distances of 1 U (1.75 in.).
• The mounting holes in the mounting brackets provided with the device are spaced 1.25 in. (3.2 cm)
apart (top and bottom mounting hole).
21
Always secure the rack in which you are installing the services gateway to the structure of the building.
If your geographical area is subject to earthquakes, bolt the rack to the floor. For maximum stability, also
secure the rack to ceiling brackets.
Cabinet Requirements
You can install the services gateway in a 19 in. (48.7 cm) cabinet as defined in Cabinets, Racks, Panels,
and Associated Equipment (document number EIA-310-D) published by the Electronic Industries
Alliance (http://www.ecaus.org/eia/site/index.html). You must mount the services gateway horizontally
in the cabinet using appropriate rack adapters.
• The cabinet is at least 1U (3.50 in. or 8.89 cm) and can accommodate the services gateway.
• The outer edges of the mounting brackets extend the width of either chassis to 19 in. (48.7 cm), and
the front of the chassis extends approximately 0.5 in. (1.27 cm) beyond the mounting brackets.
• The minimum total clearance inside the cabinet is 30.7 in. (78 cm) between the inside of the front
door and the inside of the rear door.
NOTE: A cabinet larger than the minimum required provides better airflow and reduces the
chance of overheating.
When you mount the services gateway in a cabinet, you must ensure that ventilation through the
cabinet is sufficient to prevent overheating. Consider the following when planning for chassis cooling:
• Ensure that the cool air supply you provide through the cabinet can adequately dissipate the thermal
output of the services gateway.
• Install the services gateway as close as possible to the front of the cabinet so that the cable
management system clears the inside of the front door. Installing the chassis close to the front of the
cabinet maximizes the clearance in the rear of the cabinet for critical airflow.
• Route and dress all cables to minimize the blockage of airflow to and from the chassis.
RELATED DOCUMENTATION
IN THIS SECTION
You can find information about the pluggable transceivers supported on your Juniper Networks device
by using the Hardware Compatibility Tool. In addition to transceiver and connector type, the optical and
cable characteristics—where applicable—are documented for each transceiver. The Hardware
Compatibility Tool enables you to search by product, displaying all the transceivers supported on that
device, or category, by interface speed or type. The list of supported transceivers for the SRX300 is
located at https://apps.juniper.net/hct/product/#prd=SRX300.
Table 11 on page 22 describes the RJ-45 connector pinouts for the Ethernet port.
Table 11: RJ-45 Connector Pinouts for the SRX300 Firewall Ethernet Port
Pin Signal
1 BI_DA+
2 BI_DA
3 BI_DB+
23
Table 11: RJ-45 Connector Pinouts for the SRX300 Firewall Ethernet Port (Continued)
Pin Signal
4 BI_DC+
5 BI_DC
6 BI_DB
7 BI_DD+
8 BI_DD
Table 12 on page 23 describes the RJ-45 connector pinouts for the console port.
Table 12: RJ-45 Connector Pinouts for the SRX300 Firewall Console Port
Table 12: RJ-45 Connector Pinouts for the SRX300 Firewall Console Port (Continued)
The SRX300 Firewall has two console ports: an RJ-45 Ethernet port and a mini-USB Type-B port. If your
management device (laptop or PC) does not have a DB-9 plug connector pin or an RJ-45 connector pin,
you can connect your management device to the Mini-USB Type-B console port of the services gateway
by using a cable that has a standard Type-A USB connector on one end and a Mini-USB Type-B (5-pin)
connector on the other end. Table 13 on page 24 describes the Mini-USB Type-B connector pinouts
for the console port.
NOTE: By design, the mini-USB console port has higher priority over the RJ-45 console port. If
the mini-USB and RJ-45 console ports are both connected, then the mini-USB console port will
be active.
Table 13: Mini-USB Type-B Connector Pinouts for the Services Gateway Console Port
2 D- White Data -
3 D+ Green Data +
25
Table 13: Mini-USB Type-B Connector Pinouts for the Services Gateway Console Port (Continued)
IN THIS SECTION
After you have prepared the site for installation and unpacked the SRX300 Firewall, you are ready to
install the device. It is important to proceed through the installation process in the following order:
1. Review the safety guidelines explained in SRX300 Services Gateway General Safety Guidelines and
Warnings.
2. Prepare your site for the installation of the services gateway as described in "Site Preparation
Checklist for the SRX300 Services Gateway" on page 12.
4. Connect the grounding cable as described in "Connecting the SRX300 Services Gateway Grounding
Cable" on page 37.
5. Power on the services gateway as described in "Powering On the SRX300 Services Gateway" on
page 39.
SEE ALSO
The autoinstallation process begins any time a services gateway is powered on and cannot locate a valid
configuration file in the internal flash. Typically, a configuration file is unavailable when a services
gateway is powered on for the first time or if the configuration file is deleted from the internal flash. The
autoinstallation feature enables you to deploy multiple services gateways from a central location in the
network.
If you are setting up many devices, autoinstallation can help automate the configuration process by
loading configuration files onto new or existing devices automatically over the network. You can use
either the J-Web interface or the CLI to configure a device for autoinstallation.
For the autoinstallation process to work, you must store one or more host-specific or default
configuration files on a configuration server in the network and have a service available—typically
Dynamic Host Configuration Protocol (DHCP)—to assign an IP address to the services gateway.
Autoinstallation takes place automatically when you connect an Ethernet port on a new services
gateway to the network and power on the device. To simplify the process, you can explicitly enable
autoinstallation on a device and specify a configuration server, an autoinstallation interface, and a
protocol for IP address acquisition.
NOTE: If the USB autoinstallation feature is enabled (the default configuration), removal of a USB
storage device immediately after insertion is not supported.
After you insert a USB storage device, Junos OS scans the device to check whether it contains
the USB autoinstallation file. This process might take up to 50 seconds to complete depending
on the quality of the USB storage device and the number and size of the files in the device.
Removing the USB storage device while this process is running might cause the services gateway
to reboot, the USB port to stop working, and data loss on the USB. We recommend that after
inserting a USB storage device, you wait for at least 60 seconds before removing it.
By issuing the set system autoinstallation usb disable command (which disables the USB
autoinstallation feature) before you insert the USB device, you can reduce the waiting interval
between insertion and removal of a USB storage device from 60 seconds to 20 seconds.
For more information about configuring autoinstallation, see the following topics:
IN THIS SECTION
The SRX300 Firewall is shipped in a cardboard carton and secured with foam packing material. The
carton also contains an accessory box and quick-start instructions.
1. Move the cardboard carton to a staging area as close to the installation site as possible, where you
have enough room to remove the components from the chassis.
2. Position the cardboard carton with the arrows pointing up.
3. Carefully open the top of the cardboard carton.
4. Remove the foam covering the top of the services gateway.
5. Remove the accessory box.
6. Verify the parts received against the lists in "Verifying Parts Received with the SRX300 Services
Gateway" on page 30.
7. Store the brackets and bolts inside the accessory box.
8. Save the shipping carton and packing materials in case you need to move or ship the services
gateway at a later time.
30
The SRX300 Firewall shipment package contains a packing list. Check the parts in the shipment against
the items on the packing list. The packing list specifies the part numbers and carries a brief description
of each part in your order.
Table 14 on page 30 lists the inventory of components supplied with the SRX300 device.
NOTE: The parts shipped with your services gateway can vary depending on the configuration
you ordered. To know the part numbers for ordering the separately orderable mounting kits, see
the SRX300 Line of Services Gateways for the Branch Platform Datasheet.
Component Quantity
Documentation Roadmap 1
You can mount an SRX300 Firewall on a desk or any other level surface horizontally or vertically. The
four rubber feet attached to the chassis provide stability. Before mounting an SRX300 Firewall on a desk
or level surface:
• Verify that the installation site meets the requirements described in "Site Preparation Checklist for
the SRX300 Services Gateway" on page 12.
• Place the desk in its permanent location, allowing adequate clearance for airflow and maintenance,
and secure it to the building structure.
The horizontal position is the standard installation position. To install the device in a horizontal position:
1. Make sure that the rubber feet are attached to the chassis.
2. Place the device on a desk with the Juniper Networks logo, which is embossed on the top cover,
facing up.
You can mount an SRX300 Firewall on a wall. The four rubber feet attached to the chassis provide
stability. Before mounting the SRX300 Firewall on a wall:
• Verify that the installation site meets the requirements described in "Site Preparation Checklist for
the SRX300 Services Gateway" on page 12.
• Verify that you have the following parts available in your wall-mounting kit:
• Wall-mounting brackets
• Screws
NOTE: The wall-mounting kit is not shipped with the device and must be ordered separately.
1. Place the device on a flat, level surface with the Juniper Networks logo, which is embossed on the
top cover, facing up. Ensure that the rubber feet are attached to the bottom of the chassis.
2. Position a mounting bracket on each side of the chassis as shown in Figure 4 on page 32.
32
3. Use a number-2 Phillips screwdriver to install the screws that secure the mounting brackets to the
chassis.
4. If you are using wall anchors to support the chassis, install two pairs of anchors on the wall with the
mounting brackets attached.
5. Have one person grasp the sides of the device, lift it, and position it on the wall. Figure 5 on page
32 shows the four different orientations in which you can mount the services gateway on a wall.
6. Have a second person install two pairs of mounting screws through the bracket holes on either side
of the device to secure it to the wall.
7. Verify that the mounting screws on one side are aligned with the mounting screws on the opposite
side and that the device is level (see Figure 6 on page 33).
33
You can front-mount the SRX300 Firewall in a rack. Many types of racks are acceptable, including four-
post (telco) racks, enclosed cabinets, and open-frame racks. For more information about the type of rack
or cabinet the SRX300 Firewall can be installed in, see SRX300 Services Gateway Rack Size and
Strength Requirements.
NOTE: The rack-mounting kit is not shipped with the device and must be ordered separately.
NOTE: If you are installing multiple devices in one rack, install the lowest one first and proceed
upward in the rack. Ensure that the rubber feet from the base of the chassis are removed for rack
installation.
• Verify that the installation site meets the requirements described in "Site Preparation Checklist for
the SRX300 Services Gateway" on page 12.
34
• Verify that the racks or cabinets meet the specific requirements described in SRX300 Services
Gateway Rack-Mounting Requirements and Warnings.
• Place the rack or cabinet in its permanent location, allowing adequate clearance for airflow and
maintenance, and secure it to the building structure. For more information, see "SRX300 Services
Gateway Clearance Requirements for Airflow and Hardware Maintenance" on page 20.
• Verify that you have the following parts available in your rack-mounting kit:
• Rack-mount tray
• Screws
1. Position a mounting bracket on each side of the chassis as shown in Figure 7 on page 34.
2. Use a number-2 Phillips screwdriver to install the screws that secure the mounting brackets and
power supply adapter tray to the chassis as shown in Figure 8 on page 34.
Figure 8: SRX300 Firewall Rack Installation — Securing the Mounting Brackets and Power Supply
Adapter Tray
35
3. Place the power supply adapter in the tray as shown in Figure 9 on page 35.
Figure 9: SRX300 Firewall Rack Installation — Positioning the Power Supply Adapter Tray
4. Have one person grasp the sides of the device, lift it, and position it in the rack.
5. Align the bottom hole in each mounting bracket with a hole in each rack rail as shown in Figure 10 on
page 36, making sure the chassis is level.
36
Figure 10: SRX300 Firewall Rack Installation — Positioning the SRX300 Firewall in a Rack
6. Have a second person install a mounting screw into each of the two aligned holes. Tighten the
mounting screws.
7. Install the second screw in each mounting bracket.
8. Verify that the mounting screws on one side of the rack are aligned with the mounting screws on the
opposite side and that the device is level.
RELATED DOCUMENTATION
IN THIS SECTION
Required Tools and Parts for Grounding the SRX300 Services Gateway | 37
Required Tools and Parts for Grounding the SRX300 Services Gateway
To ground and to provide power to the services gateway, you need the following tools:
• Wire cutters
You ground the services gateway by connecting a grounding cable to earth ground and then attaching it
to the chassis grounding point located on the back panel of the device using a M4 screw. You must
install the SRX300 in a restricted-access location and ensure that the chassis is always properly
grounded. The SRX300 device has a single-hole protective grounding terminal provided on the chassis.
See Figure 11 on page 38. Under all circumstances, use this grounding connection to ground the
chassis. For AC-powered systems, you must also use the grounding wire in the AC power cord along
with the single-hole grounding lug connection. This tested system meets or exceeds all applicable EMC
regulatory requirements with the single-hole protective grounding terminal.
• One M4 screw
• Grounding cables
38
CAUTION: Before you connect power to the services gateway, a licensed electrician
must attach a cable lug to the grounding and power cables that you supply. A cable with
an incorrectly attached lug can damage the services gateway (for example, by causing a
short circuit).
1. Attach an electrostatic discharge (ESD) grounding strap to your bare wrist, and connect the strap to
the ESD point on the chassis. For more details, see Preventing Electrostatic Discharge Damage to the
SRX300 Services Gateway.
2. Ensure that all grounding surfaces are clean and brought to a bright finish before grounding
connections are made.
3. Connect the grounding cable to a proper earth ground.
4. Place the grounding cable lug over the grounding point (sized for M4 screws) on the rear of the
chassis as shown in Figure 11 on page 38.
5. Secure the grounding cable lug to the grounding point, first with the washer, then with the screw.
Apply between 6 in.-lb (0.67 Nm) and 8 in.-lb (0.9 Nm) of torque to the screw.
6. Dress the grounding cable and verify that it does not touch or block access to the services gateway
components and that it does not drape where people could trip on it.
39
SEE ALSO
CAUTION: Before connecting the device to the power supply, attach an ESD strap to
an ESD point and place the other end of the strap around your bare wrist.
1. Plug the DC connector end of the power cable into the power connector on the back of the device as
shown in Figure 12 on page 39.
2. Plug the AC adapter end of the power cable into an AC power outlet.
1. Ensure that you have connected the power supply to the device.
40
2. Insert the plug of the power supply adapter into an AC power source receptacle.
3. Turn on the power to the AC power receptacle.
The device starts automatically as the power supply completes its startup sequence. The PWR LED
lights during startup and remains on when the device is operating normally.
NOTE: After the power supply is turned on, it can take up to 60 seconds for status indicators—
such as the STAT and PWR LEDs—to show that the power supply is functioning normally. Ignore
error indicators that appear during the first 60 seconds.
NOTE: When the system is completely powered off and you turn on the power supply, the
device starts as the power supply completes its startup sequence. If the device finishes starting
and you need to power off the system again, first issue the CLI request system power-off command.
You can power off the services gateway in one of the following ways:
• Graceful shutdown—Press and immediately release the Power button. The device begins gracefully
shutting down the operating system and then powers itself off.
WARNING: Use the graceful shutdown method to power off or reboot the services
gateway.
• Forced shutdown—Press the Power button and hold it for ten seconds. The device immediately
powers itself off without shutting down the operating system.
WARNING: Use the forced shutdown method as a last resort to recover the services
gateway if the services gateway operating system is not responding to the graceful
shutdown method.
WARNING: Do not press the Power button while the device is shutting down.
41
CAUTION: Forced shutdown can result in data loss and corruption of the file system.
NOTE: To remove power completely from the device, unplug the power cord or switch off the
AC power source.
After powering off a power supply, wait at least 10 seconds before turning it back on. After
powering on a power supply, wait at least 10 seconds before turning it off.
The power button on the services gateway is a standby power switch, which will not turn off the
input power to the services gateway.
TIP: When you are powering off the device, the CLI displays the following message: Turning the
system power off. You can now safely remove the power cable to completely power off the device.
NOTE: You can use the request system reboot CLI command to schedule a reboot.
IN THIS SECTION
Connecting the Dial-Up Modem to the Console Port on the SRX300 Services Gateway | 41
To connect the dial-up modem to the console port on the services gateway:
42
NOTE: Most modems have an RS-232 DB-25 connector. You must separately purchase an
adapter to connect your modem to the RJ-45 to DB-9 adapter and the Ethernet cable.
NOTE: We no longer include a DB-9 to RJ-45 cable or a DB-9 to RJ-45 adapter with a CAT5E
copper cable as part of the device package. If you require a console cable, you can order it
separately with the part number JNP-CBL-RJ45-DB9 (DB-9 to RJ-45 adapter with a CAT5E
copper cable).
To remotely connect to the CLI through a dial-up modem connected to the console port on the services
gateway:
1. Connect a modem at your remote location to a management device such as a PC or laptop computer.
2. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal)
on the PC or laptop computer.
3. Select the COM port to which the modem is connected (for example, COM1).
4. Configure the port settings :
• Data bits—8
• Parity—None
43
• Stop bits—1
• Flow control—None
5. In the HyperTerminal window, enter AT.
An OK response verifies that the modem can communicate successfully with the COM port on the
PC or laptop.
6. Dial the modem that is connected to the console port on the services gateway by entering ATDT
remote-modem-number. For example, if the number of the modem connected to the console port on
the services gateway is 0013033033030, enter ATDT 0013033033030.
The services gateway login prompt appears.
7. Log in as the root user. No password is required at initial connection, but you must assign a root
password before committing any configuration settings.
IN THIS SECTION
Configure the Device Using ZTP with Juniper Networks Network Service Controller | 53
The services gateway is shipped with the Juniper Networks Junos operating system (Junos OS)
preinstalled and ready to be configured when the device is powered on. You can perform the initial
software configuration of the services gateway by using the browser-based setup wizard or by using the
command-line interface (CLI).
44
IN THIS SECTION
0/1 to 0/6 VLAN Interface irb.0 (ge-0/0/1 to ge-0/0/6) trust Server 192.168.1.1/24
The SRX300 device is shipped with the following services and protocols enabled by default.
45
HTTPS
To provide secure traffic, a basic set of screens are configured on the untrust zone.
When you commit changes to the configuration, a new configuration file is created, which becomes the
active configuration. If the current active configuration fails, you can use the load factory-default
command to revert to the factory-default configuration.
IN THIS SECTION
You can use either the serial or the mini-USB console port on the device.
1. Plug one end of the Ethernet cable into the RJ-45 to DB-9 serial port adapter.
NOTE: We no longer include a DB-9 to RJ-45 cable or a DB-9 to RJ-45 adapter with a CAT5E
copper cable as part of the device package. If you require a console cable, you can order it
separately with the part number JNP-CBL-RJ45-DB9 (DB-9 to RJ-45 adapter with a CAT5E
copper cable).
2. Plug the RJ-45 to DB-9 serial port adapter into the serial port on the management device.
3. Connect the other end of the Ethernet cable to the serial console port on the SRX300.
4. Start your asynchronous terminal emulation application (such as Microsoft Windows HyperTerminal)
and select the appropriate COM port to use (for example, COM1).
5. Configure the serial port settings with the following values:
• Baud rate—9600
• Parity—N
47
• Data bits—8
• Stop bits—1
• Flow control—none
1. Download the USB driver to the management device from the Downloads page. To download the
driver for Windows OS, select 6.5 from the Version drop-down list. To download the driver for
macOS, select 4.10 from the Version drop-down list.
2. Install the USB console driver software:
NOTE: Install the USB console driver software before attempting to establish a physical
connection between the SRX300 and the management device, otherwise the connection will
fail.
c. Click Install.
If you chose to stop the installation at any time during the process, then all or part of the software
will fail to install. In such a case, we recommend that you uninstall the USB console driver and
then reinstall it.
• Parity—None
• Data bits—8
• Stop bits—1
• Flow control—None
7. If you have not already done so, power on the SRX300 by pressing the Power button on the front
panel. Verify that the PWR LED on the front panel turns green.
The terminal emulation screen on your management device displays the startup sequence. When the
SRX300 has finished starting up, a login prompt appears.
root@%cli
root>
NOTE: You can view the factory-default settings by using the show configuration command.
configure
[edit]
root#
3. Set the root authentication password by entering a cleartext password, an encrypted password, or an
SSH public key string (DSA or RSA).
[edit]
root# set system root-authentication plain-text-password
New password: password
Retype new password: password
49
[edit]
root# commit
IN THIS SECTION
1. Connect one end of the Ethernet cable to any of the network ports numbered 0/1 through 0/6 on
the device.
NOTE: The ge-0/0/0 and ge-0/0/7 interfaces (ports 0/0 and 0/7) are WAN interfaces. Do not
use these ports for the initial configuration procedure.
2. Connect the other end of the Ethernet cable to the management device.
50
The SRX300 functions as a DHCP server and automatically assigns an IP address to the laptop.
3. Ensure that the management device acquires an IP address on the 192.168.1.0/24 network from the
device.
If an IP address is not assigned to the management device, manually configure an IP address in the
192.168.1.0/24 network.
NOTE: Do not assign the 192.168.1.1 IP address to the management device, as this IP
address is assigned to the SRX300.
4. Open a browser and type https://192.168.1.1. The Phone Home Client page appears.
• Using zero-touch provisioning (ZTP)—Follow the procedure in "Configure the Device Using ZTP
with Juniper Networks Network Service Controller" on page 53
51
The J-Web login page appears. The SRX300 already has factory-default settings configured to make
it a plug-and-play device. So all you have to do to get the SRX300 up and running is connect it to
your LAN and WAN networks.
7. Connect the WAN network to port 0/0 to obtain a dynamic IP address.
8. Connect the LAN network to any of the ports from 0/1 through 0/6.
9. Check to see if the SRX300 is connected to the Internet. Go to http://www.juniper.net. If the page
does not load, check the Internet connection.
After you complete these steps, you can start using the SRX300 on your network right away.
You can continue to customize the settings by logging in to J-Web and selecting the configuration mode
that’s right for you. You can then follow the screens as they appear in the Setup wizard.
• To customize the configuration in Junos OS Release 19.2, see "Customize the Configuration for Junos
OS Release 19.2" on page 51.
• Passive—Set up the SRX300 in Tap mode. Tap mode enables the SRX300 to passively monitor traffic
flows across a network.
52
• Guided Setup (uses a dynamic IP address)—Enables you to set up the SRX300 in a custom security
configuration. You can select either the Basic or the Expert option.
• Dynamic IP
NOTE: If you change the IP address of the port to which the laptop is connected, you might
lose connectivity to the device when applying the configuration in the Guided Setup mode. To
access J-Web again, open a new browser window and type https://new IP address.
53
• Default Setup (uses a dynamic IP address)—Enables you to quickly set up the SRX300 with the
default configuration. Any additional configuration can be done after the wizard setup is completed.
• High Availability—Enables you to set up a chassis cluster with a default basic configuration.
Configure the Device Using ZTP with Juniper Networks Network Service
Controller
NOTE: You can configure using ZTP for Junos OS Release 19.2 and earlier releases.
You can use ZTP to complete the initial configuration of the SRX300 in your network automatically, with
minimum intervention.
Network Service Controller is a component of the Juniper Networks Contrail Service Orchestration
platform that simplifies and automates the design and implementation of custom network services that
use an open framework.
For more information, refer to the Network Service Controller section in the datasheet at http://
www.juniper.net/assets/us/en/local/pdf/datasheets/1000559-en.pdf.
NOTE: To complete the ZTP process, ensure that the SRX300 is connected to the Internet.
• If you already have the authentication code, enter the code in the webpage displayed.
On successful authentication, the initial configuration is applied and committed on the SRX300.
Optionally, the latest Junos OS image is installed on the SRX300 before the initial configuration is
applied.
• If you do not have the authentication code, you can use the J-Web setup wizard to configure the
SRX300. Click Skip to J-Web and configure the SRX300 using J-Web.
4 CHAPTER
Maintaining Components
IN THIS SECTION
For optimum performance of the services gateway, perform the following preventive maintenance
procedures regularly:
• Inspect the installation site for moisture, loose wires or cables, and excessive dust.
• Make sure that airflow is unobstructed around the device and into the air intake vents.
• Check the status LEDs on the front panel of the services gateway.
• Make sure that the power and grounding cables are arranged so that they do not obstruct access to
other device components.
• Routinely check the PWR LED on the front panel. If this LED is solid green, the power supplies are
functioning normally.
• Periodically inspect the site to ensure that the grounding and power cables connected to the services
gateway are securely in place and that there is no moisture accumulating near the services gateway.
Troubleshooting Hardware
IN THIS SECTION
To troubleshoot a services gateway, you use the Junos OS command-line interface (CLI) and LEDs on the
components:
• LEDs—When the services gateway detects an alarm condition, the alarm LED on the interfaces glows
red or yellow.
• CLI—The CLI is the primary tool for controlling and troubleshooting hardware, Junos OS, and
network connectivity. Use the CLI to display more information about alarms. CLI commands display
information about network connectivity derived from the ping and traceroute utilities. For
information about using the CLI to troubleshoot Junos OS, see the appropriate Junos OS
configuration guide.
• JTAC—If you need assistance during troubleshooting, you can contact the Juniper Networks
Technical Assistance Center (JTAC) by using the Web or by telephone. If you encounter software
problems, or problems with hardware components not discussed here, contact JTAC.
SEE ALSO
When the services gateway detects an alarm condition, the alarm LED on the front panel turns red or
amber as appropriate. To view a more detailed description of the alarm cause, issue the show chassis
alarms CLI command.
Table 19 on page 59 describes alarms that can occur for an SRX300 Firewall chassis component.
Table 19: SRX300 Firewall Chassis Alarm Conditions and Corrective Actions
Boot media The services gateway • If the internal flash memory fails at startup, Amber
boots from an alternate the services gateway automatically boots (minor)
boot device. itself from the alternative boot device (USB
storage device).
Hardware The services gateway Check the room temperature. See "SRX300 Amber
components on chassis temperature or Services Gateway Environmental Specifications" (minor)
the services chassis is too warm on page 16.
gateway
60
Table 19: SRX300 Firewall Chassis Alarm Conditions and Corrective Actions (Continued)
The services gateway The services gateway shuts down automatically Red
temperature is too high, in 4 minutes. (major)
either because of an
internal overheating
condition or because the
maximum recommended
room temperature has
been exceeded.
The LEDs on the services gateway enable you to determine the performance and operation. The PWR
LED, located on the front panel of the services gateway, indicates the different settings with respect to
the power system.
Table 20 on page 60 describes different PWR LED status settings and their corrective actions.
Off Indicates that the device is not • Verify that the AC power cord from the
receiving power. power source to the device is not
damaged. If the insulation is cracked or
broken, immediately replace the cord or
cable.
SEE ALSO
If a configuration fails or denies management access to the services gateway, you can use the RESET
CONFIG button to restore the device to the factory-default configuration or a rescue configuration. For
example, if someone inadvertently commits a configuration that denies management access to a services
gateway, you can delete the invalid configuration and replace it with a rescue configuration by pressing
the RESET CONFIG button.
NOTE: The RESET CONFIG button is recessed to prevent it from being pressed accidentally.
The rescue configuration is a previously committed, valid configuration. You must have previously set
the rescue configuration through the J-Web interface or the CLI. To press the RESET CONFIG button,
insert a small probe (such as a straightened paper clip) into the pinhole on the front panel.
62
• By default, pressing and quickly releasing the RESET CONFIG button loads and commits the rescue
configuration through the J-Web interface or the CLI. The Status LED is solid amber during this time.
• By default, pressing and holding the RESET CONFIG button for 15 seconds or more—until the Status
LED is solid amber — deletes all configurations on the device, including the backup configurations
and rescue configuration, and loads and commits the factory configuration.
NOTE: Resetting the configuration does not trigger a reboot automatically. Thus, configuration
changes that require a reboot, such as Ethernet switching configurations, do not take effect after
you reset the configuration. As a result, connectivity to the device might be lost. For the
configuration to take effect, power off and power on the device after resetting the configuration.
You can change the default operation of the RESET CONFIG button by limiting how the button resets
the services gateway:
• To prevent the RESET CONFIG button from setting the device to the factory-default configuration
and deleting all other configurations:
You can still press and quickly release the button to reset it to the rescue configuration.
• To prevent the RESET CONFIG button from setting the device to the rescue configuration:
You can still press and hold the button for 15 seconds or more to reset the gateway to the factory-
default configuration.
• To disable the button and prevent the device from resetting to either the factory-default or rescue
configuration:
The no-clear option prevents the RESET CONFIG button from deleting all configurations on the services
gateway. The no-rescue option prevents the RESET CONFIG button from loading the rescue
configuration.
To return the function of the RESET CONFIG button to its default behavior, remove the config-button
statement from the device configuration.
6 CHAPTER
IN THIS SECTION
Locating the SRX300 Firewall Chassis Serial Number and Agency Labels | 65
Once you have located the serial numbers of the device or component, you can return the device or
component for repair or replacement. For this, you need to contact Juniper Networks Technical
Assistance Center (JTAC).
You can contact JTAC 24 hours a day, 7 days a week, using any of the following methods:
• By telephone:
NOTE: If contacting JTAC by telephone, enter your 12-digit service request number
followed by the pound (#) key if this is an existing case, or press the star (*) key to be
routed to the next available support engineer.
When requesting support from JTAC by telephone, be prepared to provide the following information:
• Type of activity being performed on the firewall when the problem occurred
• Your name, organization name, telephone number, fax number, and shipping address
The support representative validates your request and issues a Return Materials Authorization (RMA)
number for return of the device or component.
1. Determine the part number and serial number of the services gateway or component.
2. Obtain a Return Materials Authorization (RMA) number from JTAC.
NOTE: Do not return the services gateway or any component to Juniper Networks unless you
have first obtained an RMA number. Juniper Networks reserves the right to refuse shipments
that do not have an RMA. Refused shipments are returned to the customer via collect freight.
For more information about return and repair policies, see the customer support webpage at https://
www.juniper.net/support/guidelines.html.
For product problems or technical support issues, open a support case using the Case Manager link at
https://www.juniper.net/support/ or call 1-888-314-JTAC (within the United States) or 1-408-745-9500
(outside the United States).
Locating the SRX300 Firewall Chassis Serial Number and Agency Labels
Before contacting Juniper Networks to request an RMA, you must find the serial number on the SRX300
Firewall or component.
To list all of the SRX300 Firewall components and their serial numbers, enter the following command:
To remove the components from the SRX300 Firewall or to remove the services gateway from a rack,
you need the following tools and parts:
1. Retrieve the shipping carton and packing materials in which the services gateway was originally
shipped. If you do not have these materials, contact your Juniper Networks representative about
approved packaging materials.
2. Attach an electrostatic discharge (ESD) grounding strap to your bare wrist and connect the strap to
the ESD point on the chassis or to an outside ESD point if the device is disconnected from earth
67
ground. For more information about ESD, see Preventing Electrostatic Discharge Damage to the
SRX300 Services Gateway.
3. On the console or other management device connected to the services gateway, enter CLI
operational mode and issue the following command to shut down the services gateway software:
user@host> request system halt
Wait until a message appears on the console confirming that the operating system has halted.
4. Shut down power to the services gateway by pressing the Power button on the front of the
services gateway.
5. Disconnect power from the services gateway.
6. Remove the cables that connect to all external devices.
7. If the device is installed on a wall or rack, have one person support the weight of the device while
another person unscrews and removes the mounting screws.
8. Place the services gateway in the shipping carton.
9. Cover the services gateway with an ESD bag, and place the packing foam on top of and around the
device.
10. Replace the accessory box on top of the packing foam.
11. Securely tape the box closed.
12. Write the Return Materials Authorization (RMA) number on the exterior of the box to ensure
proper tracking.
Follow these guidelines for packing and shipping individual components of the services gateway:
• When you return a component, make sure that it is adequately protected with packing materials and
packed so that the pieces are prevented from moving around inside the carton.
• Write the Return Materials Authorization (RMA) number on the exterior of the box to ensure proper
tracking.
7 CHAPTER
Battery-Handling Warning | 80
The documentation uses the following levels of safety warnings (there are two Warning formats):
NOTE: You might find this information helpful in a particular situation, or you might overlook this
important information if it was not highlighted in a Note.
CAUTION: You need to observe the specified guidelines to prevent minor injury or
discomfort to you or severe damage to the device.
Attention Veillez à respecter les consignes indiquées pour éviter toute incommodité ou
blessure légère, voire des dégâts graves pour l’appareil.
LASER WARNING: This symbol alerts you to the risk of personal injury from a laser.
Avertissement Ce symbole signale un risque de blessure provoquée par rayon laser.
WARNING: This symbol means danger. You are in a situation that could cause bodily
injury. Before you work on any equipment, be aware of the hazards involved with
electrical circuitry, and familiarize yourself with standard practices for preventing
accidents.
Waarschuwing Dit waarschuwingssymbool betekent gevaar. U verkeert in een situatie
die lichamelijk letsel kan veroorzaken. Voordat u aan enige apparatuur gaat werken,
dient u zich bewust te zijn van de bij elektrische schakelingen betrokken risico's en dient
u op de hoogte te zijn van standaard maatregelen om ongelukken te voorkomen.
Varoitus Tämä varoitusmerkki merkitsee vaaraa. Olet tilanteessa, joka voi johtaa
ruumiinvammaan. Ennen kuin työskentelet minkään laitteiston parissa, ota selvää
sähkökytkentöihin liittyvistä vaaroista ja tavanomaisista onnettomuuksien
ehkäisykeinoista.
Warnung Dieses Warnsymbol bedeutet Gefahr. Sie befinden sich in einer Situation, die
zu einer Körperverletzung führen könnte. Bevor Sie mit der Arbeit an irgendeinem
Gerät beginnen, seien Sie sich der mit elektrischen Stromkreisen verbundenen Gefahren
und der Standardpraktiken zur Vermeidung von Unfällen bewußt.
Advarsel Dette varselsymbolet betyr fare. Du befinner deg i en situasjon som kan føre
til personskade. Før du utfører arbeid på utstyr, må du vare oppmerksom på de
faremomentene som elektriske kretser innebærer, samt gjøre deg kjent med vanlig
praksis når det gjelder å unngå ulykker.
Aviso Este símbolo de aviso indica perigo. Encontra-se numa situação que lhe poderá
causar danos físicos. Antes de começar a trabalhar com qualquer equipamento,
familiarize-se com os perigos relacionados com circuitos eléctricos, e com quaisquer
práticas comuns que possam prevenir possíveis acidentes.
¡Atención! Este símbolo de aviso significa peligro. Existe riesgo para su integridad física.
Antes de manipular cualquier equipo, considerar los riesgos que entraña la corriente
eléctrica y familiarizarse con los procedimientos estándar de prevención de accidentes.
Varning! Denna varningssymbol signalerar fara. Du befinner dig i en situation som kan
leda till personskada. Innan du utför arbete på någon utrustning måste du vara
medveten om farorna med elkretsar och känna till vanligt förfarande för att förebygga
skador.
The following guidelines help ensure your safety and protect the device from damage. The list of
guidelines might not address all potentially hazardous situations in your working environment, so be
alert and exercise good judgment at all times.
• Perform only the procedures explicitly described in the hardware documentation for this device.
Make sure that only authorized service personnel perform other system services.
• Keep the area around the device clear and free from dust before, during, and after installation.
• Keep tools away from areas where people could trip over them while walking.
71
• Do not wear loose clothing or jewelry, such as rings, bracelets, or chains, which could become caught
in the device.
• Wear safety glasses if you are working under any conditions that could be hazardous to your eyes.
• Do not perform any actions that create a potential hazard to people or make the equipment unsafe.
• Never attempt to lift an object that is too heavy for one person to handle.
• Never install electrical jacks in wet locations unless the jacks are specifically designed for wet
environments.
• Follow the instructions in this guide to properly ground the device to earth.
• Replace fuses only with fuses of the same type and rating.
• Do not open or remove chassis covers or sheet-metal parts unless instructions are provided in the
hardware documentation for this device. Such an action could cause severe electrical shock.
• Do not push or force any objects through any opening in the chassis frame. Such an action could
result in electrical shock or fire.
• Avoid spilling liquid onto the chassis or onto any device component. Such an action could cause
electrical shock or damage the device.
• Avoid touching uninsulated electrical wires or terminals that have not been disconnected from their
power source. Such an action could cause electrical shock.
• Some parts of the chassis, including AC and DC power supply surfaces, power supply unit handles,
SFB card handles, and fan tray handles might become hot. The following label provides the warning
for hot surfaces on the chassis:
• Always ensure that all modules, power supplies, and cover panels are fully inserted and that the
installation screws are fully tightened.
72
WARNING: This unit is intended for installation in restricted access areas. A restricted
access area is an area to which access can be gained only by service personnel through
the use of a special tool, lock and key, or other means of security, and which is
controlled by the authority responsible for the location.
Waarschuwing Dit toestel is bedoeld voor installatie op plaatsen met beperkte toegang.
Een plaats met beperkte toegang is een plaats waar toegang slechts door
servicepersoneel verkregen kan worden door middel van een speciaal instrument, een
slot en sleutel, of een ander veiligheidsmiddel, en welke beheerd wordt door de
overheidsinstantie die verantwoordelijk is voor de locatie.
Avertissement Cet appareil est à installer dans des zones d'accès réservé. Ces dernières
sont des zones auxquelles seul le personnel de service peut accéder en utilisant un outil
spécial, un mécanisme de verrouillage et une clé, ou tout autre moyen de sécurité.
L'accès aux zones de sécurité est sous le contrôle de l'autorité responsable de
l'emplacement.
Warnung Diese Einheit ist zur Installation in Bereichen mit beschränktem Zutritt
vorgesehen. Ein Bereich mit beschränktem Zutritt ist ein Bereich, zu dem nur
Wartungspersonal mit einem Spezialwerkzeugs, Schloß und Schlüssel oder anderer
Sicherheitsvorkehrungen Zugang hat, und der von dem für die Anlage zuständigen
Gremium kontrolliert wird.
Avvertenza Questa unità deve essere installata in un'area ad accesso limitato. Un'area
ad accesso limitato è un'area accessibile solo a personale di assistenza tramite
un'attrezzo speciale, lucchetto, o altri dispositivi di sicurezza, ed è controllata
dall'autorità responsabile della zona.
Advarsel Denne enheten er laget for installasjon i områder med begrenset adgang. Et
område med begrenset adgang gir kun adgang til servicepersonale som bruker et
spesielt verktøy, lås og nøkkel, eller en annen sikkerhetsanordning, og det kontrolleres
av den autoriteten som er ansvarlig for området.
Aviso Esta unidade foi concebida para instalação em áreas de acesso restrito. Uma área
de acesso restrito é uma área à qual apenas tem acesso o pessoal de serviço autorizado,
73
que possua uma ferramenta, chave e fechadura especial, ou qualquer outra forma de
segurança. Esta área é controlada pela autoridade responsável pelo local.
¡Atención! Esta unidad ha sido diseñada para instalarse en áreas de acceso restringido.
Área de acceso restringido significa un área a la que solamente tiene acceso el personal
de servicio mediante la utilización de una herramienta especial, cerradura con llave, o
algún otro medio de seguridad, y que está bajo el control de la autoridad responsable
del local.
Varning! Denna enhet är avsedd för installation i områden med begränsat tillträde. Ett
område med begränsat tillträde får endast tillträdas av servicepersonal med ett speciellt
verktyg, lås och nyckel, eller annan säkerhetsanordning, och kontrolleras av den
auktoritet som ansvarar för området.
WARNING: Only trained and qualified personnel should install or replace the device.
Waarschuwing Installatie en reparaties mogen uitsluitend door getraind en bevoegd
personeel uitgevoerd worden.
Varoitus Ainoastaan koulutettu ja pätevä henkilökunta saa asentaa tai vaihtaa tämän
laitteen.
Advarsel Kun kvalifisert personell med riktig opplæring bør montere eller bytte ut dette
utstyret.
Aviso Este equipamento deverá ser instalado ou substituído apenas por pessoal
devidamente treinado e qualificado.
74
Varning! Denna utrustning ska endast installeras och bytas ut av utbildad och
kvalificerad personal.
Device components that are shipped in antistatic bags are sensitive to damage from static electricity.
Some components can be impaired by voltages as low as 30 V. You can easily generate potentially
damaging static voltages whenever you handle plastic or foam packing material or if you move
components across plastic or carpets. Observe the following guidelines to minimize the potential for
electrostatic discharge (ESD) damage, which can cause intermittent or complete component failures:
• Always use an ESD wrist strap when you are handling components that are subject to ESD damage,
and make sure that it is in direct contact with your skin.
If a grounding strap is not available, hold the component in its antistatic bag (see Figure 16 on page
75) in one hand and touch the exposed, bare metal of the device with the other hand immediately
before inserting the component into the device.
WARNING: For safety, periodically check the resistance value of the ESD grounding
strap. The measurement must be in the range 1 through 10 Mohms.
Avertissement Par mesure de sécurité, vérifiez régulièrement la résistance du bracelet
antistatique. Cette valeur doit être comprise entre 1 et 10 mégohms (Mohms).
• When handling any component that is subject to ESD damage and that is removed from the device,
make sure the equipment end of your ESD wrist strap is attached to the ESD point on the chassis.
If no grounding strap is available, touch the exposed, bare metal of the device to ground yourself
before handling the component.
• Avoid contact between the component that is subject to ESD damage and your clothing. ESD
voltages emitted from clothing can damage components.
• When removing or installing a component that is subject to ESD damage, always place it component-
side up on an antistatic surface, in an antistatic card rack, or in an antistatic bag (see Figure 16 on
page 75). If you are returning a component, place it in an antistatic bag before packing it.
75
IN THIS SECTION
Fire Suppression | 76
In the event of a fire emergency, the safety of people is the primary concern. You should establish
procedures for protecting people in the event of a fire emergency, provide safety training, and properly
provision fire-control equipment and fire extinguishers.
In addition, you should establish procedures to protect your equipment in the event of a fire emergency.
Juniper Networks products should be installed in an environment suitable for electronic equipment. We
recommend that fire suppression equipment be available in the event of a fire in the vicinity of the
equipment and that all local fire, safety, and electrical codes and ordinances be observed when you
install and operate your equipment.
Fire Suppression
In the event of an electrical hazard or an electrical fire, you should first turn power off to the equipment
at the source. Then use a Type C fire extinguisher, which uses noncorrosive fire retardants, to extinguish
the fire.
Type C fire extinguishers, which use noncorrosive fire retardants such as carbon dioxide and Halotron™,
are most effective for suppressing electrical fires. Type C fire extinguishers displace oxygen from the
point of combustion to eliminate the fire. For extinguishing fire on or around equipment that draws air
from the environment for cooling, you should use this type of inert oxygen displacement extinguisher
instead of an extinguisher that leaves residues on equipment.
Do not use multipurpose Type ABC chemical fire extinguishers (dry chemical fire extinguishers). The
primary ingredient in these fire extinguishers is monoammonium phosphate, which is very sticky and
difficult to clean. In addition, in the presence of minute amounts of moisture, monoammonium
phosphate can become highly corrosive and corrodes most metals.
Any equipment in a room in which a chemical fire extinguisher has been discharged is subject to
premature failure and unreliable operation. The equipment is considered to be irreparably damaged.
NOTE: To keep warranties effective, do not use a dry chemical fire extinguisher to control a fire
at or near a Juniper Networks device. If a dry chemical fire extinguisher is used, the unit is no
longer eligible for coverage under a service agreement.
IN THIS SECTION
Juniper Networks devices are equipped with laser transmitters, which are considered a Class 1 Laser
Product by the U.S. Food and Drug Administration and are evaluated as a Class 1 Laser Product per
IEC/EN 60825-1 requirements.
When working around ports that support optical transceivers, observe the following safety guidelines to
prevent eye injury:
• Do not look into unterminated ports or at fibers that connect to unknown sources.
LASER WARNING: Unterminated optical connectors can emit invisible laser radiation.
The lens in the human eye focuses all the laser power on the retina, so focusing the
eye directly on a laser source—even a low-power laser—could permanently damage the
eye.
Avertissement Les connecteurs à fibre optique sans terminaison peuvent émettre un
rayonnement laser invisible. Le cristallin de l’œil humain faisant converger toute la
puissance du laser sur la rétine, toute focalisation directe de l’œil sur une source laser,
—même de faible puissance—, peut entraîner des lésions oculaires irréversibles.
78
LASER WARNING: Do not stare into the laser beam or view it directly with optical
instruments.
Waarschuwing Niet in de straal staren of hem rechtstreeks bekijken met optische
instrumenten.
Varoitus Älä katso säteeseen äläkä tarkastele sitä suoraan optisen laitteen avulla.
Warnung Nicht direkt in den Strahl blicken und ihn nicht direkt mit optischen Geräten
prüfen.
Avvertenza Non fissare il raggio con gli occhi né usare strumenti ottici per osservarlo
direttamente.
Aviso Não olhe fixamente para o raio, nem olhe para ele directamente com
instrumentos ópticos.
Varning! Rikta inte blicken in mot strålen och titta inte direkt på den genom optiska
instrument.
LASER WARNING: Because invisible radiation might be emitted from the aperture of
the port when no fiber cable is connected, avoid exposure to radiation and do not stare
into open apertures.
Waarschuwing Aangezien onzichtbare straling vanuit de opening van de poort kan
komen als er geen fiberkabel aangesloten is, dient blootstelling aan straling en het kijken
in open openingen vermeden te worden.
80
Varoitus Koska portin aukosta voi emittoitua näkymätöntä säteilyä, kun kuitukaapelia ei
ole kytkettynä, vältä säteilylle altistumista äläkä katso avoimiin aukkoihin.
Warnung Aus der Port-Öffnung können unsichtbare Strahlen emittieren, wenn kein
Glasfaserkabel angeschlossen ist. Vermeiden Sie es, sich den Strahlungen auszusetzen,
und starren Sie nicht in die Öffnungen!
Avvertenza Quando i cavi in fibra non sono inseriti, radiazioni invisibili possono essere
emesse attraverso l'apertura della porta. Evitate di esporvi alle radiazioni e non guardate
direttamente nelle aperture.
Advarsel Unngå utsettelse for stråling, og stirr ikke inn i åpninger som er åpne, fordi
usynlig stråling kan emiteres fra portens åpning når det ikke er tilkoblet en fiberkabel.
¡Atención! Debido a que la apertura del puerto puede emitir radiación invisible cuando
no existe un cable de fibra conectado, evite mirar directamente a las aperturas para no
exponerse a la radiación.
Varning! Osynlig strålning kan avges från en portöppning utan ansluten fiberkabel och
du bör därför undvika att bli utsatt för strålning genom att inte stirra in i oskyddade
öppningar.
Battery-Handling Warning
WARNING: Replacing the battery incorrectly might result in an explosion. Replace the
battery only with the same or equivalent type recommended by the manufacturer.
Dispose of used batteries according to the manufacturer's instructions.
Waarschuwing Er is ontploffingsgevaar als de batterij verkeerd vervangen wordt.
Vervang de batterij slechts met hetzelfde of een equivalent type dat door de fabrikant
81
Varoitus Räjähdyksen vaara, jos akku on vaihdettu väärään akkuun. Käytä vaihtamiseen
ainoastaan saman- tai vastaavantyyppistä akkua, joka on valmistajan suosittelema.
Hävitä käytetyt akut valmistajan ohjeiden mukaan.
Warnung Bei Einsetzen einer falschen Batterie besteht Explosionsgefahr. Ersetzen Sie
die Batterie nur durch den gleichen oder vom Hersteller empfohlenen Batterietyp.
Entsorgen Sie die benutzten Batterien nach den Anweisungen des Herstellers.
Advarsel Det kan være fare for eksplosjon hvis batteriet skiftes på feil måte. Skift kun
med samme eller tilsvarende type som er anbefalt av produsenten. Kasser brukte
batterier i henhold til produsentens instruksjoner.
Varning! Explosionsfara vid felaktigt batteribyte. Ersätt endast batteriet med samma
batterityp som rekommenderas av tillverkaren eller motsvarande. Följ tillverkarens
anvisningar vid kassering av använda batterier.
RELATED DOCUMENTATION
WARNING: Do not work on the system or connect or disconnect cables during periods
of lightning activity.
Waarschuwing Tijdens onweer dat gepaard gaat met bliksem, dient u niet aan het
systeem te werken of kabels aan te sluiten of te ontkoppelen.
Varoitus Älä työskentele järjestelmän parissa äläkä yhdistä tai irrota kaapeleita
ukkosilmalla.
Attention Ne pas travailler sur le système ni brancher ou débrancher les câbles pendant
un orage.
Warnung Arbeiten Sie nicht am System und schließen Sie keine Kabel an bzw. trennen
Sie keine ab, wenn es gewittert.
Avvertenza Non lavorare sul sistema o collegare oppure scollegare i cavi durante un
temporale con fulmini.
Advarsel Utfør aldri arbeid på systemet, eller koble kabler til eller fra systemet når det
tordner eller lyner.
Aviso Não trabalhe no sistema ou ligue e desligue cabos durante períodos de mau
tempo (trovoada).
Varning! Vid åska skall du aldrig utföra arbete på systemet eller ansluta eller koppla loss
kablar.
RELATED DOCUMENTATION
Battery-Handling Warning | 80
Jewelry Removal Warning | 83
Operating Temperature Warning | 84
Product Disposal Warning | 86
83
Attention Avant d'accéder à cet équipement connecté aux lignes électriques, ôter tout
bijou (anneaux, colliers et montres compris). Lorsqu'ils sont branchés à l'alimentation et
reliés à la terre, les objets métalliques chauffent, ce qui peut provoquer des blessures
graves ou souder l'objet métallique aux bornes.
Warnung Vor der Arbeit an Geräten, die an das Netz angeschlossen sind, jeglichen
Schmuck (einschließlich Ringe, Ketten und Uhren) abnehmen. Metallgegenstände
erhitzen sich, wenn sie an das Netz und die Erde angeschlossen werden, und können
schwere Verbrennungen verursachen oder an die Anschlußklemmen angeschweißt
werden.
Advarsel Fjern alle smykker (inkludert ringer, halskjeder og klokker) før du skal arbeide
på utstyr som er koblet til kraftledninger. Metallgjenstander som er koblet til
kraftledninger og jord blir svært varme og kan forårsake alvorlige brannskader eller
smelte fast til polene.
Aviso Antes de trabalhar em equipamento que esteja ligado a linhas de corrente, retire
todas as jóias que estiver a usar (incluindo anéis, fios e relógios). Os objectos metálicos
84
Varning! Tag av alla smycken (inklusive ringar, halsband och armbandsur) innan du
arbetar på utrustning som är kopplad till kraftledningar. Metallobjekt hettas upp när de
kopplas ihop med ström och jord och kan förorsaka allvarliga brännskador; metallobjekt
kan också sammansvetsas med kontakterna.
RELATED DOCUMENTATION
Battery-Handling Warning | 80
Lightning Activity Warning | 82
Operating Temperature Warning | 84
Product Disposal Warning | 86
Attention Pour éviter toute surchauffe des routeurs de la gamme Juniper Networks
services gateway, ne l'utilisez pas dans une zone où la température ambiante est
supérieure à 40οC. Pour permettre un flot d'air constant, dégagez un espace d'au moins
15,2 cm autour des ouvertures de ventilations.
Varning! Förhindra att en Juniper Networks services gateway överhettas genom att inte
använda den i ett område där den maximalt rekommenderade omgivningstemperaturen
på 40οC överskrids. Förhindra att luftcirkulationen inskränks genom att se till att det
finns fritt utrymme på minst 15,2 cm omkring ventilationsöppningarna.
WARNING: Power off the device before installing or removing components. Check the
device temperature before touching the device.
86
RELATED DOCUMENTATION
Battery-Handling Warning | 80
Lightning Activity Warning | 82
Jewelry Removal Warning | 83
Product Disposal Warning | 86
WARNING: Disposal of this product must be handled according to all national laws and
regulations.
Waarschuwing Dit produkt dient volgens alle landelijke wetten en voorschriften te
worden afgedankt.
Warnung Dieses Produkt muß den geltenden Gesetzen und Vorschriften entsprechend
entsorgt werden.
Advarsel Endelig disponering av dette produktet må skje i henhold til nasjonale lover og
forskrifter.
Aviso A descartagem final deste produto deverá ser efectuada de acordo com os
regulamentos e a legislação nacional.
¡Atención! El desecho final de este producto debe realizarse según todas las leyes y
regulaciones nacionales
Varning! Slutlig kassering av denna produkt bör skötas i enlighet med landets alla lagar
och föreskrifter.
87
RELATED DOCUMENTATION
Battery-Handling Warning | 80
Lightning Activity Warning | 82
Jewelry Removal Warning | 83
Operating Temperature Warning | 84
If an electrical accident results in an injury, take the following actions in this order:
1. Use caution. Be aware of potentially hazardous conditions that could cause further injury.
3. If possible, send another person to get medical aid. Otherwise, assess the condition of the victim, and
then call for help.
• Install the services gateway in compliance with the following local, national, or international electrical
codes:
• United States—National Fire Protection Association (NFPA 70), United States National Electrical
Code
• Locate the emergency power-off switch for the room in which you are working so that if an electrical
accident occurs, you can quickly turn off the power.
• Do not work alone if potentially hazardous conditions exist anywhere in your workspace.
• Never assume that power is disconnected from a circuit. Always check the circuit before starting to
work.
88
• Carefully look for possible hazards in your work area, such as moist floors, ungrounded power
extension cords, and missing safety grounds.
• Operate the services gateway within marked electrical ratings and product usage instructions.
• For the services gateway and peripheral equipment to function safely and correctly, use the cables
and connectors specified for the attached peripheral equipment, and make certain they are in good
condition.
RELATED DOCUMENTATION
IN THIS SECTION
IN THIS SECTION
• Safety
• IEC 60950-1 (2005 +A1:2009) Information Technology Equipment - Safety (All country
deviations): CB Scheme report
• EN 60825-1 (2007) Safety of Laser Products - Part 1: Equipment classification and requirements
• EMC
• CISPR 32:2012
• EMI
• Immunity
• Environmental
• Telco
SEE ALSO
IN THIS SECTION
Canada | 91
European Community | 91
Israel | 91
Japan | 91
United States | 91
91
Canada
European Community
This is a Class A product. In a domestic environment this product may cause radio interference in which
case the user may be required to take adequate measures.
Israel
This product is Class A. In residential environments, the product may cause radio interference, and in
such a situation, the user may be required to take adequate measures.
Japan
This is a Class A product. In a domestic environment this product may cause radio interference in which
case the user may be required to take adequate measures.
VCCI-A
United States
The services gateway has been tested and found to comply with the limits for a Class A digital device of
the FCC Rules. These limits are designed to provide reasonable protection against harmful interference
92
when the equipment is operated in a commercial environment. This equipment generates, uses, and can
radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference in which case the user will be required to correct the
interference at his own expense.