Skip to main content

Juniper SRX320 Setup Guide (Basic Network)

This guide will help you configure your Juniper SRX320 router with the following features:

  • Three VLANs: Home, Guest, and IoT
  • Firewall Rules: Optimized for streaming and gaming
  • Traffic Prioritization: Using Quality of Service (QoS)

Prerequisites

  1. Juniper SRX320: Ensure your SRX320 is powered on and connected to your network.
  2. J-Web Interface: Access the router through a web browser at http://<SRX320-IP>.
  3. Basic Network Setup: Have an existing internet connection and basic understanding of network configurations.

Step-by-Step Setup

Step 1: Access Juniper SRX320

  1. Open a web browser and navigate to the SRX320's IP address.
  2. Log in using the default credentials or your configured admin username and password.

Step 2: Configure VLANs

  1. Navigate to: Network > Interfaces.
  2. Create VLANs for Home, Guest, and IoT.

Home VLAN

  • VLAN ID: 10
  • Interface: ge-0/0/1.10
  • IP Address: 192.168.10.1/24

Guest VLAN

  • VLAN ID: 20
  • Interface: ge-0/0/1.20
  • IP Address: 192.168.20.1/24

IoT VLAN

  • VLAN ID: 30
  • Interface: ge-0/0/1.30
  • IP Address: 192.168.30.1/24

Step 3: Configure DHCP for Each VLAN

  1. Navigate to: Network > DHCP Server.
  2. Configure DHCP for each VLAN.

Home VLAN DHCP

  • Interface: ge-0/0/1.10
  • Pool: 192.168.10.10 to 192.168.10.100

Guest VLAN DHCP

  • Interface: ge-0/0/1.20
  • Pool: 192.168.20.10 to 192.168.20.100

IoT VLAN DHCP

  • Interface: ge-0/0/1.30
  • Pool: 192.168.30.10 to 192.168.30.100

Step 4: Configure Security Zones

  1. Navigate to: Security > Security Zones.
  2. Create security zones for each VLAN.

Home Zone

  • Zone Name: home
  • Interfaces: Add ge-0/0/1.10

Guest Zone

  • Zone Name: guest
  • Interfaces: Add ge-0/0/1.20

IoT Zone

  • Zone Name: iot
  • Interfaces: Add ge-0/0/1.30

Step 5: Configure Firewall Policies

  1. Navigate to: Security > Policies.
  2. Create policies to manage traffic between zones.

Allow Traffic from Home to Internet

  • Source Zone: home
  • Destination Zone: untrust
  • Policy: Allow

Allow Traffic from Guest to Internet

  • Source Zone: guest
  • Destination Zone: untrust
  • Policy: Allow

Allow Traffic from IoT to Internet

  • Source Zone: iot
  • Destination Zone: untrust
  • Policy: Allow

Deny Traffic Between VLANs

  • Source Zone: home

  • Destination Zone: guest, iot

  • Policy: Deny

  • Source Zone: guest

  • Destination Zone: home, iot

  • Policy: Deny

  • Source Zone: iot

  • Destination Zone: home, guest

  • Policy: Deny

Step 6: Configure Traffic Prioritization (QoS)

  1. Navigate to: Network > Quality of Service.
  2. Create QoS profiles to prioritize gaming and streaming traffic.

Create Classifiers for Gaming and Streaming

  • Classifier Name: gaming

    • DSCP: 46 (EF for low latency)
    • Application: Match traffic to gaming servers

  • Classifier Name: streaming

    • DSCP: 34 (AF41 for streaming)
    • Application: Match traffic to streaming services

Apply Classifiers to Interfaces

  • Apply the classifiers to the interfaces connected to your gaming and streaming devices.

Step 7: Apply and Test Configuration

  1. Review all configurations and apply changes.
  2. Test the network:
    • Verify that devices on each VLAN receive the correct IP addresses.
    • Test internet connectivity for devices on each VLAN.
    • Ensure that gaming and streaming traffic is prioritized as expected.

Additional Tips

  • Secure Access: Change the default admin password and restrict management access to trusted IPs.
  • Regular Backups: Backup your configuration regularly to prevent data loss.
  • Firmware Updates: Keep the SRX320 firmware updated for security and performance enhancements.
No Comments
Back to top