Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Load an Initial Configuration on a vSRX Virtual Firewall with KVM

Starting in Junos OS Release 15.1X49-D40 and Junos OS Release 17.3R1, you can use a mounted ISO image to pass the initial startup Junos OS configuration to a vSRX Virtual Firewall VM. This ISO image contains a file in the root directory called juniper.conf. This file uses the standard Junos OS command syntax to define configuration details, such as root password, management IP address, default gateway, and other configuration statements.

The process to bootstrap a vSRX Virtual Firewall VM with an ISO configuration image is as follows:

Note:

SNMPv3 configuration is not supported when provisioning the vSRX Virtual Firewall platforms with an ISO bootstrap image.

  1. Create the juniper.conf configuration file with your Junos OS configuration.

  2. Create an ISO image that includes the juniper.conf file.

  3. Mount the ISO image to the vSRX Virtual Firewall VM.

  4. Boot or reboot the vSRX Virtual Firewall VM. vSRX Virtual Firewall will boot using the juniper.conf file included in the mounted ISO image.

  5. Unmount the ISO image from the vSRX Virtual Firewall VM.

Note:

If you do not unmount the ISO image after the initial boot or reboot, all subsequent configuration changes to the vSRX Virtual Firewall are overwritten by the ISO image on the next reboot.

Create a vSRX Virtual Firewall Bootstrap ISO Image

This task uses a Linux system to create the ISO image.

To create a vSRX Virtual Firewall bootstrap ISO image:

  1. Create a configuration file in plaintext with the Junos OS command syntax and save in a file called juniper.conf.
  2. Create a new directory.
  3. Copy juniper.conf to the new ISO directory.
    Note:

    The juniper.conf file must contain the full vSRX Virtual Firewall configuration. The ISO bootstrap process overwrites any existing vSRX Virtual Firewall configuration.

  4. Use the Linux mkisofs command to create the ISO image.
    Note:

    The -l option allows for a long filename.

Provision vSRX Virtual Firewall with an ISO Bootstrap Image on KVM

To provision a vSRX Virtual Firewall VM from an ISO bootstrap image:

  1. Use the virsh edit command on the KVM host server where the vSRX Virtual Firewall VM resides to add the bootstrap ISO image as a disk device.
  2. Boot or reboot the vSRX Virtual Firewall VM.
  3. Optionally, use the virsh domblklist Linux command to verify that the bootstrap ISO image is part of the VM.
  4. Verify the configuration, then power down the vSRX Virtual Firewall VM to remove the ISO image.
  5. Use the virsh edit command on the KVM host server to remove the ISO image xml statements added in step 1, and then reboot the vSRX Virtual Firewall VM.

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
15.1X49-D80
Starting in Junos OS Release 15.1X49-D40 and Junos OS Release 17.3R1, you can use a mounted ISO image to pass the initial startup Junos OS configuration to a vSRX Virtual Firewall VM. This ISO image contains a file in the root directory called juniper.conf. This file uses the standard Junos OS command syntax to define configuration details, such as root password, management IP address, default gateway, and other configuration statements.