Working on the JN0-348 exam prep requires a router or two for BGP, IS-IS and other stuff that is not supported on an EX switch. Step forward the SRX 320 firewall which does all the good stuff and has a firewall built in as well! The one issue is that for study purposes the firewall just gets in the way so this posts the instructions to convert the system into as close to a router as possible. I also use some SRX110 appliances but they don’t have the required software revision on them for the current exam, but its not far off. The config is slightly different on the SRX110 as the interfaces are 100mbps.
Stage 1 – Bin the security settings
root# delete security
Stage 2 – Remove DHCP
root# delete system services dhcp-local-server root# delete access
Stage 3 – Remove the Autoinstallation
root# delete system autoinstallation
Stage 4 – Sort out the VLANs
root# delete vlans vlan-trust root# delete interfaces ge-0/0/1.0 family ethernet-switching vlan members vlan-trust root# delete interfaces ge-0/0/2.0 family ethernet-switching vlan members vlan-trust root# delete interfaces ge-0/0/3.0 family ethernet-switching vlan members vlan-trust root# delete interfaces ge-0/0/4.0 family ethernet-switching vlan members vlan-trust root# delete interfaces ge-0/0/5.0 family ethernet-switching vlan members vlan-trust root# delete interfaces ge-0/0/6.0 family ethernet-switching vlan members vlan-trust root# set vlans default vlan-id 1 l3-interface irb.0 root# set interfaces ge-0/0/1.0 family ethernet-switching vlan members default root# set interfaces ge-0/0/2.0 family ethernet-switching vlan members default root# set interfaces ge-0/0/3.0 family ethernet-switching vlan members default root# et interfaces ge-0/0/4.0 family ethernet-switching vlan members default root# set interfaces ge-0/0/5.0 family ethernet-switching vlan members default root# set interfaces ge-0/0/6.0 family ethernet-switching vlan members default
Stage 5 – Remove the inspection engine from the packet path
root# set security forwarding-options family inet6 mode packet-based root# set security forwarding-options family mpls mode packet-based root# set security forwarding-options family iso mode packet-based
Stage 6 – Reboot
Everybody loves a reboot.
So here it is in a single copy passable block:
delete security delete system services dhcp-local-server delete access delete system autoinstallation delete interfaces ge-0/0/1.0 family ethernet-switching vlan members vlan-trust delete interfaces ge-0/0/2.0 family ethernet-switching vlan members vlan-trust delete interfaces ge-0/0/3.0 family ethernet-switching vlan members vlan-trust delete interfaces ge-0/0/4.0 family ethernet-switching vlan members vlan-trust delete interfaces ge-0/0/5.0 family ethernet-switching vlan members vlan-trust delete interfaces ge-0/0/6.0 family ethernet-switching vlan members vlan-trust delete vlans vlan-trust set vlans default vlan-id 1 l3-interface irb.0 set interfaces ge-0/0/1.0 family ethernet-switching vlan members default set interfaces ge-0/0/2.0 family ethernet-switching vlan members default set interfaces ge-0/0/3.0 family ethernet-switching vlan members default set interfaces ge-0/0/4.0 family ethernet-switching vlan members default set interfaces ge-0/0/5.0 family ethernet-switching vlan members default set interfaces ge-0/0/6.0 family ethernet-switching vlan members default set security forwarding-options family inet6 mode packet-based set security forwarding-options family mpls mode packet-based set security forwarding-options family iso mode packet-based