Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation vSRX vSRX Virtual Firewall Deployment Guide for Private and Public Cloud Platforms vSRX Virtual Firewall Deployment for KVM Install vSRX Virtual Firewall in KVM

vSRX Virtual Firewall Deployment Guide for Private and Public Cloud Platforms

keyboard_arrow_up
close
keyboard_arrow_left
vSRX Virtual Firewall Deployment Guide for Private and Public Cloud Platforms
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Example: Install and Launch vSRX Virtual Firewall on Ubuntu

date_range 24-Jun-24
arrow_backward
arrow_forward

This example shows how to install and launch a vSRX Virtual Firewall instance on an Ubuntu server with KVM.

Requirements

This example uses the following hardware and software components:

  • Generic x86 server

  • Junos OS Release 15.1X49-D20 for vSRX Virtual Firewall

  • Ubuntu version 14.04.2

Before you begin:

  • This example assumes a fresh install of the Ubuntu server software.

  • Ensure that your host OS meets the requirements specified in Requirements for vSRX on KVM.

Overview

This example shows how to set up your Ubuntu host server and install and launch a vSRX Virtual Firewall VM. Figure 1 shows the basic structure of a vSRX Virtual Firewall VM on an Ubuntu server.

Figure 1: vSRX Virtual Firewall VM on UbuntuvSRX Virtual Firewall VM on Ubuntu
Note:

This example uses static IP addresses. If you are configuring the vSRX Virtual Firewall instance in an NFV environment, you should use DHCP.

Quick Configuration - Install and Launch a vSRX Virtual Firewall VM on Ubuntu

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and copy and paste the commands into the Ubuntu server terminal or vSRX Virtual Firewall console as specified.

Procedure

Step-by-Step Procedure

  1. If the default virtual network does not already exist, copy the following commands and paste them into the Ubuntu server terminal to create the default virtual network.

    content_copy zoom_out_map
    cat <<EOF> /etc/libvirt/qemu/networks/default.xml 
<network>
 <name>default</name> 	
 <forward mode='nat'/> 	
<nat>
 <port start ='1024' end='65535' />
 </nat>
<bridge name='virbr0' stp='on' delay='0' /> 	
 <ip address='192.168.2.1' netmask='255.255.255.0'> 	
 <dhcp> 
		<range start='192.168.2.2' end='192.168.2.254' /> 	
 </dhcp> 
 </ip> 	
</network>
 EOF
virsh net-define /etc/libvirt/qemu/networks/default.xml
virsh net-start default
virsh net-autostart default

  2. Create the left, or trusted, virtual network on the Ubuntu server.

    content_copy zoom_out_map
    cat <<EOF> /etc/libvirt/qemu/networks/testleftnetwork.xml 
<network>
 <name>TestLeft</name> 	
 <forward mode='route'/> 	
 <bridge name='virbr1' stp='on' delay='0' /> 	
 <ip address='192.168.123.1' netmask='255.255.255.0'> 	
 <dhcp> 
		<range start='192.168.123.100' end='192.168.123.250' /> 	
 </dhcp> 
 </ip> 	
</network>
 EOF
virsh net-define /etc/libvirt/qemu/networks/testleftnetwork.xml
virsh net-start TestLeft
virsh net-autostart TestLeft

  3. Create the right, or untrusted, virtual network on the Ubuntu server.

    content_copy zoom_out_map
    cat <<EOF > /etc/libvirt/qemu/networks/testrightnetwork.xml
<network>
 	<name>TestRight</name>
 	<forward mode='nat'/> 	
<nat>
 <port start ='1024' end='65535' />
 </nat>
 	<bridge name='virbr2' stp='on' delay='0' />
 	<ip address='192.168.124.1' netmask='255.255.255.0'>
 	<dhcp>
 		<range start='192.168.124.100' end='192.168.124.250' />
	</dhcp>
 </ip>
</network>
EOF
virsh net-define /etc/libvirt/qemu/networks/testrightnetwork.xml
virsh net-start TestRight
virsh net-autostart TestRight

  4. Download the vSRX Virtual Firewall KVM image from the Juniper Networks website at JuniperNetworks Website.

  5. Copy the following commands and modify the cpu parameter and flags to match your Ubuntu server CPU. Paste the resulting commands into the Ubuntu server terminal to copy the image to a mount point and create the vSRX Virtual Firewall VM.

    content_copy zoom_out_map
    cp junos-vsrx-vmdisk-15.1X49-D20.2.qcow2 /mnt/vsrx20one.qcow2
virt-install  --name vSRX20One --ram 4096 --cpu SandyBridge,+vmx,-invtsc, --vcpus=2 --arch=x86_64 --disk path=/mnt/vsrx20one.qcow2,size=16,device=disk,bus=ide,format=qcow2 --os-type linux --os-variant rhel7 --import --network=network:default,model=virtio --network=network:TestLeft,model=virtio --network=network:TestRight,model=virtio
    Note:

    The CPU model and flags in the virt-install command might vary based on the CPU and features in the Ubuntu server.

  6. To set the root password on the vSRX Virtual Firewall VM, copy and paste the command into the vSRX Virtual Firewall CLI at the [edit] hierarchy level.

    content_copy zoom_out_map
    set system root-authentication plain-text-password

  7. To create a base configuration on the vSRX Virtual Firewall VM, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the following commands into the vSRX Virtual Firewall CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

    content_copy zoom_out_map
    set interfaces fxp0 unit 0 family inet dhcp-client 
set interfaces ge-0/0/0 unit 0 family inet address 192.168.123.254/24 
set interfaces ge-0/0/1 unit 0 family inet dhcp-client
set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp
set routing-instances CUSTOMER-VR instance-type virtual-router
set routing-instances CUSTOMER-VR interface ge-0/0/0.0
set routing-instances CUSTOMER-VR interface ge-0/0/1.0
set security nat source rule-set source-nat from zone trust 
set security nat source rule-set source-nat to zone untrust 
set security nat source rule-set source-nat  rule nat1 match source-address 0.0.0.0/0 
set security nat source rule-set source-nat rule nat1 then source-nat interface

Step-by-Step Procedure

Step by Step Configuration

Use the following sections for a more detailed set of procedures to install and launch a vSRX Virtual Firewall VM.

Add Virtual Networks

Step-by-Step Procedure

You need to create virtual networks on the Ubuntu server to provide network connectivity to interfaces on the vSRX Virtual Firewall VM. Copy and paste these command into a terminal on the Ubuntu server.

This example uses three virtual networks:

  • default— Connects the fxp0 management interface.

    Note:

    The default virtual network should already exist on the Ubuntu server. Use the virsh net-list command to verify that the default network is present and active.

  • TestLeft— Connects the ge-0/0/0 interface to the trusted zone.

  • TestRight— Connects the ge-0/0/1 interface to the untrusted zone.

  1. If the default network does not exist, follow these steps:

    Step-by-Step Procedure

    1. Open a text editor on the Ubuntu server and create the default network XML (default.xml) file.

      content_copy zoom_out_map
      emacs /etc/libvirt/qemu/networks/default.xml

    2. Set the forward mode to nat, configure an IP address and subnet mask, and a bridge interface, and configure DHCP to assign IP addresses to interfaces on this virtual network.

      Note:

      Use the XML format specified by libvirt.

      content_copy zoom_out_map
      <network>
 <name>default</name> 	
 <forward mode='nat'/> 	
<nat>
 <port start ='1024' end='65535' />
 </nat>
<bridge name='virbr0' stp='on' delay='0' /> 	
 <ip address='192.168.2.1' netmask='255.255.255.0'> 	
 <dhcp> 
		<range start='192.168.2.2' end='192.168.2.254' /> 	
 </dhcp> 
 </ip> 	
</network>

    3. Define and start the default virtual network, based on the default.xml file you created.

      content_copy zoom_out_map
      virsh net-define /etc/libvirt/qemu/networks/default.xml
virsh net-start default
virsh net-autostart default

  2. Remove any previously configured TestLeft virtual network.

    content_copy zoom_out_map
    virsh net-destroy TestLeft
virsh net-undefine TestLeft

  3. Remove any previously configured TestRight virtual network.

    content_copy zoom_out_map
    virsh net-destroy TestRight
virsh net-undefine TestRight

  4. Open a text editor on the Ubuntu server and create the TestLeft network XML (testleftnetwork.xml) file.

    content_copy zoom_out_map
    emacs /etc/libvirt/qemu/networks/testleftnetwork.xml

  5. Set the forward mode to route, configure an IP address and subnet mask, and a bridge interface, and configure DHCP to assign IP addresses to interfaces on this virtual network.

    Note:

    Use the XML format specified by libvirt.

    content_copy zoom_out_map
    <network>
 <name>TestLeft</name> 	
 <forward mode='route'/> 	
 <bridge name='virbr1' stp='on' delay='0' /> 	
 <ip address='192.168.123.1' netmask='255.255.255.0'> 	
 <dhcp> 
		<range start='192.168.123.100' end='192.168.123.250' /> 	
 </dhcp> 
 </ip> 	
</network>

  6. Open a text editor on the Ubuntu server and create the TestRight network XML (testrightnetwork.xml) file.

    content_copy zoom_out_map
    emacs /etc/libvirt/qemu/networks/testrightnetwork.xml

  7. Set the forward mode to nat, configure an IP address and subnet mask, and a bridge interface, and configure DHCP to assign IP addresses to interfaces on this virtual network.

    Note:

    Use the XML format specified by libvirt.

    content_copy zoom_out_map
    <network>
 	<name>TestRight</name>
 <forward mode='nat'/> 	
<nat>
 <port start ='1024' end='65535' />
 </nat>
 	<bridge name='virbr2' stp='on' delay='0' />
 	<ip address='192.168.124.1' netmask='255.255.255.0'>
 	<dhcp>
 		<range start='192.168.124.100' end='192.168.124.250' />
	</dhcp>
 </ip>
</network>

  8. Define and start the TestLeft virtual network, based on the testleftnetwork.xml file you created.

    content_copy zoom_out_map
    virsh net-define /etc/libvirt/qemu/networks/testleftnetwork.xml
virsh net-start TestLeft
virsh net-autostart TestLeft

  9. Define and start the TestRight virtual network, based on the testrightnetwork.xml file you created.

    content_copy zoom_out_map
    virsh net-define /etc/libvirt/qemu/networks/testrightnetwork.xml
virsh net-start TestRight
virsh net-autostart TestRight

Verify the Virtual Networks

Purpose

Verify the new virtual network configuration on the Ubuntu server.

Action

Use the virsh net-list command on the Ubuntu server to verify that the new virtual interfaces are active and are set to autostart on reboot.

content_copy zoom_out_map
virsh net-list
content_copy zoom_out_map
 Name             State      Autostart     Persistent
----------------------------------------------------------
default                 active      yes            yes
TestLeft                active      yes            yes
TestRight               active      yes            yes

Download and Installing the vSRX Virtual Firewall Image

Step-by-Step Procedure

To download and install the vSRX Virtual Firewall image on the Ubuntu server:

  1. Download the vSRX Virtual Firewall KVM image from the Juniper Networks website: https://www.juniper.net/support/downloads/?p=vsrx#sw

  2. Copy the vSRX Virtual Firewall image to an appropriate mount point.

    content_copy zoom_out_map
    hostOS# cp junos-vsrx-vmdisk-15.1X49-D20.2.qcow2 /mnt/vsrx20one.qcow2

  3. Use the virt-install command to create a vSRX Virtual Firewall VM. Modify the cpu parameter and flags to match your Ubuntu server CPU.

    content_copy zoom_out_map
    hostOS# virt-install  --name vSRX20One --ram 4096 --cpu SandyBridge,+vmx,-invtsc, --vcpus=2 --arch=x86_64 --disk path=/mnt/vsrx20one.qcow2,size=16,device=disk,bus=ide,format=qcow2 --os-type linux --os-variant rhel7 --import --network=network:default,model=virtio --network=network:TestLeft,model=virtio --network=network:TestRight,model=virtio
    Note:

    The CPU model and flags in the virt-install command might vary based on the CPU and features in the Ubuntu server.

Verify the vSRX Virtual Firewall Installation

Purpose

Verify the vSRX Virtual Firewall Installation.

Action

  1. Use the virsh console command on the Ubuntu server to access the vSRX Virtual Firewall console and watch the progress of the installation. The installation can take several minutes to complete.

    content_copy zoom_out_map
    hostOS# virsh console vSRx200ne
    content_copy zoom_out_map
    Starting install...
ERROR    internal error: process exited while connecting to monitor: libust[11994/11994]: Warning: HOME environment variable not set. Disabling LTTng-UST per-user tracing. (in setup_local_apps() at lttng-ust-comm.c:305)
libust[11994/11995]: Error: Error opening shm /lttng-ust-wait-5 (in get_wait_shm() at lttng-ust-comm.c:886)
libust[11994/11995]: Error: Error opening shm /lttng-ust-wait-5 (in get_wait_shm() at lttng-ust-comm.c:886)
 
  Booting `Juniper Linux'
 
Loading Linux ...
Consoles: serial port
BIOS drive C: is disk0
BIOS drive D: is disk1
BIOS drive E: is disk2
BIOS drive F: is disk3
BIOS 639kB/999416kB available memory
 
FreeBSD/i386 bootstrap loader, Revision 1.2
(builder@example.com, Thu Jul 30 23:20:10 UTC 2015)
Loading /boot/defaults/loader.conf
/kernel text=0xa3a2c0 data=0x6219c+0x11f8e0 syms=[0x4+0xb2ed0+0x4+0x1061bb]
/boot/modules/libmbpool.ko text=0xce8 data=0x114
/boot/modules/if_em_vsrx.ko text=0x184c4 data=0x7fc+0x20
/boot/modules/virtio.ko text=0x2168 data=0x208 syms=[0x4+0x7e0+0x4+0x972]
/boot/modules/virtio_pci.ko text=0x2de8 data=0x200+0x8 syms=[0x4+0x8f0+0x4+0xb22]
/boot/modules/virtio_blk.ko text=0x299c data=0x1dc+0xc syms=[0x4+0x960+0x4+0xa0f]
/boot/modules/if_vtnet.ko text=0x5ff0 data=0x360+0x10 syms=[0x4+0xdf0+0x4+0xf19]
/boot/modules/pci_hgcomm.ko text=0x12fc data=0x1a4+0x44 syms=[0x4+0x560+0x4+0x61d]
/boot/modules/chassis.ko text=0x9bc data=0x1d0+0x10 syms=[0x4+0x390+0x4+0x399]
 
 
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...
platform_early_bootinit: Early Boot Initialization
GDB: debug ports: sio
GDB: current port: sio
KDB: debugger backends: ddb gdb
KDB: current backend: ddb
Copyright (c) 1996-2015, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
JUNOS 15.1X49-D15.4 #0: 2015-07-31 02:20:21 UTC

<output omitted>

The machine id is empty.
Cleaning up ...
Thu Aug 27 12:06:22 UTC 2015
Aug 27 12:06:22 init: exec_command: /usr/sbin/dhcpd (PID 1422) started
Aug 27 12:06:22 init: dhcp (PID 1422) started
Aug 27 12:06:23 init: exec_command: /usr/sbin/pppd (PID 1428) started
 
Amnesiac (ttyd0)
 
login:

  2. On the vSRX Virtual Firewall console, log in and verify the vSRX Virtual Firewall version installed.

    content_copy zoom_out_map
    login: root
    content_copy zoom_out_map
    --- JUNOS 15.1X49-D15.4 built 2015-07-31 02:20:21 UTC
 
root@%
    content_copy zoom_out_map
    root@% cli
    content_copy zoom_out_map
    root>
    content_copy zoom_out_map
    root> show version
    content_copy zoom_out_map
    Model: vSRX
Junos: 15.1X49-D15.4
JUNOS Software Release [15.1X49-D15.4]

Create a Base Configuration on the vSRX Virtual Firewall Instance

Step-by-Step Procedure

To configure a base setup on the vSRX Virtual Firewall instance, enter the following steps in edit mode:

  1. Create a root password.

    content_copy zoom_out_map
    [edit]
set system root-authentication plain-text-password

  2. Set the IP address family for the management interface, and enable the DHCP client for this interface.

    content_copy zoom_out_map
    set interfaces fxp0 unit 0 family inet dhcp-client

  3. Set the IP address for the ge-0/0/0.0 interface.

    content_copy zoom_out_map
    set interfaces ge-0/0/0 unit 0 family inet address 192.168.123.254/24

  4. Set the IP address family for the ge-0/0/1.0 interface, and enable the DHCP client for this interface.

    content_copy zoom_out_map
    set interfaces ge-0/0/1 unit 0 family inet dhcp-client

  5. Add the ge-0/0/0.0 interface to the trust security zone and allow all system services from inbound traffic on that interface.

    content_copy zoom_out_map
    set security zones security-zone trust interfaces ge-0/0/0.0 host-inbound-traffic system-services all

  6. Add the ge-0/0/1.0 interface to the untrust security zone and allow only DHCP system services from inbound traffic on that interface.

    content_copy zoom_out_map
    set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services dhcp

  7. Create a virtual router routing instance and add the two interfaces to that routing instance.

    content_copy zoom_out_map
    set routing-instances CUSTOMER-VR instance-type virtual-router
set routing-instances CUSTOMER-VR interface ge-0/0/0.0
set routing-instances CUSTOMER-VR interface ge-0/0/1.0

  8. Create a source NAT rule set.

    content_copy zoom_out_map
    set security nat source rule-set source-nat from zone trust 
set security nat source rule-set source-nat to zone untrust

  9. Configure a rule that matches packets and translates the source address to the address of the egress interface.

    content_copy zoom_out_map
    set security nat source rule-set source-nat  rule nat1 match source-address 0.0.0.0/0 
set security nat source rule-set source-nat rule nat1 then source-nat interface

Results

From configuration mode, confirm your configuration by entering the show interfaces command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
show interfaces

From configuration mode, confirm your security policies by entering the show security policies command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
show security policies
content_copy zoom_out_map
from-zone trust to-zone trust {
    policy default-permit {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
        }
    }
}
from-zone trust to-zone untrust {
    policy default-permit {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            permit;
        }
    }
}
from-zone untrust to-zone trust {
    policy default-deny {
        match {
            source-address any;
            destination-address any;
            application any;
        }
        then {
            deny;
        }
    }
}

If you are done configuring the device, enter commit from configuration mode.

Note:

As a final step, exit configuration mode and use the request system reboot command to reboot the vSRX Virtual Firewall VM. You can use the virsh console command on the Ubuntu server to reconnect to the vSRX Virtual Firewall after reboot.

Verify the Basic Configuration on the vSRX Virtual Firewall Instance

Purpose

Verify the basic configuration on the vSRX Virtual Firewall instance.

Action

Verify that the ge-0/0/0.0 interface has an assigned IP address from the TestLeft network DHCP address range, and that the ge-0/0/1.0 has an assigned IP address from the TestRight network DHCP address range.

content_copy zoom_out_map
root> show interfaces terse
content_copy zoom_out_map
Interface               Admin Link Proto    Local                 Remote
ge-0/0/0                up    up
ge-0/0/0.0              up    up   inet     192.168.123.254/24
gr-0/0/0                up    up
ip-0/0/0                up    up
lsq-0/0/0               up    up
lt-0/0/0                up    up
mt-0/0/0                up    up
sp-0/0/0                up    up
sp-0/0/0.0              up    up   inet
                                   inet6
sp-0/0/0.16383          up    up   inet
ge-0/0/1                up    up
ge-0/0/1.0              up    up   inet     192.168.124.238/24
dsc                     up    up
em0                     up    up
em0.0                   up    up   inet     128.0.0.1/2
em1                     up    up
em1.32768               up    up   inet     192.168.1.2/24
em2                     up    up
fxp0                    up    up
fxp0.0                  up    up   inet     192.168.2.1/24
ipip                    up    up
irb                     up    up
lo0                     up    up
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.0.4           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up
lsi                     up    up
mtun                    up    up
pimd                    up    up
pime                    up    up
pp0                     up    up
ppd0                    up    up
ppe0                    up    up
st0                     up    up
tap                     up    up
vlan                    up    down

Related Documentation

arrow_backward PREVIOUS Install vSRX Virtual Firewall with KVM
NEXT arrow_forward Load an Initial Configuration on a vSRX Virtual Firewall with KVM
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top