Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image RemovedImage Added

https://www.juniper.net/documentation/en_US/vsrx/topics/task/multi-task/security-vsrx-with-kvm-installing.html


0- Install qemu-kvm, virt-manager,...

1- Download the qcow2 file from juniper website ( VM HDD image)

2- Create an VM ( with virt-manager ) and use the qcow2 HDD + add at list 2 interfaces

3- Modify the xml file of the VM


0- Install qemu-kvm, virt-manager,...

sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager


  1. Download the vSRX QCOW2 image from the Juniper software download site.

  https://www.juniper.net/support/downloads/?p=vsrx#sw


or 

( fron the cmd of the KVM hypervisor )     wget + the link below

Image Added


If only ova avaialble, convert it to qcow2

ar -xvf file.ova
qemu-img convert -O qcow2 file.vmdk file.qcow2

2- Create an VM ( with virt-manager ) and use the qcow2 HDD + add at list 2 interfaces

type: Redhat 7
Set RAM to 4096 MB and
set CPUs to 2
Network:  br0 ( mgt) and virbr0 ( for data )

/home/me/Downloads/juniper/qcow2files/vsrxremote-vmdisk-17.3R1.10.qcow2
or
/home/me/Downloads/juniper/qcow2files/vsrxhub-vmdisk-17.3R1.10.qcow2


See next page:     /etc/libvirt/qemu/vsrxremote.xml

     <feature policy='force' name='vmx'/>
     <feature policy='disable' name='invtsc'/>


Image Added



It take very look time to boot-up ( could use:  virsh start vsrxremote --console )


Image Added


virsh list

virsh console 5


Image Added



vSRX Basic Config:

set system root-authentication plain-text-password 


set system host-name vsrxhub
set system name-server 8.8.8.8
set system services ssh root-login allow
set interfaces fxp0 unit 0 family inet address 192.168.0.62/24
set routing-options static route 0.0.0.0/0 next-hop 192.168.0.1
set interfaces ge-0/0/0.0 family inet address 1.2.0.62/24
set security zones security-zone untrust
set security zones security-zone untrust interfaces ge-0/0/0
set security zones security-zone untrust host-inbound-traffic system-services ping
commit and-quit