Installing cSRX Container Firewall in a Bare-Metal Linux Server
This section outlines the steps to install the cSRX Container Firewall container in a Linux bare-metal server environment that is running Ubuntu, Red Hat Enterprise Linux (RHEL) , or CentOS. The cSRX Container Firewall container is packaged in a Docker image and runs in the Docker Engine on the Linux host.
This section includes the following topics:
Before You Deploy
Before you deploy the cSRX Container Firewall Container Firewall as an advanced security service in a Linux container environment, ensure that you:
Review Requirements for Deploying cSRX Container Firewall on a Bare-Metal Linux Server to verify the system software requirement specifications for the Linux server required to deploy the cSRX Container Firewall container.
Install and configure Docker on your Linux host platform to implement the Linux container environment. Docker installation requirements vary based on the platform and the host OS (Ubuntu, Red Hat Enterprise Linux (RHEL), or CentOS). Install Docker. You can also use the script at: https://get.docker.com/ to install docker easily. You need to execute this script on shell.
For docker installation instructions on the different supported Linux host operating systems, see:
Confirming Docker Installation
Before you load the cSRX Container Firewall image, confirm that Docker is properly installed on the Linux host and that the Docker Engine is running.
To confirm Docker installation:
Loading the cSRX Container Firewall Image
Once the Docker Engine has been installed on the host, perform the following to download and start using the cSRX Container Firewall image:
Creating the Linux Bridge Network for the cSRX Container Firewall
A Linux bridge is a virtual switch implemented as a kernel module. This Linux bridge is used within a Linux host to emulate a hardware bridge. Docker allows you to create a Linux bridge network and connect the cSRX Container Firewall container to this network to implement management and data processing sessions. The interfaces are created with the Linux VETH driver and are used to communicate with the Linux kernel.
This procedure describes how to create a three-bridge network for the cSRX Container Firewall container that includes: mgt_bridge (eth0), left_bridge (eth1), and right_bridge (eth2). The mgt_bridge is used by the cSRX Container Firewall for out-of-band management to accept management sessions and traffic, and the left_bridge and right_bridge are both used by the cSRX Container Firewall as the revenue ports to process in-band data traffic.
Docker automatically connects the management interface (eth0) to the Linux bridge and assigns an IP address. Interfaces eth1 and eth2 are for the inband traffic. cSRX Container Firewall must be bound with the Linux bridge to pass traffic.
To create a three-bridge network for a cSRX Container Firewall in the Linux host: