Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Performing vSRX Virtual Firewall Basics in IBM Cloud

Viewing all gateway appliances

The Gateway Appliances page in the IBM Cloud® console is where you can view and access all network gateway appliances, including IBM Virtual Router Appliances and IBM Juniper vSRX Virtual Firewall Standard.

Perform the following procedure to access the Gateway Appliances page in the IBM Cloud console:

  1. From your browser, open the IBM Cloud catalog and log in to your account.

  2. Select the Menu from the top left, then click Classic Infrastructure.

  3. Choose Network > Gateway Appliances.

Viewing gateway appliance details

Network gateways are used to control network traffic on a VLAN that is regularly controlled by a router. Within the Gateway Appliance Details page on the IBM Cloud console, you can associate, disassociate, route and bypass VLANs associated with a network gateway.

Perform the following procedure to go to the Gateway Appliance Details page.

  1. From your browser, open the IBM Cloud catalog and log in to your account.

  2. Select the Menu from the top left, then click Classic Infrastructure.

  3. Choose Network > Gateway Appliances.

  4. Click the name of the network gateway you want to view to access the Gateway Appliance Details page. Use the Bulk Actions feature to take action on multiple VLANs at the same time.

Renaming a gateway appliance

Network gateways are given unique names that assist users in their identification. At any time, you can change a gateway name using the instructions here. It is recommended that you use a consistent naming convention to more easily identify gateways.

Perform the following procedure to rename a network gateway:

  1. Access the Gateway Appliance Details page in the IBM Cloud console.

  2. Click the Actions menu and select Rename Gateway.

  3. Enter the new gateway name in the Gateway Name field.

  4. Click OK to save the change.

After changing a gateway appliance's name, the name immediately changes at the top of the Gateway Appliance Details page. You can change the gateway name at any time by repeating these steps.

Note:

Changing the name of the gateway appliance in the IBM Cloud console does not automatically change the hostname within the Virtual Router Appliance or any DNS entries that you might have. Changing the hostname requires manual intervention.

Canceling a gateway appliance

You can cancel your gateway appliance at any time by following these instructions.

  1. From your browser, open the IBM Cloud catalog and log in to your account.

  2. Select the Menu from the top left, then click Classic Infrastructure.

  3. Choose Network > Gateway Appliances.

  4. Click the Gateway Appliance name to open the Gateway Appliance Details page.

  5. From the Hardware section, click the name of the hardware member to open the server details page.

  6. Select Actions > Cancel device and follow the prompts to cancel the gateway appliance.

    Note:

    For Highly Available server pairs, you must select and cancel both server members listed in the Hardware section on the Gateway Appliance Details page to cancel the gateway.

After you cancel the gateway appliance, the server(s) are reclaimed at the next billing cycle. For example, if you cancel the server(s) on September 8, the service is available until it is reclaimed on October 1.

You can verify if your gateway appliance is in the process of being canceled by viewing the Gateway Appliance Details page. Gateways in the process of being canceled show as Cancel pending.

Note:

If necessary, you can expedite the process by opening a case with IBM Support and requesting that the gateway appliance be reclaimed immediately. This process can take 24 to 48 hours.

Performing additional vSRX Virtual Firewall tasks

You can configure and maintain your IBM Cloud™ Juniper vSRX Virtual Firewall in a variety of ways, either through a remote console session through SSH or by logging into the Juniper web management GUI.

Note:

Configuring the vSRX Virtual Firewall outside of its shell and interface may produce unexpected results and is not recommended.

Accessing the device using SSH

You can access either the vSRX Virtual Firewall or the host (Ubuntu) using SSH through a private IP address if you're on IBM Cloud VPN. Additionally, you can access the vSRX Virtual Firewall through a public IP address as well.

  1. Go to Gateway Appliance Details screen and get the Public gateway IP or Private Gateway IP.

  2. Click the "eye" icon to reveal the admin user's password.

  3. For a vSRX Virtual Firewall, run the command ssh admin@<gateway-ip>, then enter the admin user's password. You can also use the 'root' user ID and password.

    Note:

    For the host (Ubuntu), you can only use the root user ID and password. Also, if you do not see the "eye" icon, you may not have permission to view the password. Please check your access permissions with the account owner.

Accessing the configuration mode

You can enter the configuration mode, once a shell has been opened to the vSRX Virtual Firewall, by running the config command. You can do several things in this mode using the following commands:

  • show - View configurations

  • show | compare - View staged changes

  • set - Stage changes

  • commit check - Verify the syntax of the configuration

If you are happy with your changes, you can commit them to the active configuration by running the commands commit and then save. To leave Configuration mode run the command exit.

Accessing the Device using the Juniper web management UI

The Juniper web management GUI has been configured by default, with vSRX Virtual Firewall generated self-signed certificate. Only https is enabled on port 8443. You can access it at https://gateway-ip:8443.

Creating system users

By default, the IBM Cloud™ Juniper vSRX Virtual Firewall is configured with SSH access for the username admin. Additional users can be added with their own set of priorities. For example: set system login user ops class operator authentication encrypted-password <CYPHER>. In this example, ops is the username and operator is the class/permission level assigned to the user. Customized classes can be also defined as opposed to pre-defined ones.

Defining the vSRX Virtual Firewall hostname

You can set or change the vSRX Virtual Firewall hostname using the following command: set system host-name <hostname>

Configuring DNS and NTP

To configure name server resolution and NTP, run the following commands:

  • set system name-server <DNS server>

  • set system ntp <NTP server>

Changing the root password

You can change the root password by running the following command: set system root-authentication plain-text-password. This prompts you to input a new password, which is encrypted and stored in the configuration, and is not visible.