Performing additional vSRX tasks

Accessing the device using SSH

You can access either the vSRX or the host (Ubuntu) using SSH through a private IP address if you're on IBM Cloud VPN. Additionally, you can access the vSRX through a public IP address as well.

1. Go to Gateway Appliance Details screen and get the Public gateway IP or Private Gateway IP.

2. Click the "eye" icon to reveal the admin user's password.

3. For a vSRX, run the command ssh admin@<gateway-ip>, then enter the admin user's password. You can also use the 'root' user ID and password.

   For the host (Ubuntu), you can only use the root user ID and password.

If you do not see the "eye" icon, you might not have permission to view the password. Please check your access permissions with the account owner.

Operational mode

From operational mode, you can issue standard show commands to view configurations, routes, interfaces, logs, and the current status of different services, such as BGP, IPSec, and security policies. The following list details some commonly used commands:

• show configuration - View configurations as they are in the config file, formatted in a heirarchical container and leaf structure.
• show configuration | display set - View configurations as a set of configuration commands. This is easier to read and parse.
• show configuration | display set | grep <search term> - Search the entire configuration for the search term.
• show interfaces terse - View the list of vSRX network interfaces.
• show route <IP-Address> - Perform a route lookup for a specific IP.
• show chassis cluster status - Show the status of an HA cluster.
• show log <name-of-log-file> - Output the contents of a log file, such as /var/log/messages.
• show security ike sa - Show the phase 1 status for all configured IPsec tunnels.
• show security ipsec sa - Show the phase 2 status for all configured IPsec tunnels.
• show bgp summary - Show a summary of any BGP neighbors.
• show arp no-resolve - Show the arp status of IP addresses within the vSRX's broadcast domains.

Accessing the configuration mode

You can enter the configuration mode, once a shell has been opened to the vSRX, by running the config command. You can do several things in this mode using the following commands:

• show - View configurations
• show | compare - View staged changes
• set - Stage changes
• commit check - Verify the syntax of the configuration

If you are happy with your changes, you can commit them to the active configuration by running the commands commit and then save.

To leave Configuration mode run the command exit.

Accessing the Device using the Juniper web management UI

The Juniper web management GUI has been configured by default, with vSRX generated self-signed certificate. Only https is enabled on port 8443. You can access it at https://gateway-ip:8443.

Creating system users

By default, the IBM Cloud® Juniper vSRX is configured with SSH access for the username admin. Additional users can be added with their own set of priorities. For example:

set system login user ops class operator authentication encrypted-password <CYPHER>

In this example, ops is the username and operator is the class/permission level assigned to the user.

Customized classes can be also defined as opposed to pre-defined ones.

Defining the vSRX hostname

You can set or change the vSRX hostname using the following command:

set system host-name <hostname>

Configuring DNS and NTP

To configure name server resolution and NTP, run the following commands:

set system name-server <DNS server>
set system ntp <NTP server>

Changing the root password

You can change the root password by running the following command:

set system root-authentication plain-text-password

This prompts you to input a new password, which is encrypted and stored in the configuration, and is not visible.