Using Vagrant to Install Juniper Firefly Perimeter (vSRX) in VirtualBox and GNS3

In a previous post, I showed how to create a Virtual Box VM of a Juniper Firefly Perimeter.  It worked great, but some steps where quite difficult for some users and there seemed to be many that had issues with getting interfaces to appear and connect.  Also, converting VM disk images was a pain.  Fortunately, I found another extremely simple way to create the VM in only a few steps, and that was Vagrant.  I had not used Vagrant before today, so it was a bit of a learning curve about what this tool does, but turned out to be very simple for what I needed it for.  After installing Vagrant it was as simple as two Vagrant commands and I had my VM up and running.

Many of the steps below were taken from my previous post with a few minor modifications and the replacement of the VM creation steps.

Note: These instructions are run on this system.

1. Create a directory to store the vagrant files.

md "d:\VirtualBox VMs\vagrant\boxes\juniper.ffp-12.1X47-D15.4"
cd "d:\VirtualBox VMs\vagrant\boxes\juniper.ffp-12.1X47-D15.4"

2. Create the Juniper Firefly Perimeter VM

vagrant init juniper/ffp-12.1X47-D15.4
vagrant up

Once it finishes downloading, booting and configuring, it will print out the details on how you can SSH to the vSRX.  Try it out by logging in as root with default password Juniper.  Be patient, the configuration might take a minute to connect to the VM.

3. Turn off the vSRX VM.

root@% cli
root> request system power-off

4. If you look in Virtual Box now, you will see a new VM with a really long strange name.  This is your new vSRX VM.  First thing is to rename the VM to something more recognizable like juniper.ffp-12.1X47-D15.4.

Now to do some more testing, I am going to use GNS3 and add the vSRX in.

1. Start GNS3

2. Add the vSRX VM to the VirtualBox VM list in preferences.
Edit->Preferences->VirtualBox->VirtualBox VMs->New

3. Select the juniper.ffp-12.1X47-D15.4  VM from the list and click finish.

4. Choose the juniper.ffp-12.1X47-D15.4 in the VM list in the preferences and click on the Edit button

  • General settings:
    • Start VM in headless mode
  • Network:
    • Adapters: 4
    • Start at: 0
    • Type: ‘Paravirtualized Network (virt-io net)’

5. Add the juniper.ffp-12.1X47-D15.4 and four VPCS to the canvas.
vSRX e0(ge0/0/0.0) -> PC2 e0
vSRX e1(ge0/0/1.0) -> PC1 e0
vSRX e2(ge0/0/2.0) -> PC4 e0
vSRX e3(ge0/0/3.0) -> PC3 e0

vsrx-vagrant

6. Start the vSRX and connect to console.

7. Login and configure the interfaces. For this test, I am configuring ge-0/0/0 as the outside untrust interface(which is the config default) and the other three interfaces will be added to the trust zone.

 root@%
 root@% cli
 root> edit
 Entering configuration mode

[edit]
 root# delete interfaces ge-0/0/0 unit 0 family inet dhcp
 root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
 root# set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/24
 root# set interfaces ge-0/0/2 unit 0
 root# set interfaces ge-0/0/3 unit 0
 root# set system services web-management http interface ge-0/0/1.0
 root# set security zones security-zone trust host-inbound-traffic system-services http
 root# set security zones security-zone trust host-inbound-traffic system-services https
 root# set security zones security-zone trust host-inbound-traffic system-services ping
 root# set security zones security-zone trust host-inbound-traffic system-services ssh
 root# set security zones security-zone trust interfaces ge-0/0/1.0
 root# set security zones security-zone trust interfaces ge-0/0/2.0
 root# set security zones security-zone trust interfaces ge-0/0/3.0

9. Commit config

 root# commit

10. Configure two VPCS using their consoles

 PC1> ip 192.168.2.2 192.168.2.1 24
 PC2> ip 192.168.1.2 192.168.1.1 24

11. Test that PC1 can get out but PC2 can’t get in.

#PC1 on trust zone pinging out to PC2
PC1> ping 192.168.1.2
192.168.1.2 icmp_seq=1 ttl=63 time=0.500 ms
192.168.1.2 icmp_seq=2 ttl=63 time=0.500 ms

#PC2 on untrust zone pinging in to PC1
PC2> ping 192.168.2.2
192.168.2.2 icmp_seq=1 timeout
192.168.2.2 icmp_seq=2 timeout

So that is it for this alternative to creating a Juniper Firefly Perimeter (vSRX).  Hope this way is a lot less troublesome than the previous method of converting VM images.

This post ‘Installing Juniper Firefly (vSRX) in VirtualBox using Vagrant’ first appeared on https://techandtrains.com/.

Advertisements