Juniper vSRX Specifications
Licensing
Bring Your Own License (BYOL) products require a valid license. You are responsible for purchasing and managing your own licenses from Juniper Networks. To purchase a software license, contact your Juniper sales representative or partners.
Support
vSRX support is available for BYOL licenses. Contact your Juniper sales representative or partner to purchase a license and support contract.
Juniper vSRX
- For more information about Juniper vSRX Series, see the vSRX Virtual Firewall Product page.
- Juniper Networks vSRX Virtual Firewall Data Sheet
- vSRX Documentation
Small | Medium | Large | |
---|---|---|---|
CPU | 2 Cores | 5 Cores | 9 Cores |
Memory | 4 GB | 8 GB | 16 GB |
Software Package | Standard | ||
Virtual Data Interfaces Supported (Default/Max) | 8 / 8 | ||
System Reserved Interfaces | Fxp 0 (Management) Ge-0/0/0 (WAN/SSH) | ||
Available License Type | BYOL | ||
Access Methods | SSHWeb Console | ||
Image Version | See Available Image Versions | ||
Restricted CLI Commands | None | ||
Deployment Options | Single Redundant Cluster |
Juniper vSRX SD-WAN
Small | Medium | Large | |
---|---|---|---|
CPU | 2 Cores | 5 Cores | 9 Cores |
Memory | 4 GB | 8 GB | 16 GB |
Software Package | Standard | ||
Virtual Data Interfaces Supported (Default/Max) | 8 / 8 | ||
Reserved Interfaces | Fxp 0 (Management) Ge-0/0/0 (WAN/SSH) | ||
Available License Type | BYOL | ||
Access Methods | SSHWeb Console | ||
Image Version | See Available Image Versions | ||
Deployment Options | Single Redundant Cluster |
For information about Juniper limitations, see Juniper vSRX Limitations.
For information about creating a Juniper vSRX cluster, see Creating a Juniper vSRX Cluster.
Creating a Juniper vSRX SD-WAN Device
A Juniper vSRX SD-WAN edge device can be ordered and created on Network Edge. You can create a cluster, redundant devices, or a single edge device. Juniper SD-WANs are self-configured and require you to bring your own license. This topic demonstrates how to create a single Juniper device.
Before creating your Juniper SD-WAN in Network Edge, do the following in Juniper’s Contrail Service orchestrator:
- Upload the license file to generate a bootstrap configuration of the device.
- Provide the user name and public key for accessing the device.
- Apply an ACL that supports UDP destination ports 500 & 4500, and TCP port destination 7894. This ACL is necessary to make sure the vSRX SD-WAN is accessible by the orchestrator.
- Finalize the device. It can take several minutes for the device to be active and visible on the orchestrator. Do not make any changes during this time.
- Sign into the device and start an SFTP service. This allows the orchestrator to push the template file to the vSRX instance.
- Select the template SRX as SD-WAN CPE then clone it to create your own configuration.
SD-WAN devices can be launched using Network Edge APIs. For more information, see Network Edge API – Launch SD-WAN Device.
Juniper vSRX Limitations
This topic provides a list of commands that are restricted on Juniper vSRX, and information about certificates and version upgrade limitations.
Restricted Commands
The following commands are restricted on Juniper vSRX:
- Any command starting from
request
. Exceptions:request system reboot
. - Start shell.
- Show interfaces fxp0.
- Any command starting from
ssh
. - Any command starting from
telnet
. - Any command starting from
restart
. - Any command starting from
file
. - Show system license keys.
- Any system level commands or commands that include the word
system
. - Any config on interface
ge-0/0/0
. - Any config on interface
fxp0
. - Any config on interface
loopback 0 unit 10
. - Any config or command that has
routing-instance external
. - Any command that has
security-zone external
. - Any command that has
security policies from-zone external
. - Any command that has
routing-options static
.
Version Upgrade Limitations
- Always save a copy of certificates before performing vSRX upgrades.
- Once the vSRX upgrade is complete, certificates are required to be copied and loaded back into vSRX configuration as they were before the upgrade.
Enabling Certificates
For information on enabling certificates on Juniper go to: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21718&actp=METADATA.