SRX 5600 和SRX 5800 服务网关 Flex IOC 和端口模块 安装说明

常用SRX配置命令目录1.1 配置管理用户 (2)1.2 配置系统管理服务 (2)1.3 配置接口地址 (2)1.4 配置冗余接口 (2)1.5 配置zone或接口是否可以管理防火墙设备 (2)1.6 增加路由 (3)1.7 删除路由 (3)1.8 修改路由 (3)1.9 增加策略 (4)1.10 删除策略 (5)1.11 修改策略 (5)1.12 静态NAT (5)1.13 源NAT (6)1.14 目的NAT (6)1.15 查看HA状态 (7)1.16 主备切换 (7)1.17 常用维护命令 (9)1.18 3、debug (18)1.19 故障需收集的基本信息 (18)注意：配置命令都在“#”模式下进行，通过用户名和密码登陆设备时在“>”模式下，需要配置“config 回车”，进入“#”模式注意：红色部分是可以修改的，其他部分都是使用？可以看到，使用tab键可以补全的基础配置1.1 配置管理用户配置比如配置lab用户set system login user lab class super-userset system login user lab authentication plain-text-password###回车后需要两次输入密码1.2 配置系统管理服务配置ssh、telnet、http、https登陆设备set system services sshset system services telnetset system services web-management http interface ge-0/0/0.0（可以进行的管理接口）set system services web-management http interface allset system services web-management https system-generated-certificateset system services web-management https interface all1.3 配置接口地址reth接口是防火墙HA后的冗余接口，这个接口包含配置在主设备和备设备的两条链路set interfaces ge-0/0/0 unit 0 family inet address 10.1.10.1/24set interfaces reth5 unit 0 family inet address 1.1.70.5/241.4 配置冗余接口把主设备的g-0/0/6接口，备设备的ge-9/0/6接口（物理接口位置与主设备相同）捆绑到冗余接口reth5中set interface ge-0/0/6 gigether-options redundant-parent reth5set interface ge-9/0/6 gigether-options redundant-parent reth5set interface reth5 redundant-ether-options redundancy-group 11.5 配置zone或接口是否可以管理防火墙设备A、配置zone trust，并且可以管理防火墙，分配接口ge-0/0/0.0接口到trust区域set security zones security-zone trust host-inbound-traffic system-services allset security zones security-zone trust interfaces ge-0/0/0.0B、配置zone untrust可以管理防火墙，但其中的ge-0/0/8.0只能用telnet和http管理，其他的不允许：set security zones security-zone untrust interfaces ge-0/0/8.0 host-inbound-trafficsystem-services httpsset security zones security-zone untrust interfaces ge-0/0/8.0 host-inbound-trafficsystem-services ssh路由配置1.6 增加路由A、配置静态路由，目标地址段是61.189.2.0/24 下一跳地址2.1.1.1set routing-options static route 61.189.2.0/24 next-hop 2.1.1.1B、缺省路由下一跳地址是2.1.1.1set routing-options static route 0.0.0.0/0 next-hop 2.1.1.1C、OSPF路由，ge-0/0/3.0接口在area 0中set protocols ospf area 0 interface ge-0/0/3.01.7 删除路由A、删除静态路由delete routing-options static route 61.189.2.0/24 next-hop 2.1.1.1B、删除缺省路由delete routing-options static route 0.0.0.0/0 next-hop 2.1.1.1C、删除OSPF路由delete protocols ospf area 0 interface ge-0/0/3.01.8 修改路由修改61.189.2.0/24的下一跳为3.1.1.1delete routing-options static route 61.189.2.0/24 next-hop 2.1.1.1set routing-options static route 61.189.2.0/24 next-hop 3.1.1.1策略配置A、从trust区域到untrust区域全部允许set security policies from-zone trust to-zone untrust policy trust2un match source-address anyset security policies from-zone trust to-zone untrust policy trust2un matchdestination-address anyset security policies from-zone trust to-zone untrust policy trust2un match application any set security policies from-zone trust to-zone untrust policy trust2un then permitB、从trust访问untrust的部分网段192.168.1.0/24的http，ftp服务定义untrust区域地址池，地址池名字192.168.1.0/24，地址192.168.1.0/24set security zones security-zone untrust address-book address 192.168.1.0/24192.168.1.0/24set security policies from-zone trust to-zone untrust policy trust2un match source-address anyset security policies from-zone trust to-zone untrust policy trust2un matchdestination-address 192.168.1.0/24set security policies from-zone trust to-zone untrust policy trust2un match application junos-httpset security policies from-zone trust to-zone untrust policy trust2un match application junos-ftpset security policies from-zone trust to-zone untrust policy trust2un then permitC、从trust访问untrust的部分网段192.168.1.0/24的自定义服务TCP 3389端口定义untrust区域地址池，地址池名字192.168.1.0/24，地址192.168.1.0/24set security zones security-zone untrust address-book address 192.168.1.0/24192.168.1.0/24定义tcp 3389服务，定义服务名称TCP3389set applications application TCP3389 protocol tcp destination-port 3389set security policies from-zone trust to-zone untrust policy trust2un match source-address anyset security policies from-zone trust to-zone untrust policy trust2un matchdestination-address 192.168.1.0/24set security policies from-zone trust to-zone untrust policy trust2un match application TCP3389set security policies from-zone trust to-zone untrust policy trust2un then permitdelete security policies from-zone trust to-zone untrust policy trust2un1.11 修改策略A、增加目的地址set security zones security-zone untrust address-book address 192.168.2.0/24192.168.2.0/24set security policies from-zone trust to-zone untrust policy trust2un match destination-address 192.168.2.0/24B、增加443端口应用set applications application TCP443 protocol tcp destination-port 443set security policies from-zone trust to-zone untrust policy trust2un match application TCP443C、去掉443端口应用delete security policies from-zone trust to-zone untrust policy trust2un match application TCP443NAT部分1.12 静态NAT外网untrust区域2.1.1.11与内网的trust区域192.168.20.1做静态NAT。

移动联通网络知识考试：诺西BTS设备基维护知识（题库版）1、单选诺西UltraSite基站的M6xx单元若用于GSM900，则称为：（）A、M6DxB、M6GxC、M6HxD、M6Lx正确答案：D2、填空题（江南博哥）诺西的FlexiEDGEBTS中，TRXloop位于（）模块和（）模块中。

正确答案：ERxA；ECxA3、单选诺西的e-MicroBTS主机柜单元的最小配置为（）个。

A、1B、2C、3D、4正确答案：B4、问答题简单解释什么是诺西BTSplus基站的自动恢复及其要求。

正确答案：自动恢复指在更换故障模块后，BTSE模块不需要额外的命令操作（通过LMT或OMC而自动恢复。

自动恢复过程让客户的更换模块过程不需要操作人员进行额外测试，只要模块恢复过程中没有错误，设备功能就可自动恢复。

自动恢复功能的触发基本要求是重新上电时，相关BTSE模块的操作状态是Disabled，管理状态是Unlocked，并且模块可用状态是Failed。

5、单选诺西UltraSite基站中的供电单元PWSB使用的输入电压为（）。

A、24VDCB、48VDCC、180VACD、230VAC正确答案：B6、单选诺西UltraSite基站的M2xx单元的典型插入损耗为：（）A、3dBB、6dBC、9dBD、12dB正确答案：C7、填空题诺西的FlexiEDGEBTS的系统扩展模块ESEA提供（）个PWR口和（）个BUS口。

正确答案：6；128、单选如果诺西UltraSite基站的TSxx单元前面板上的LED显示为黄色长亮，则表示TSxx：（）A、未提供服务B、服务中，发射机关C、服务中，发射机开D、故障正确答案：B9、问答题列举诺西基站7606告警的主要触发原因。

正确答案：（1）天馈系统问题引起由于天馈驻波比过高或载波本身问题造成（2）硬件及数据配置问题由于硬件连接问题、载波本身故障或BSC数据问题造成10、填空题诺西BS24x/BS4x基站载频单元功率控制分为（）级静态功率控制（每级2dB）和另外（）级动态功率控制（每级2dB）。

SRX安全网关操作手册神州数码（中国）有限公司二零一零年六月目录1.总体概述 (66)1.1. 文档术语 (66)2.SRX基本操作 (77)2.1. 通过Console线缆连接路由器 (77)2.2. 设备关闭 (88)2.3. 设备重启 (99)2.4. JUNOS升级 (99)2.5. 密码恢复 (1010)3.SRX基本管理配置介绍 (1010)3.1. JUNOS CLI (1010)4.SRX开机配置过程 (1212)4.1. SRX硬件设备简介 (1212)4.1.1 SRX 240面板图 (1212)4.1.2 SRX 210面板图 (1313)4.1.3 SRX 100面板图 (1313)4.2. SRX安装流程 (1313)4.3. 开始配置 (1313)4.3.1 开机登录 (1414)4.3.2 清空默认配置 (1414)4.3.3 从所有配置清空后开始配置 (1515)5.常用故障诊断命令 (1717)查看端口状态 (1717)查看路由表 (1717)查看OSPF邻居关系 (1717)Ping (1717)Traceroute (1818)监控接口流量 (1818)监控RE CPU利用率 (1919)监控并发会话数 (1919)冷却系统故障检查 (1919)机箱硬件组件故障检查 (1919)6. 设备日常维护 (2020)日常维护步骤 (2020)配置文件查看 (2020)配置文件提交 (2020)7.SRX常用功能及典型配置 (2121)7.1 SRX常用功能配置 (2121)7.2 SRX一个典型配置 .................... 错误!未定义书签。

错误!未定义书签。

6.硬件返修及CASE信息........................ 错误!未定义书签。

错误!未定义书签。

一般性免责说明：神州数码（中国）有限公司力求确保《Juniper SRX防火墙快速安装手册》中信息的准确性，但不对信息的准确性承担任何责任。

Juniper SRX防火墙简明配置手册目录一、JUNOS操作系统介绍 (3)1.1 层次化配置结构 (3)1.2 JunOS配置管理 (4)1.3 SRX主要配置内容 (4)二、SRX防火墙配置说明 (5)2.1 初始安装 (5)2.1.1 登陆 (5)2.1.2 设置root用户口令 (9)2.1.3 JSRP初始化配置 (9)2.1.4 设置远程登陆管理用户 (14)2.1.5 远程管理SRX相关配置 (15)2.1.6 ZONE及相关接口的配置 (15)2.2 Policy (16)2.3 NAT (17)2.3.1 Interface based NAT (18)2.3.2 Pool based Source NAT (18)2.3.3 Pool base destination NAT (19)2.3.4 Pool base Static NAT (20)2.4 IPSEC VPN (21)2.5 Application and ALG (22)三、SRX防火墙常规操作与维护 (22)3.1 单机设备关机 (22)3.2单机设备重启 (23)3.3单机操作系统升级 (23)3.4双机模式下主备SRX关机 (23)3.5双机模式下主备设备重启 (24)3.6双机模式下操作系统升级 (24)3.7双机转发平面主备切换及切换后恢复 (25)3.8双机控制平面主备切换及切换后恢复 (25)3.9双机模式下更换备SRX (25)3.10双机模式下更换主SRX (26)3.11双机模式更换电源 (27)3.12双机模式更换故障板卡 (27)3.13配置备份及还原方法 (27)3.14密码修改方法 (28)3.15磁盘文件清理方法 (28)3.16密码恢复 (28)3.17常用监控维护命令 (29)四、SRX防火墙介绍 (31)Juniper SRX防火墙简明配置手册SRX系列防火墙是Juniper公司基于JUNOS操作系统的安全系列产品，JUNOS集成了路由、交换、安全性和一系列丰富的网络服务。

Juniper SRX系列防火墙配置管理手册目录一、JUNOS操作系统介绍 (3)层次化配置结构 (3)JunOS配置管理 (4)SRX主要配置内容 (4)二、SRX防火墙配置操作举例说明 (5)初始安装 (5)设备登陆 (5)设备恢复出厂介绍 (5)设置root用户口令 (5)设置远程登陆管理用户 (6)远程管理SRX相关配置 (6)配置操作实验拓扑 (7)策略相关配置说明 (7)策略地址对象定义 (8)策略服务对象定义 (8)策略时间调度对象定义 (8)添加策略配置举例 (9)策略删除 (10)调整策略顺序 (10)策略失效与激活 (10)地址转换 (10)Interface based NAT 基于接口的源地址转换 (11)Pool based Source NAT基于地址池的源地址转换 (12)Pool base destination NAT基于地址池的目标地址转换 (12)Pool base Static NAT基于地址池的静态地址转换 (13)路由协议配置 (14)静态路由配置 (14)OSPF配置 (15)交换机Firewall限制功能 (22)限制IP地 (22)限制MAC地址 (22)三、SRX防火墙常规操作与维护 (23)设备关机 (23)设备重启 (23)操作系统升级 (24)密码恢复 (24)常用监控维护命令 (25)Juniper SRX Branch系列防火墙配置管理手册说明SRX系列防火墙是Juniper公司基于JUNOS操作系统的安全系列产品，JUNOS集成了路由、交换、安全性和一系列丰富的网络服务。

目前Juniper公司的全系列路由器产品、交换机产品和SRX安全产品均采用统一源代码的JUNOS操作系统，JUNOS是全球首款将转发与控制功能相隔离，并采用模块化软件架构的网络操作系统。

JUNOS作为电信级产品的精髓是Juniper真正成功的基石，它让企业级产品同样具有电信级的不间断运营特性，更好的安全性和管理特性，JUNOS软件创新的分布式架构为高性能、高可用、高可扩展的网络奠定了基础。

下扩展并增长网络基础架构能力，不受安全解决方案的束缚。

SRX3000产品系列的灵活性不仅限于动态服务架构的创新成果和公认优势。

SRX3000产品系列采用“中置背板”(mid-plane) 设计，用户可以同时在前后端安装SPC，从而获得市场领先的灵活性和可扩展性。

SRX3000产品系列在一半的机柜空间中支持两倍的SPC，不仅提供基本的架构创新，而且还采用创新的物理设计。

SRX系列业务网关通过瞻博网络Junos® 软件支持特性集成。

通过将Junos软件的路由特性与ScreenOS® 软件的安全优势结合在一起，SRX系列业务网关提供了一组强大的功能，包括防火墙、IPsec VPN、入侵防御系统 (IPS)、拒绝服务攻击 (DoS) 防御、网络地址转换 (NAT) 和服务质量 (QoS) 保证等。

除此之外，将全部功能结合在单一OS框架中，还大幅度优化了流量在业务网关中的处理流程。

安装Junos软件使SRX系列产品与瞻博网络电信运营商级路由器和交换机一样，获得了单源OS、一致的版本演进和一致性架构的优势。

SRX3600SRX3600业务网关是市场领先的安全解决方案，最多支持30 Gbps的防火墙吞吐量、10 Gbps的防火墙和IPS吞吐量，或者10 Gbps的IPsec VPN吞吐量以及每秒最多17.5万条新建连接。

SRX3600配置了全套安全特性，最适合保护大中型企业数据中心、托管数据中心/共置数据中心或下一代企业服务/应用的安全性。

此外，SRX3600还能同时保护电信运营商云计算基础架构的安全性，该架构需满足多重租赁的需求。

这个业务网关支持高可扩展性和灵活性，不仅能够轻松满足高密度数据中心对传统安全设备的整合要求，还能满足云计算服务供应商的服务密度要求。

SRX3600业务网关由瞻博网络Network and Security Manager软件负责管理，使用单一应用来管理所有瞻博网络防火墙、IPS、SSL、瞻博网络统一接入控制 (UAC) 和EX系列以太网交换机产品。

UNIS R5900万兆综合业务网关硬件描述紫光恒越技术有限公司资料版本：6W100-20210310Copyright © 2021 紫光恒越技术有限公司及其许可者版权所有，保留一切权利。

未经本公司书面许可，任何单位和个人不得擅自摘抄、复制本书内容的部分或全部，并不得以任何形式传播。

UNIS为紫光恒越技术有限公司的商标。

对于本手册中出现的其它公司的商标、产品标识及商品名称，由各自权利人拥有。

由于产品版本升级或其他原因，本手册内容有可能变更。

紫光恒越保留在没有任何通知或者提示的情况下对本手册的内容进行修改的权利。

本手册仅作为使用指导，紫光恒越尽全力在本手册中提供准确的信息，但是紫光恒越并不确保手册内容完全没有错误，本手册中的所有陈述、信息和建议也不构成任何明示或暗示的担保。

环境保护本产品符合关于环境保护方面的设计要求，产品的存放、使用和弃置应遵照相关国家法律、法规要求进行。

前言《UNIS R5900万兆综合业务网关硬件描述》主要介绍了设备以及各可插拔模块的外观及规格、产品指示灯以及槽位及接口编号等内容。

前言部分包含如下内容：•读者对象•本书约定•产品配套资料•资料意见反馈读者对象本手册主要适用于如下工程师：•网络规划人员•现场技术支持与维护人员•负责网络配置和维护的网络管理员本书约定1. 命令行格式约定格式意义粗体命令行关键字（命令中保持不变、必须照输的部分）采用加粗字体表示。

斜体命令行参数（命令中必须由实际值进行替代的部分）采用斜体表示。

[ ] 表示用“[ ]”括起来的部分在命令配置时是可选的。

{ x | y | ... }表示从多个选项中仅选取一个。

[ x | y | ... ]表示从多个选项中选取一个或者不选。

{ x | y | ... } *表示从多个选项中至少选取一个。

[ x | y | ... ] *表示从多个选项中选取一个、多个或者不选。

&<1-n>表示符号&前面的参数可以重复输入1～n次。

Juniper SRX防火墙简明配置手册Juniper Networks, Inc.北京市东城区东长安街1号东方经贸城西三办公室15层1508室邮编:100738电话:65288800目录一、JUNOS操作系统介绍 (3)1.1 层次化配置结构 (3)1.2 JunOS配置管理 (3)1.3 SRX主要配置内容 (4)二、SRX防火墙配置对照说明 (5)2.1 初始安装 (5)2.1.1 登陆 (5)2.1.2 设置root用户口令 (5)2.1.3 设置远程登陆管理用户 (5)2.1.4 远程管理SRX相关配置 (6)2.2 Policy (6)2.3 NAT (6)2.3.1 Interface based NAT............................................................. 错误！未定义书签。

2.3.2 Pool based Source NAT......................................................... 错误！未定义书签。

2.3.3 Pool base destination NAT................................................. 错误！未定义书签。

2.3.4 Pool base Static NAT (7)2.4 IPSEC VPN (7)2.5 Application and ALG (8)2.6 JSRP ........................................................................................................ 错误！未定义书签。

三、SRX防火墙常规操作与维护 (9)3.1 设备关机 (9)3.2 设备重启 (9)3.3 操作系统升级 (10)3.4 密码恢复 (10)3.5 常用监控维护命令 (11)Juniper SRX防火墙简明配置手册SRX系列防火墙是Juniper公司基于JUNOS操作系统的安全系列产品，JUNOS集成了路由、交换、安全性和一系列丰富的网络服务。

移动联通网络知识考试：诺西BTS设备基维护知识1、多选射频单元主要由如下硬件组成：（）A、TSxx：载频射频单元B、M2/6xA：接收多路耦合器单元C、WCxA：宽带合路器单元D、DVxA：双工滤波（江南博哥）器单元E、RTC：远程调谐合路单元正确答案：A, B, C, D, E2、单选诺西UltraSite基站中的1个BB2x单元可为（）个TSxx单元提供服务？A、1B、2C、3D、4正确答案：B3、多选诺西Pico基站的远程载频单元—“代理”的组成部分有：（）A、一个带合成器，低功率放大器和发射滤波器，低噪声放大器和接收滤波器的模拟接收和发射部分B、信号处理单元C、电源D、CCLink转换器正确答案：A, B, C, D4、单选诺西PicoBTS的每个服务器都必须安装机柜COBA。

如果多于（）个载波，则辅助核心模块COSA需要另外安装。

A、6B、8C、10D、12正确答案：B5、多选诺西Pico基站服务器和代理之间的最大距离取决于：（）A、电线的直径B、接口的类型C、使用电线的数目D、电压的范围正确答案：A, C6、填空题诺西的FlexiEDGEBTS中，双工滤波功能可由（）模块或（）模块实现。

正确答案：ERxA；ECxA7、多选诺西UltraSite基站的TSxx单元后面板上可提供以下接口：（）A、X1B、X6C、X7D、X100正确答案：B, C, D8、多选FlexiEDGEBTS包含以下哪些高度单元的模块？（）A、1HUB、2HUC、3HUD、4HU正确答案：A, B, C, D9、单选诺西PicoBTS的一块CCINT的故障会导致与之相连接的几个代理无法正常运行？（）A、2B、3C、4D、5正确答案：C10、多选对于诺西Pico基站，为了减少外置天馈线的数目，有以下合路器可以使用：（）A、放置于代理后面板上的双工器B、放置于代理前面板上的双工器C、为单个载频而设的远程外置工分器D、为一起使用内置双工器的两个载频而设的远程外置工分器正确答案：B, D11、单选诺西FlexiEDGEBTS的7606是一个（）告警。

DATASHEETProduct DescriptionThe Juniper Networks ® SRX5600 and SRX5800 Services Gateways are next-generation security platforms based on a revolutionary new architecture that provides market-leading performance, scalability, and service integration. These devices are ideally suited for service provider, large enterprise and public sector networks including:• Cloud and hosting provider data centers • Securing mobile operator environments • Managed service providers• Securing core service provider infrastructure • Large enterprise data centers• Aggregation of departmental and segmented security solutionsBased on Juniper’s dynamic services architecture, the SRX5000 line provides unrivaled scalability and performance. Each services gateway can support near linear scalability, with the addition of services processing cards (SPC) enabling a fully equipped SRX5800 to support more than 120 Gbps firewall throughput. The SPCs are designed to support a wide range of services enabling future support of new capabilities without the need for service-specific hardware. Using SPCs on all services ensures that there are no idle resources based on specific services being used—maximizing hardware utilization. The scalability and flexibility of the SRX5000 line is supported by equally robust interfaces. The SRX5000 line employs a modular approach to interfaces where each platform can be equipped with a flexible number of input/output cards (IOCs). With the IOCs sharing the same interface slot as the SPCs, the gateway can be configured as needed to support the ideal balance of processing and I/O. Hence, each deployment of the SRX Series can be tailored to specific network requirements. With this flexibility, the SRX5800 can be configured to support more than 400 Gigabit Ethernet ports or 88 10-Gigabit Ethernet ports.The scalability of both SPCs and IOCs in the SRX5000 line is enabled by the custom designed switch fabric. Supporting up to 960 Gbps of data transfer, the fabric enables realization of maximum processing and I/O capability available in any particular configuration. This level of scalability and flexibility facilitates future expansion and growth of the network infrastructure, providing unrivaled investment protection.Product OverviewJuniper Networks SRX5000 line of services gateways is the next-generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions. Incorporating the routing heritage and service provider reliability of Junos OS with the rich security heritage of ScreenOS, service provider reliability, and ScreenOS security heritage, the SRX Series also offers the high feature/service integration necessary to secure modern network infrastructure and applications.SRX5600 ANDGA TEWAYSThe tight service integration on the SRX Series is enabledby Juniper Networks Junos® operating system. By combiningthe routing heritage of Junos OS and the security heritage of ScreenOS®, the SRX Series is equipped with a robust list of services that include firewall, intrusion prevention system (IPS), denial of service (DoS), application security, Network Address Translation (NAT), and quality of service (QoS). In addition tothe benefit of individual services, incorporating multiple security and networking services within one OS greatly optimizes the flow of traffic through the platform. Network traffic no longer needsto be routed across multiple data paths/cards or even disparate operating systems within a single gateway.Junos OS also delivers carrier-class reliability to the already redundant SRX Series. The SRX Series enjoys the benefit ofa single source OS, single release train, and single integrated architecture traditionally available on Juniper’s carrier-class routers and switches. The SRX Series is managed by Juniper Networks Network and Security Manager (NSM), the single application used to manage all Juniper Networks firewall, IPS, Secure Sockets Layer (SSL), Juniper Networks Unified Access Control (UAC), and EX Series products.SRX5800The SRX5800 Services Gateway is the market-leading security solution supporting more than 120 Gbps firewall, 30 Gbps IPS and 350,000 connections per second. Equipped with the full range of security services, SRX5800 is ideally suited for securing large enterprise, hosted or co-located data centers, secure service provider, and cloud provider infrastructures, and mobile operator environments. The massive performance, scalability and flexibility of the SRX5800 makes it ideal for densely consolidated processing environments, and the service density makes it ideal for cloud and managed service providers.SRX5600The SRX5600 Services Gateway uses the same SPCs and IOCsas the SRX5800 and can support up to 60 Gbps firewall and 15 Gbps IPS. The SRX5600 is ideally suited for securing enterprise data centers as well as aggregation of various security solutions. The capability to support unique security policies per zones andits ability to scale with the growth of the network infrastructure makes the SRX5600 an ideal deployment for consolidation of services in large enterprise, service provider or mobile operator environments.Service Processing CardsAs the “brains” behind the SRX5000 line, SPCs are designedto process all available services on the platform. Without the need for dedicated hardware for specific services or capabilities, there are no instances in which a piece of hardware is taxed tothe limit while other hardware is sitting idle. SPCs are designedto be pooled together, allowing the SRX5000 line to expand performance and capacities with the introduction of additional SPCs, drastically reducing management overhead and complexity. The same SPCs are supported on both SRX5600 and SRX5800 Services Gateways.Input Output CardsTo provide the most flexible solution, the SRX5000 line employ the same modular architecture for SPCs and IOCs. The SRX5000 line can be equipped with one or several IOCs, supporting the ideal mix of interfaces (either Gigabit Ethernet or 10-Gigabit Ethernet). With the flexibility to install an IOC or an SPC on any available slot, the SRX5000 line can be equipped to support the perfect blend of interfaces and processing capabilities to meet the needs of the most demanding environments.Features and BenefitsNetworking and SecurityJuniper Networks SRX5000 line has been designed from the ground up to offer robust networking and security services.Traffic Inspection MethodsJuniper Networks SRX Series Services Gateways support various detection methods to accurately identify the application and traffic flow through the network.AppSecureJuniper Networks AppSecure is a suite of next-generation security capabilities that utilize advanced application identification and classification to deliver greater visibility, enforcement, control and protection over the network.AppSecure (continued)IPS CapabilitiesJuniper Networks IPS capabilities offer several unique features that assure the highest level of network security.Centralized ManagementJuniper Networks SRX Series Services Gateways are managed by NSM, the common management solution for all Juniper Networks firewall, IDP Series, SA Series SSL VPN, UAC, and EX Series products.As of May 2010, there are 6,200 signatures with approximately 10 new signatures added every week. Subscription to signature update service is required to receive new signatures.* AppFW is targeted for 1H2011** AppQoS is targeted for 2H2011SRX5600 SERVICES GATEWAYSRX5800 SERVICES GATEWAY SpecificationsMaximum Performance and Capacity2T ested configuration to achieve performance, capacities and features listed below:SRX5600 chassis equipped with four (4) SPCs and two (2) IOCsSRX5800 chassis equipped with eight (8) SPCs and four (4) IOCsPerformance, capacity and features listed are based on systems runninng Junos OS 10.2 and are measured under ideal testing conditions. Actual results may vary based on Junos OS releases and by deployments.* SRX5000 line of gateways operating with Junos OS release 10.0 and later are compliant with the R6, R7, and R8 releases of 3GPP TS 20.060 with the following exceptions(not supported on the SRX5000 line):- Section 7.5A Multimedia Broadcast and Multicast Services (MBMS) messages- Section 7,5B Mobile Station (MS) info change messages- Section 7.3.12 Initiate secondary PDP context from GGSNJuniper Networks Services and SupportJuniper Networks is the leader in performance-enabling services and support, which are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can realize bigger productivity gains and faster rollouts of new business models and ventures. At the same time, Juniper Networks ensures operational excellence by optimizing your network to maintain required levels of performance, reliability, and availability. For more details, please visit /us/en/products-services/.Ordering InformationSRX5600BASE-AC AC SRX5600 chassis, includes RE, SCB, 2 ACIPS SubscriptionSRX5K-IDP One year IPS signature subscription About Juniper NetworksJuniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance networkinfrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at .Notes11121000254-009-EN Aug 2010Copyright 2010 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, andScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 EMEA Sales: 00800.4586.4737 Fax: 35.31.8903.601APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King’s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803Corporate and Sales HeadquartersJuniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, CA 94089 USAPhone: 888.JUNIPER (888.586.4737)or 408.745.2000Fax: 408.745.2100 To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller.Printed on recycled paper。

SRX5600Services Gateway 硬體指南Juniper Networks,Inc.1194North Mathilda Avenue Sunnyvale,California94089USA408-745-2000產品編號:000000,修訂本01This product includes the Envoy SNMP Engine,developed by Epilogue Technology,an Integrated Systems Company.Copyright©1986-1997, Epilogue Technology Corporation.All rights reserved.This program and its documentation were developed at private expense,and no part of them is in the public domain.This product includes memory allocation software developed by Mark Moraes,copyright©1988,1989,1993,University of Toronto.This product includes FreeBSD software developed by the University of California,Berkeley,and its contributors.All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California.Copyright ©1979,1980,1983,1986,1988,1989,1991,1992,1993,1994.The Regents of the University of California.All rights reserved.GateD software copyright©1995,the Regents of the University.All rights reserved.Gate Daemon was originated and developed through release 3.0by Cornell University and its collaborators.Gated is based on Kirton’s EGP,UC Berkeley’s routing daemon(routed),and DCN’s HELLO routing protocol.Development of Gated has been supported in part by the National Science Foundation.Portions of the GateD software copyright©1988,Regents of the University of California.All rights reserved.Portions of the GateD software copyright©1991, D.L.S.Associates.This product includes software developed by Maker Communications,Inc.,copyright©1996,1997,Maker Communications,Inc.Juniper Networks,the Juniper Networks logo,JUNOS,NetScreen,ScreenOS,and Steel-Belted Radius are registered trademarks of Juniper Networks,Inc.in the United States and other countries.JUNOSe is a trademark of Juniper Networks,Inc.All other trademarks,service marks,registered trademarks,or registered service marks are the property of their respective owners.Juniper Networks assumes no responsibility for any inaccuracies in this document.Juniper Networks reserves the right to change,modify, transfer,or otherwise revise this publication without notice.Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks:U.S.Patent Nos.5,473,599,5,905,725,5,909,440,6,192,051,6,333,650,6,359,479,6,406,312,6,429,706,6,459,579,6,493,347,6,538,518,6,538,899,6,552,918,6,567,902,6,578,186,and6,590,785.SRX5600Services Gateway Hardware GuideCopyright©2008,Juniper Networks,Inc.All rights reserved.Printed in USA.修訂歷程March2009—Revision01Initial release.The information in this document is current as of the date listed in the revision history.2000年通告Juniper Networks hardware and software products are Year2000compliant.The JUNOS software has no known time-related limitations through the year2038.However,the NTP application is known to have some difficulty in the year2036.ii■END USER LICENSE AGREEMENTREAD THIS END USER LICENSE AGREEMENT(“AGREEMENT”)BEFORE DOWNLOADING,INSTALLING,OR USING THE SOFTWARE.BY DOWNLOADING,INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN,YOU(AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER,AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER)CONSENT TO BE BOUND BY THIS AGREEMENT.IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN,THEN(A)DO NOT DOWNLOAD,INSTALL,OR USE THE SOFTWARE,AND(B)YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS.1.The Parties.The parties to this Agreement are(i)Juniper Networks,Inc.(if the Customer’s principal office is located in the Americas)or Juniper Networks(Cayman)Limited(if the Customer’s principal office is located outside the Americas)(such applicable entity being referred to herein as“Juniper”),and(ii)the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s)for use of the Software(“Customer”)(collectively,the“Parties”).2.The Software.In this Agreement,“Software”means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller,or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller.“Software”also includes updates, upgrades and new releases of such software.“Embedded Software”means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates,upgrades,additions or replacements which are subsequently embedded in or loaded onto the equipment.3.License Grant.Subject to payment of the applicable fees and the limitations and restrictions set forth herein,Juniper grants to Customer a non-exclusive and non-transferable license,without right to sublicense,to use the Software,in executable form only,subject to the following use restrictions:a.Customer shall use Embedded Software solely as embedded in,and for execution on,Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller.b.Customer shall use the Software on a single hardware chassis having a single processing unit,or as many chassis or processing units for which Customer has paid the applicable license fees;provided,however,with respect to the Steel-Belted Radius or Odyssey Access Client software only,Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of e of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines(e.g., Solaris zones)requires multiple licenses,regardless of whether such computers or virtualizations are physically contained on a single chassis.c.Product purchase documents,paper or electronic user documentation,and/or the particular licenses purchased by Customer may specify limits to Customer’s use of the Software.Such limits may restrict use to a maximum number of seats,registered endpoints,concurrent users,sessions,calls,connections,subscribers,clusters,nodes,realms,devices,links,ports or transactions,or require the purchase of separate licenses to use particular features,functionalities,services,applications,operations,or capabilities,or provide throughput,performance,configuration,bandwidth,interface,processing,temporal,or geographical limits.In addition,such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software.Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.d.For any trial copy of the Software,Customer’s right to use the Software expires30days after download,installation or use of the Software.Customer may operate the Software after the30-day trial period only if Customer pays for a license to do so.Customer may not extend or create an additional trial period by re-installing the Software after the30-day trial period.e.The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise network.Specifically,service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services.The foregoing license is not transferable or assignable by Customer.No license is granted herein to any user who did not originally purchase the applicable license(s)for the Software from Juniper or an authorized Juniper reseller.e Prohibitions.Notwithstanding the foregoing,the license provided herein does not permit the Customer to,and Customer agrees not to and shall not:(a)modify,unbundle,reverse engineer,or create derivative works based on the Software;(b)make unauthorized copies of the Software(except as necessary for backup purposes);(c)rent,sell,transfer,or grant any rights in and to any copy of the Software,in any form,to any third party;(d)remove any proprietary notices,labels,or marks on or in any copy of the Software or any product in which the Software is embedded;(e)distribute any copy of the Software to any third party,including as may be embedded in Juniper equipment sold in the secondhand market;(f)use any‘locked’or key-restricted feature,function,service, application,operation,or capability without first purchasing the applicable license(s)and obtaining a valid key from Juniper,even if such feature,function,service,application,operation,or capability is enabled without a key;(g)distribute any key for the Software provided by Juniper to any third party;(h)use the Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller;(i)use Embedded Software on non-Juniper equipment;(j)use Embedded Software (or make it available for use)on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller;(k)disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper;or(l)use the Software in any manner other than as expressly provided herein.■iii5.Audit.Customer shall maintain accurate records as necessary to verify compliance with this Agreement.Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement.6.Confidentiality.The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper.As such,Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence,which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes.7.Ownership.Juniper and Juniper’s licensors,respectively,retain ownership of all right,title,and interest(including copyright) in and to the Software,associated documentation,and all copies of the Software.Nothing in this Agreement constitutes a transfer or conveyance of any right,title,or interest in the Software or associated documentation,or a sale of the Software,associated documentation,or copies of the Software.8.Warranty,Limitation of Liability,Disclaimer of Warranty.The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software(the“Warranty Statement”).Nothing in this Agreement shall give rise to any obligation to support the Software.Support services may be purchased separately.Any such support shall be governed by a separate,written support services agreement.TO THE MAXIMUM EXTENT PERMITTED BY LAW,JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS,LOSS OF DATA,OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES,OR FOR ANY SPECIAL,INDIRECT,OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE,OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE.IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE.EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW,JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE(WHETHER EXPRESS,IMPLIED,STATUTORY,OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,FITNESS FOR A PARTICULAR PURPOSE,OR NONINFRINGEMENT.IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE,OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE,WILL OPERATE WITHOUT ERROR OR INTERRUPTION,OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK.In no event shall Juniper’s or its suppliers’or licensors’liability to Customer,whether in contract,tort(including negligence),breach of warranty,or otherwise,exceed the price paid by Customer for the Software that gave rise to the claim,or if the Software is embedded in another Juniper product,the price paid by Customer for such other product.Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein,that the same reflect an allocation of risk between the Parties(including the risk that a contract remedy may fail of its essential purpose and cause consequential loss),and that the same form an essential basis of the bargain between the Parties.9.Termination.Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein.Upon such termination,Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control.10.Taxes.All license fees payable under this agreement are exclusive of tax.Customer shall be responsible for paying Taxes arising from the purchase of the license,or importation or use of the Software.If applicable,valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing,and Customer shall promptly notify Juniper if their exemption is revoked or modified.All payments made by Customer shall be net of any applicable withholding tax.Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly:providing Juniper with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes;completing appropriate applications that would reduce the amount of withholding tax to be paid;and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder.Customer shall comply with all applicable tax laws and regulations,and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this Section shall survive termination or expiration of this Agreement.11.Export.Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority,and not to export or re-export the Software or any direct product thereof in violation of any such restrictions,laws or regulations,or without all necessary approvals.Customer shall be liable for any such violations.The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.mercial Computer Software.The Software is“commercial computer software”and is provided with restricted e, duplication,or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS227.7201through227.7202-4,FAR12.212,FAR27.405(b)(2),FAR52.227-19,or FAR52.227-14(ALT III)as applicable.13.Interface Information.To the extent required by applicable law,and at Customer's written request,Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program,on payment of applicable fee,if any.Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available.14.Third Party Software.Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in(or services are accessed by)the Software shall be a third party beneficiary with respect to this Agreement,and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper.In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s),if any,of its respective owner(s).To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available(such as the GNU General Public License(“GPL”)or the GNU Library General Publiciv■License(“LGPL”)),Juniper will make such source code portions(including Juniper modifications,as appropriate)available upon request for a period of up to three years from the date of distribution.Such request can be made in writing to Juniper Networks,Inc.,1194 N.Mathilda Ave.,Sunnyvale,CA94089,ATTN:General Counsel.You may obtain a copy of the GPL at/licenses/gpl.html,and a copy of the LGPL at /licenses/lgpl.html.15.Miscellaneous.This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles.The provisions of the U.N.Convention for the International Sale of Goods shall not apply to this Agreement.For any disputes arising under this Agreement,the Parties hereby consent to the personal and exclusive jurisdiction of,and venue in,the state and federal courts within Santa Clara County,California.This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software,and supersedes all prior and contemporaneous agreements relating to the Software,whether oral or written(including any inconsistent terms contained in a purchase order),except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein.No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged.If any portion of this Agreement is held invalid,the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement.This Agreement and associated documentation has been written in the English language,and the Parties agree that the English version will govern.(For Canada:Les parties aux présentés confirment leur volontéque cette convention de même que tous les documents y compris tout avis qui s'y rattaché,soient redigés en langue anglaise. (Translation:The parties confirm that this Agreement and all related documentation is and will be in the English language)).■vvi■目錄關於本指南xxi目標 (xxi)目標讀者 (xxi)文件慣例 (xxi)J系列服務路由器與SRX系列服務閘道的JUNOS軟體文件 (xxiii)取得文件 (xxiv)文件意見回饋 (xxv)要求技術支援 (xxv)第1部分SRX5600服務閘道綜述第1章服務閘道綜述3服務閘道說明 (3)元件冗餘 (4)第2章硬體元件5服務閘道機箱 (5)中間背板 (7)I/O卡(IOC) (8)IOC元件 (9)服務處理卡 (10)SPC元件 (12)主機子系統 (13)開關控制板 (14)SCB插槽 (14)SCB冗餘 (15)SCB元件 (15)SCB LED (15)路由引擎 (16)路由引擎元件 (16)路由引擎介面連接埠與狀態指示燈 (17)路由引擎啟動順序 (18)纜線管理系統 (18)精密介面 (19)警示LED與警示切斷/亮起測試按鈕 (20)主機子系統LED (21)目錄■viiSRX5600服務閘道硬體指南電源供應器LED (21)IOC與SPC LED (21)SCB LED (22)風扇LED (22)線上按鈕 (22)警示轉接接點 (23)電源供應器 (23)電源供應器安裝與替換 (23)AC電源供應器 (24)AC電源供應器組態 (24)AC電源供應器LED (25)DC電源供應器 (25)DC電源供應器組態 (26)DC電源供應器LED (26)冷卻系統 (27)第2部分設定服務閘道第3章為安裝服務閘道準備場地31場地準備核對清單 (31)機櫃需求 (32)機櫃大小與空間需求 (32)機櫃空氣流通需求 (32)機架需求 (32)機架尺寸與強度 (33)裝載托架孔的間距 (34)連接至建築結構 (34)空氣流通與硬體維護的空間需求 (34)第4章安裝概觀37第5章拆開服務閘道的包裝39必要工具及零件 (39)拆開服務閘道的包裝 (39)確認收到的零件 (40)第6章安裝裝載硬體43為機架或機櫃安裝裝載硬體 (43)卸除安裝托架以在中央裝載裝置 (45)viii■目錄目錄第7章安裝服務閘道47安全需求、警告與準則 (47)使用機械起重機安裝服務閘道 (47)所需工具 (47)使用起重機安裝服務閘道 (48)安裝纜線管理系統 (49)第8章連接服務閘道51必要工具及零件 (51)將服務閘道連接到管理與警示裝置 (51)連線到網路以進行超出頻寬的管理 (52)連接到管理主控台或附屬裝置 (52)連接到外部警示報告裝置 (53)連接IOC纜線 (53)第9章將服務閘道接地並為其供電55必要工具及零件 (55)將服務閘道接地 (55)將電源連接到AC供電的服務閘道 (56)開啟AC供電服務閘道的電源 (57)將電源連接到DC供電的服務閘道 (58)開啟DC供電服務閘道的電源 (59)關閉服務閘道電源 (61)第10章組態JUNOS軟體63第3部分硬體維護、替換及疑難排解步驟第11章維護硬體元件71必要工具及零件 (71)例行維護程序 (71)維護冷卻系統元件 (72)維護空氣濾網 (72)維護風扇架 (72)維護主機子系統 (73)維護IOC與SPC (75)維護IOC纜線 (77)目錄■ixSRX5600服務閘道硬體指南搬運及存放卡 (78)手持卡片 (79)存放卡 (81)維護電源供應器 (82)第12章硬體元件疑難排解83資源疑難排解的綜述 (83)指令行介面 (83)LED (84)精密介面LED (84)元件LED (84)機箱與介面警示訊息 (85)Juniper Networks技術支援中心 (85)冷卻系統疑難排解 (85)IOC疑難排解 (86)SPC疑難排解 (87)電源系統疑難排解 (88)第13章替換硬體元件91現場可替換單元(FRU) (91)必要工具及零件 (92)替換精密介面 (93)移除精密介面 (93)安裝精密介面 (94)替換警示轉接線 (95)拔除警示轉接連接線 (95)連接警示轉接連接線 (96)替換冷卻系統元件 (96)替換風扇架 (96)移除風扇架 (96)安裝風扇架 (97)替換空氣濾網 (98)移除空氣濾網 (98)安裝空氣濾網 (99)替換主機子系統元件 (100)使主機子系統離線 (100)替換SCB (101)操作及定位SCB頂出器 (101)移除SCB (102)安裝SCB (102)替換路由引擎 (104)移除路由引擎 (104)安裝路由引擎 (105)替換路由引擎介面連接埠的連接 (106)替換管理乙太網路纜線 (107)替換主控台或附屬纜線 (107)x■目錄目錄替換IOC (107)移除IOC (108)安裝IOC (109)替換SPC (111)移除SPC (111)安裝SPC (113)移除SFP或XFP收發機 (115)安裝SFP或XFP收發機 (116)替換電源系統元件 (116)移除AC電源供應器 (117)安裝AC電源供應器 (119)移除DC電源供應器 (119)安裝DC電源供應器 (121)替換AC電線 (123)拔下AC電線 (123)連接AC電源供應線 (124)替換DC電源供應纜線 (124)拔下DC電纜 (124)安裝DC電纜 (125)替換纜線管理系統 (126)移除纜線管理系統 (126)安裝纜線管理系統 (126)第4部分附錄附錄A安全與法規遵從性資訊129安全警告層級的定義 (129)安全準則與警告 (130)一般安全準則與警告 (131)合格人員警告 (131)受限制存取區域警告 (132)防止靜電傷害 (134)防火安全需求 (134)滅火 (135)滅火設備 (135)安裝安全準則與警告 (135)機箱抬起準則 (135)安裝指示警告 (136)機架裝載的要求與警告 (136)傾斜警告 (140)雷射與LED安全準則與警告 (140)一般雷射安全準則 (141)第1類雷射產品警告 (141)第1類LED產品警告 (141)雷射光束警告 (142)開放式光學連接埠孔隙的雷射光警告 (142)目錄■xiSRX5600服務閘道硬體指南維護與操作安全準則與警告 (143)電池處理警告 (144)摘除首飾警告 (145)閃電活動警告 (146)操作溫度警告 (146)產品棄置警告 (148)電力安全準則與警告 (148)發生電力意外時 (149)一般電力安全準則與警告 (149)AC電源電力安全準則 (153)DC電源電力安全準則與警告 (154)管理單位核准與遵從性陳述 (159)管理單位核准 (159)EMC需求之遵從性陳述 (161)加拿大 (161)歐洲共同體 (161)日本 (161)美國 (161)環保需求的遵從性陳述 (161)鋰電池 (161)聽覺噪音的遵從性陳述 (162)附錄B實體規格163實體規格 (163)附錄C服務閘道環境規格165服務閘道環境規格 (165)附錄D電源準則、需求與規格167機箱接地 (167)接地纜線插孔規格 (167)接地纜線規格 (168)DC電源規格與需求 (168)DC電源系統電力規格 (168)DC電源斷路器規格 (169)DC電源供應器電力規格 (169)DC供電服務閘道的電源需求 (169)DC電纜規格 (171)DC電纜插孔規格 (172)DC電纜規格 (172)AC電源規格與準則 (172)AC電源系統電力規格 (172)AC電源供應器電力規格 (173)AC電源斷路器規格 (173)xii■目錄目錄AC供電服務閘道的電源需求 (173)AC電線規格 (175)現場電力接線準則 (177)發訊距離限制 (177)無線電頻率干擾 (177)電磁相容性 (177)附錄E纜線與電線準則與規格179網路纜線規格與準則 (179)在多模式與單一模式光纖纜線中損失訊號 (179)光纖纜線中的衰減與消散 (179)計算光纖纜線的功率預算 (180)計算光纖纜線的功率限度 (180)路由引擎介面纜線與電線規格 (182)附錄F不使用機械起重機安裝服務閘道183必要工具及零件 (183)從機箱中移除元件 (183)移除電源供應器 (184)移除風扇架 (184)移除SCB (185)移除IOC與SPC (186)將機箱手動安裝到機架中 (187)將元件重新安裝到機箱中 (189)重新安裝電源供應器 (189)重新安裝風扇架 (190)重新安裝SCB (191)重新安裝IOC與SPC (192)安裝纜線管理系統 (193)附錄G聯絡客戶支援並退還硬體195找到元件序號 (195)SRX5600機箱序號標籤 (196)SCB序號標籤 (197)IOC與SPC序號標籤 (198)電源供應器序號標籤 (198)路由引擎序號標籤 (199)聯繫客戶支援 (200)您可能需要提供給JTAC的資訊 (200)退還程序 (200)必要工具及零件 (201)將服務閘道包裝好，以用於運輸 (202)包裝元件以用於運輸 (203)目錄■xiiiSRX5600服務閘道硬體指南附錄H纜線連接器接腳配置205路由引擎ETHERNET連接埠的RJ-45連接器接腳配置 (205)路由引擎AUX和CONSOLE連接埠的RJ-45連接器接腳配置 (205)第5部分索引索引 (209)xiv■目錄圖清單第1部分SRX5600服務閘道綜述第2章硬體元件5圖1:完全組態的服務閘道機箱的前視圖 (6)圖2:完全組態的AC電源服務閘道機箱的後視圖 (6)圖3:完全組態的DC電源服務閘道機箱的後視圖 (7)圖4:中間背板 (8)圖5:SRX5600上支援的IOC (9)圖6:水平安裝在SRX5600中的IOC (9)圖7:典型SPC (11)圖8:水平安裝在SRX5600服務閘道中的SPC (12)圖9:SCB (14)圖10:路由引擎 (16)圖11:路由引擎中的USB記憶體裝置 (17)圖12:纜線管理分隔板 (19)圖13:安裝在裝置上的纜線管理系統 (19)圖14:精密介面的前面板 (20)圖15:警示轉接接點 (23)圖16:AC電源供應器 (24)圖17:DC電源供應器 (25)圖18:通過機箱的氣流 (27)圖19:風扇架 (28)圖20:空氣濾網 (28)第2部分設定服務閘道第3章為安裝服務閘道準備場地31圖21:典型開放式框架機架 (34)圖22:機箱尺寸與空間需求 (35)第5章拆開服務閘道的包裝39圖23:運輸板條箱內的內容 (40)第6章安裝裝載硬體43圖24:為四柱式機架或機櫃安裝前裝載硬體 (44)圖25:為開放式框架機架安裝裝載硬體 (45)第7章安裝服務閘道47圖26:將服務閘道安裝到機架中 (49)圖27:安裝纜線管理系統 (50)第8章連接服務閘道51圖28:路由引擎管理連接埠 (52)圖29:路由引擎乙太網路纜線連接器 (52)圖30:主控台與附屬纜線連接器 (53)圖清單■xvSRX5600服務閘道硬體指南圖31:警示轉接接點 (53)圖32:將纜線連接至IOC (54)第9章將服務閘道接地並為其供電55圖33:將AC電源連接到服務閘道 (57)圖34:將DC電源連接到服務閘道 (59)第3部分硬體維護、替換及疑難排解步驟第11章維護硬體元件71圖35:卡邊 (79)圖36:請勿握住連接器邊 (80)圖37:請勿用一條邊來支撐整塊卡 (81)第12章硬體元件疑難排解83圖38:通過機箱的氣流 (85)第13章替換硬體元件91圖39:移除精密介面 (94)圖40:安裝精密介面 (95)圖41:警示轉接接點 (95)圖42:移除風扇架 (97)圖43:安裝風扇架 (98)圖44:移除空氣濾網 (99)圖45:安裝空氣濾網 (100)圖46:移除SCB (102)圖47:安裝SCB (104)圖48:移除路由引擎 (105)圖49:安裝路由引擎 (106)圖50:路由引擎介面連接埠 (106)圖51:纜線連接器 (107)圖52:移除IOC (109)圖53:安裝IOC (111)圖54:將纜線連接至IOC (111)圖55:移除SPC (113)圖56:安裝SPC (114)圖57:將纜線連接至SPC (114)圖58:移除SFP或XFP (116)圖59:移除AC電源供應器 (118)圖60:安裝AC電源供應器 (119)圖61:移除DC電源供應器 (120)圖62:安裝DC電源供應器 (122)圖63:連接DC電源 (123)圖64:將電纜連接至DC電源供應器 (125)圖65:移除或安裝纜線管理系統 (126)第4部分附錄附錄A安全與法規遵從性資訊129圖66:將元件放置於靜電袋中 (134)附錄D電源準則、需求與規格167圖67:接地纜線插孔 (168)xvi■圖清單圖清單圖68:服務閘道的典型DC來源佈線 (171)圖69:DC電纜插孔 (172)圖70:AC插頭類型 (176)附錄F不使用機械起重機安裝服務閘道183圖71:安裝服務閘道前先移除電源供應器 (184)圖72:移除風扇架 (185)圖73:移除SCB (186)圖74:移除IOC或SPC (187)圖75:將服務閘道機箱安裝到機架中 (189)圖76:重新安裝電源供應器 (190)圖77:安裝風扇架 (191)圖78:安裝SCB (192)圖79:安裝IOC或SPC (193)圖80:安裝纜線管理系統 (193)附錄G聯絡客戶支援並退還硬體195圖81:序號ID標籤 (196)圖82:SRX5600機箱序號標籤 (197)圖83:SCB序號標籤 (197)圖84:IOC與SPC序號標籤 (198)圖85:AC電源供應器序號標籤 (199)圖86:DC電源供應器序號標籤 (199)圖87:路由引擎序號標籤 (200)圖清單■xviiSRX5600服務閘道硬體指南xviii■圖清單表格清單關於本指南xxi表1:通告圖示 (xxii)表2:文字與語法慣例 (xxii)表3:J系列服務路由器與SRX系列服務閘道的JUNOS軟體文件 (xxiii)第1部分SRX5600服務閘道綜述第2章硬體元件5表4:4連接埠100億位元乙太網路IOC LED (10)表5:40連接埠10億位元乙太網路IOC LED (10)表6:SPC LED (12)表7:開關控制板LED (15)表8:路由引擎LED (17)表9:警示LED與警示切斷/亮起測試按鈕 (20)表10:主機子系統LED (21)表11:精密介面上的電源供應器LED (21)表12:IOC與SPC LED (21)表13:SCB LED (22)表14:風扇LED (22)表15:AC電源供應器LED (25)表16:電源供應器冗餘與配電 (26)表17:DC電源供應器LED (26)第2部分設定服務閘道第3章為安裝服務閘道準備場地31表18:場地準備核對清單 (31)第5章拆開服務閘道的包裝39表19:完全組態的服務閘道的零件清單 (41)表20:附件盒零件清單 (41)第6章安裝裝載硬體43表21:四柱式機架或機櫃裝載孔位置 (43)第3部分硬體維護、替換及疑難排解步驟第13章替換硬體元件91表22:現場可替換單元 (92)表23:必要工具及零件 (92)表格清單■xixSRX5600服務閘道硬體指南第4部分附錄附錄B實體規格163表24:實體規格 (163)附錄C服務閘道環境規格165表25:服務閘道環境規格 (165)附錄D電源準則、需求與規格167表26:DC電源系統電力規格 (168)表27:DC電源供應器電力規格 (169)表28:DC供電的基礎系統需求 (170)表29:元件電源需求 (170)表30:DC電纜規格 (172)表31:AC電源系統規格 (173)表32:AC電源供應器電力規格 (173)表33:基礎系統AC電源需求 (174)表34:元件電源需求 (174)表35:AC電線規格 (175)附錄E纜線與電線準則與規格179表36:導致連結損失的因素的估計值 (181)表37:路由引擎管理與警示介面的纜線與電線規格 (182)附錄H纜線連接器接腳配置205表38:路由引擎ETHERNET連接埠的RJ-45連接器接腳配置 (205)表39:AUX和CONSOLE連接埠的RJ-45連接器接腳配置 (206)xx■表格清單關於本指南此前言為您使用SRX5600服務閘道硬體提供以下指導方針:■目標(第xxi頁)■目標讀者(第xxi頁)■文件慣例(第xxi頁)■J系列服務路由器與SRX系列服務閘道的JUNOS軟體文件(第xxiii頁)■取得文件(第xxiv頁)■文件意見回饋(第xxv頁)■要求技術支援(第xxv頁)目標本手冊介紹Juniper Networks SRX5600服務閘道的硬體元件、安裝、基本組態以及基本疑難排解程序。

NPort5600-DTL Series8-port RS-232/422/485serial device serversFeatures and Benefits•8serial ports supporting RS-232/422/485•Compact desktop design•10/100M auto-sensing Ethernet•Configure by Telnet,web browser,or Windows utility•Supports Real COM and TCP server,TCP client,UDP socket modes•SNMP MIB-II for network managementCertificationsIntroductionNPort®5600-8-DTL device servers can conveniently and transparently connect8serial devices to an Ethernet network,allowing you to network your existing serial devices with basic configurations.You can both centralize management of your serial devices and distribute management hosts over the network.The NPort®5600-8-DTL device servers have a smaller form factor than our19-inch models,making them a great choice for applications that need additional serial ports when mounting rails are not available.Convenient Design for RS-485ApplicationsThe NPort®5650-8-DTL device servers support selectable1kilo-ohm and150kilo-ohms pull high/low resistors and a120-ohm terminator.In some critical environments,termination resistors may be needed to prevent the reflection of serial signals.When using termination resistors,it is also important to set the pull high/low resistors correctly so that the electrical signal is not corrupted.Since no set of resistor values is universally compatible with all environments,NPort®5600-8-DTL device servers use DIP switches to allow users to adjust termination and pull high/low resistor values manually for each serial port.LED Indicators to Ease Your Maintenance TasksThe System LED,Serial Tx/Rx LEDs,and Ethernet LEDs(located on the RJ45connector)provide a great tool for basic maintenance tasks and help engineers analyze problems in the field.The NPort®5600’s LEDs not only indicate current system and network status,but they also help field engineers monitor the status of attached serial devices.AppearanceSpecificationsEthernet Interface10/100BaseT(X)Ports(RJ45connector)1Magnetic Isolation Protection 1.5kV(built-in)Ethernet Software FeaturesConfiguration Options Serial Console,Telnet Console,Web Console(HTTP/HTTPS),Windows Utility Management ARP,BOOTP,DHCP Client,DNS,HTTP,HTTPS,ICMP,IPv4,LLDP,Rtelnet,SMTP,SNMPv1/v2c,Telnet,TCP/IP,UDPFilter IGMP v1/v2Windows Real COM Drivers Windows95/98/ME/NT/2000,Windows XP/2003/Vista/2008/7/8/8.1/10(x86/x64),Windows2008R2/2012/2012R2(x64),Windows Embedded CE5.0/6.0,Windows XPEmbeddedLinux Real TTY Drivers Kernel versions:2.4.x,2.6.x,3.x,4.x,and5.xFixed TTY Drivers SCO UNIX,SCO OpenServer,UnixWare7,QNX4.25,QNX6.x,Solaris10,FreeBSD,AIX5.x,HP-UX11i,Mac OS XAndroid API Android3.1.x and laterMIB RFC1213,RFC1317Time Management SNTPSerial InterfaceConnector DB9maleNo.of Ports8Serial Standards NPort5610-8-DTL Series:RS-232NPort5650-8-DTL Series:RS-232,RS-422,RS-485Baudrate Supports standard baudrates(unit=bps):50,75,110,134,150,300,600,1200,1800,2400,4800,7200,9600,19200,38400,57600,115200,230.4k,460.8k,921.6kData Bits5,6,7,8Stop Bits1,1.5,2Parity None,Even,Odd,Space,MarkFlow Control RTS/CTS,DTR/DSR,XON/XOFFIsolation NPort5650I-8-DTL Series:2kVPull High/Low Resistor for RS-4851kilo-ohm,150kilo-ohmsRS-485Data Direction Control ADDC®(automatic data direction control)Terminator for RS-485NPort5650Series:120ohmsSerial SignalsRS-232TxD,RxD,RTS,CTS,DTR,DSR,DCD,GNDRS-422Tx+,Tx-,Rx+,Rx-,GNDRS-485-4w Tx+,Tx-,Rx+,Rx-,GNDRS-485-2w Data+,Data-,GNDPower ParametersInput Current NPort5610-8-DTL Series:340mA@12VDCNPort5650-8-DTL Series:470mA@12VDCNPort5650I-8-DTL Series:740mA@12VDCNo.of Power Inputs1Input Voltage12to48VDCReverse Polarity Protection SupportedSource of Input Power Power input jackPhysical CharacteristicsHousing MetalDimensions(with ears)229x135.43x46mm(9.02x5.33x1.81in)Dimensions(without ears)197x135.43x44mm(7.76x5.33x1.73in)Weight NPort5610-8-DTL Series:1760g(3.88lb)NPort5650-8-DTL Series:1770g(3.90lb)NPort5650I-8-DTL Series:1850g(4.08lb)Installation Desktop,DIN-rail mounting(with optional kit),Wall mounting(with optional kit) Environmental LimitsOperating Temperature Standard Models:0to60°C(-32to140°F)Wide Temp.Models:-40to75°C(-40to167°F)Storage Temperature(package included)-40to75°C(-40to167°F)Ambient Relative Humidity5to95%(non-condensing)Standards and CertificationsEMC EN55032/24EMI CISPR32,FCC Part15B Class AEMS IEC61000-4-2ESD:Contact:4kV;Air:8kVIEC61000-4-3RS:80MHz to1GHz:3V/mIEC61000-4-4EFT:Power:1kV;Signal:0.5kVIEC61000-4-5Surge:Power:2kV;Signal:1kVIEC61000-4-6CS:150kHz to80MHz:3V/m;Signal:3V/mIEC61000-4-8PFMFIEC61000-4-11DIPsSafety UL60950-1DeclarationGreen Product RoHS,CRoHS,WEEEMTBFTime NPort5610-8-DTL Series:953,388hrsNPort5650-8-DTL Series:740,457hrsNPort5650I-8-DTL Series:258,150hrsStandards Telcordia(Bellcore)Standard TR/SRWarrantyWarranty Period5yearsDetails See /warrantyPackage ContentsDevice1x NPort5600-DTL Series device serverInstallation Kit1x wall-mounting kitCable1x Ethernet,RJ45Power Supply1x power adapter,suitable for your region(except-T models) Documentation1x quick installation guide1x warranty cardDimensionsOrdering InformationModel Name Serial Interface Serial InterfaceConnectorSerial InterfaceIsolationOperating Temp.Input VoltageNPort5610-8-DTL RS-232DB9–0to60°C12-48VDC NPort5610-8-DTL-T RS-232DB9–-40to75°C12-48VDC NPort5650-8-DTL RS-232/422/485DB9–0to60°C12-48VDC NPort5650-8-DTL-T RS-232/422/485DB9–-40to75°C12-48VDC NPort5650I-8-DTL RS-232/422/485DB92kV0to60°C12-48VDC NPort5650I-8-DTL-T RS-232/422/485DB92kV-40to75°C12-48VDC Accessories(sold separately)ConnectorsADP-RJ458P-DB9F DB9female to RJ45connectorMini DB9F-to-TB DB9female to terminal block connectorDIN-Rail Mounting KitsDK35A DIN-rail mounting kit,35mmPower AdaptersPWR-12200-DT-S1Desktop power supply(requires power cord),12VDC,2A,100-240VAC,0to40°C operatingtemperaturePower CordsPWC-C13AU-3B-183Power cord with Australian(AU)plug,1.83mPWC-C13CN-3B-183Power cord with three-prong China(CN)plug,1.83mPWC-C13EU-3B-183Power cord with Continental Europe(EU)plug,1.83mPWC-C13JP-3B-183Power cord with Japan(JP)plug,7A/125V,1.83mPWC-C13UK-3B-183Power cord with United Kingdom(UK)plug,1.83mPWC-C13US-3B-183Power cord with United States(US)plug,1.83mWall-Mounting KitsWK-35-042plates(35x44x2.5mm)with6screws(FTSx6M3x4mm)©Moxa Inc.All rights reserved.Updated Nov08,2019.This document and any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of Moxa Inc.Product specifications subject to change without notice.Visit our website for the most up-to-date product information.。

SRX安全网关操作手册神州数码（中国）有限公司二零一零年六月目录1.总体概述 (7)1.1.文档术语 (7)2.SRX基本操作 (8)2.1.通过Console线缆连接路由器 (8)2.2.设备关闭 (10)2.3. 设备重启 (10)2.4.JUNOS升级 (11)2.5.密码恢复 (11)3.SRX基本管理配置介绍 (12)3.1.JUNOS CLI (12)4.SRX开机配置过程 (14)4.1.SRX硬件设备简介 (14)4.1.1 SRX 240面板图 (14)4.1.2 SRX 210面板图 (15)4.1.3 SRX 100面板图 (15)4.2.SRX安装流程 (15)4.3.开始配置 (15)4.3.1开机登录 (16)4.3.2清空默认配置 (16)4.3.3从所有配置清空后开始配置 (17)5.常用故障诊断命令 (20)查看端口状态 (20)查看路由表 (20)查看OSPF邻居关系 (20)Ping (21)Traceroute (21)监控接口流量 (21)监控RE CPU利用率 (22)监控并发会话数 (22)冷却系统故障检查 (22)机箱硬件组件故障检查 (23)6. 设备日常维护 (24)日常维护步骤 (24)配置文件查看 (24)配置文件提交 (24)7.SRX常用功能及典型配置 (25)7.1 SRX常用功能配置 (25)7.2 SRX一个典型配置 (28)6.硬件返修及CASE信息 (34)一般性免责说明：神州数码（中国）有限公司力求确保《Juniper SRX防火墙快速安装手册》中信息的准确性，但不对信息的准确性承担任何责任。

神州数码（中国）有限公司可能随时更改本《手册》中提到的产品或调试命令等技术，恕不另行通知。

神州数码（中国）有限公司及其供应商不对因使用本《手册》或任何Juniper网络公司产品或服务而导致的任何间接、特殊、引致或意外损失而承担任何责任，包括但不限于利润或收入损失、替换产品或服务的成本、数据丢失或破坏，或使用或依赖使用本文提供的信息而造成的损失，即使Juniper 网络公司或其供应商事先已得知发生此类损失的可能性。