Skip to main content

Juniper vSRX Specifications

Licensing

Bring Your Own License (BYOL) products require a valid license. You are responsible for purchasing and managing your own licenses from Juniper Networks. To purchase a software license, contact your Juniper sales representative or partners.

Support

vSRX support is available for BYOL licenses. Contact your Juniper sales representative or partner to purchase a license and support contract.

Juniper vSRX

SmallMediumLarge
CPU2 Cores5 Cores9 Cores
Memory4 GB8 GB16 GB
Software PackageStandard
Virtual Data Interfaces Supported (Default/Max)8 / 8
System Reserved InterfacesFxp 0 (Management) Ge-0/0/0 (WAN/SSH)
Available License TypeBYOL
Access MethodsSSHWeb Console
Image VersionSee Available Image Versions
Restricted CLI CommandsNone
Deployment OptionsSingle
Redundant
Cluster

Juniper vSRX SD-WAN

SmallMediumLarge
CPU2 Cores5 Cores9 Cores
Memory4 GB8 GB16 GB
Software PackageStandard
Virtual Data Interfaces Supported (Default/Max)8 / 8
Reserved InterfacesFxp 0 (Management) Ge-0/0/0 (WAN/SSH)
Available License TypeBYOL
Access MethodsSSHWeb Console
Image VersionSee Available Image Versions
Deployment OptionsSingle
Redundant
Cluster

For information about Juniper limitations, see Juniper vSRX Limitations.

For information about creating a Juniper vSRX cluster, see Creating a Juniper vSRX Cluster.

Creating a Juniper vSRX SD-WAN Device

A Juniper vSRX SD-WAN edge device can be ordered and created on Network Edge. You can create a cluster, redundant devices, or a single edge device. Juniper SD-WANs are self-configured and require you to bring your own license. This topic demonstrates how to create a single Juniper device.

Before creating your Juniper SD-WAN in Network Edge, do the following in Juniper’s Contrail Service orchestrator:

  1. Upload the license file to generate a bootstrap configuration of the device.
  2. Provide the user name and public key for accessing the device.
  3. Apply an ACL that supports UDP destination ports 500 & 4500, and TCP port destination 7894. This ACL is necessary to make sure the vSRX SD-WAN is accessible by the orchestrator.
  4. Finalize the device. It can take several minutes for the device to be active and visible on the orchestrator. Do not make any changes during this time.
  5. Sign into the device and start an SFTP service. This allows the orchestrator to push the template file to the vSRX instance.
  6. Select the template SRX as SD-WAN CPE then clone it to create your own configuration.
tip

SD-WAN devices can be launched using Network Edge APIs. For more information, see Network Edge API – Launch SD-WAN Device.

Juniper vSRX Limitations

This topic provides a list of commands that are restricted on Juniper vSRX, and information about certificates and version upgrade limitations.

Restricted Commands

The following commands are restricted on Juniper vSRX:

  • Any command starting from request. Exceptions: request system reboot.
  • Start shell.
  • Show interfaces fxp0.
  • Any command starting from ssh.
  • Any command starting from telnet.
  • Any command starting from restart.
  • Any command starting from file.
  • Show system license keys.
  • Any system level commands or commands that include the word system.
  • Any config on interface ge-0/0/0.
  • Any config on interface fxp0.
  • Any config on interface loopback 0 unit 10.
  • Any config or command that has routing-instance external.
  • Any command that has security-zone external.
  • Any command that has security policies from-zone external.
  • Any command that has routing-options static.

Version Upgrade Limitations

  • Always save a copy of certificates before performing vSRX upgrades.
  • Once the vSRX upgrade is complete, certificates are required to be copied and loaded back into vSRX configuration as they were before the upgrade.

Enabling Certificates

For information on enabling certificates on Juniper go to: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21718&actp=METADATA.