Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents

Firefly Perimeter Feature Considerations for VMware

Firefly Perimeter inherits most of the branch SRX Series features with the following considerations. See Table 1.

Table 1: Firefly Perimeter Feature Considerations

Feature

Description

Transparent Mode

The known behaviors for transparent mode support on Firefly Perimeter are:

  • The default MAC learning table size is restricted to 16,383 entries.
  • VMware vSwitch does not support MAC learning. It also floods traffic to the secondary node. The traffic is silently dropped by the flow on the secondary node.

For information on configuring transparent mode Firefly Perimeter, see

https://www.juniper.net/techpubs/en_US/
junos12.1x46/information-products/pathway-pages/
security/security-layer2-bridging-transparent-mode.pdf.

IDP

For SRX Series IDP configuration details, see:

https://www.juniper.net/techpubs/
en_US/junos12.1x46/information-products/
pathway-pages/security/security-idp-index.html.

On J-Web, following are the steps to add or edit an IPS rule:

  1. Click Security->IDP->Policy->Add.
  2. In the Add IPS Rule window, select All instead of Any in the drop down for the field Direction, to list all the FTP attacks.

In-service software upgrade

In-service software upgrades are not supported on Firefly Perimeter for all VPN and non-VPN features.

Chassis Cluster

Generally, on SRX Series devices, the cluster ID and node ID are written into EEPROM. However, the Firefly Perimeter VM does not emulate it. A location (boot/loader.conf) is required to save the IDs and read it out during initialization. Then the whole system (including BSD kernel) can determine that it is working in chassis cluster mode and does related initializations for chassis cluster.

 

Related Documentation

 

Modified: 2015-06-01

Previous Page Next Page