Firefly Perimeter is a virtual security appliance that provides security and networking services at the perimeter in virtualized private or public cloud environments. It runs as a virtual machine (VM) on a standard x86 server and delivers similar security and networking features available on branch SRX Series devices.
However not all the features that are supported by SRX hardware devices are supported. Here is the list of features supported by current firefly 12.1x46-d10 release.
Firefly Perimeter Hardware Specifications
- Memory 2 GB
- Disk space 2 GB
- vCPUs 2
- vNICs Up to 10
- Virtual Network Interface Card type (NIC) E1000
Thanks to Juniper’s software evaluation program we can download the Firefly Perimeter security solution for free and test it out for 60 days. In this tutorial we are going to connect Firefly Perimeter to GNS3 and create a simple lab to test connectivity between two vSRX instances. As GNS3 has built-in support for VirtualBox and Qemu/KVM they both can used as hypervisor.
Firefly Perimeter virtual machines can be download here. You have to use your Juniper account to proceed the download but a valid service contract is not required to to download Firefly Perimeter virtual machine.
Picture 1 - Juniper Login Window
Notice that they are both JVA and OVA files available for download. We will download the OVA file archive that contains vmdk vSRX image and other files required for running vSRX on VMware appliance.
Picture 2 - Firefly Perimeter Download Page
Part 1 Running Firefly Perimeter as Qemu Appliance
This part discuss how to convert Firefly Perimeter installed on VMware image to qcow2 disk format that is recognized by Qemu and explains GNS3 Qemu settings configuration. As the current GNS3 1.0 beta2 does not have Qemu support included yet we will use the most latest GNS3 0.8.7 version with Qemu support.
1.1. Extract vmdk Virtual Disk from OVA File
$ tar xvf junos-vsrx-12.1X46-D10.2-domestic.ova
Picture 3 - Extracting OVA File
Starting at version 0.12, Qemu-kvm has native support for VMware virtual machines disks. When we have a closer look at the virtual disk we will find that the disk type is streamOptimized read only disk.
Picture 4 - StreamOptimized Virtual Machine Disk
As you can see, Qemu refuses to open streamOptimized virtual disks complaining that VMDK version 3 must be read only.
Picture 5 - Qemu fails to open StreamOptimized Virtual Machine Disk
A workaround consists of the conversion from streamOptimized vmdk disk to the copy and write qcow2 virtual machine disk type tha is recognized by Qemu.
$ qemu-img convert -O qcow2 junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk junos-vsrx-12.1X46-D10.2-domestic.img
Picture 6 - Converting from VMDK to QCOW2 Virtual Machine Disk
Part 1.2 GNS3 Qemu General and Guest Settings Configuration for Firefly Permiter
Start GNS3 0.8.7 and create a new project. Navigate to Edit -> Preferences -> Qemu -> Qemu General Settings. Configure Qemu general parameters and click test button.
Picture 7 - GNS3 General Qemu Settings
Go ahead and configure GNS3 Guest settings. Navigate to Edit -> Preferences -> Qemu -> Qemu Guest. Configure vSRX parameters according to the picture below.
Picture 8 - Qemu Guest Settings
Note Do not omit Qemu option -smp 2. According to my test, it is required to configuretwo CPUs for VM otherwise all Gigabit Ethernet interfaces are not recognized.
Part 2 Running Firefly Perimeter as VirtualBox Appliance
In this part we are going to convert Firefly Perimeter installed on VMware virtual machine disk (VMDK) to the native Virtualbox disk format - Virtual Disk Image (VDI). Then we will create a VirtualBox Firefly Perimeter VM and attach a virtual disk with installed Firefly Perimeter to this machine. At the end, we will configure GNS3 VirtualBox General Settings and VirtualBox VMs Settings to support our newly created Firefly Perimeter Vm.
Note As the new GNS3 1.0 version supports VirtualBox we will use it.
2.1. Extract Vmdk Virtual Disk from OVA File
$ tar xvf junos-vsrx-12.1X46-D10.2-domestic.ova
Convert VMware VMDK disk to VirtualBox disk VDI.
$ vboxmanage clonehd -format VDI junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk junos-vsrx-12.1X46-D10.2-domestic.vdi
Start VirtualBox Manager with the command below.
$ sudo virtualbox
Navigate to Machine-> New and select Type and Version as it is shown on the picture below.
Picture 9 - Creating New VirtualBox VM
Assign at least 1024 MB RAM to our VM. Continue to the Hard Drive window and select path to VDI disk.
Picture 10 - Selecting Hard Drive for VM
Left click on Firefly Perimeter VM and press Ctrl-S to open VM settings window. Navigate to System-> Processor and increase number of CPU to 2. This is need otherwise Junos fails to recognize Gigabit Ethernet interfaces.
Picture 11 - Increasing Number of CPU to 2
Note For each Firefly Perimeter network device inside GNS3 project, VirtualBox VM must be created first. For this reason we consider the Firefly Perimeter VM we have just created as the base image and we will used for cloning any other Firefly Perimeter VMs. Left click on Firefly Perimeter VM and press Ctrl-O.
Picture 12 - Cloning Firefly Perimeter Base VM
Select the Full Clone option a continue with pressing Clone button.
2.2 GNS3 VirtualBox General and Guest Settings Configuration for Firefly Permiter
Start GNS3 1.x and create a new project. If you run GNS3 on Linux, navigate to Edit -> Preferences -> VirtualBox -> General Settings. Configure path to VirtualBox wrapper.
Picture 13 - VirtualBox General Settings
Switch to VirtualBox VMs menu. Click on Refresh VM List button an select our virtual machine from the list. Change the default NIC type from Automatic to Paravirtualized (virtio-net) type otherwise connection will not be working.
Picture 14 - VirtualBox VMs Preferences
3. Testing Connectivity between Firefly Perimeter vSRX Instances
We are going to connect two instances of Firefly Perimeter vSRX routers via Gigabit Ethernet interfaces em0. The interface em0 represents an interface GigabiEthernet 0/0/0 in vSRX cli. We will assign IP address to the interfaces and issue the ping command on the vSRX-I router pinging the IP address 192.168.1.2 of the second router.
Picture 15 - Testing Topology
Start the routers and login as root without the blank password. Type the command cli to enter vSRX CLI. Check the available GigabitEthernet interfaces with the command:
root> show interfaces ge-0/0/* terse
Picture 16 - Firefly Perimeter Gigabit Ethernet Interfaces
They are seven GigabitEthernet interfaces presented in CLI output. Now assign particular IP address to the interface ge-0/0/0 on both routers.
vSRX-I Configuration
root@%
root@% cli
root> configure
[edit]
root# set system host-name vSRX-I
root# set system root-authentication plain-text-password
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
root# set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic system-services ping
root# commit
root@vSRX-I> exit
vSRX-II Configuration
root@%
root@% cli
root> configure
[edit]
root# set system host-name vSRX-II
root# set system root-authentication plain-text-password
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.2/24
root# set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic system-services ping
root# commit
root@vSRX-II> exit
To test connectivity between router, ping IP address 192.168.1.2 from the router vSRX-I.
Picture 17 - Successful Ping Between Routers
4. Issues
This chapter describes the issues and their workarounds that I have noticed while I was playing with vSRX VirtualBox and Qemu instances.
4.1 Single vCPU Versus Multiple vCPUs
When a single CPU is used for a vSRX instance, Gigabit Ethernet interfaces are not presented in vSRX CLI. To overcome this issue, assign two CPUs for each node. For a Qemu instance you can do it inside GNS3. Navigate to Advanced settings tab under a node configuration and type -smp 2 option to the Additional setting option. It is shown on the Picture 8. As for VMware and VirtualBox instances the number of processors can be changed only inside the VMware or VirtualBox VMs manager.
4.2 Same MAC Address Assigned to Cloned VirtualBox vSRX Instances
You have to reinitialize MAC address during cloning vSRX Vbox instance otherwise the clone source and the clone share the same MAC address. In this case a connection is not working. As a workaround check the box - Reinitialize the MAC address for all network cards during a cloning process.
4.3 Vlan Tagging on vSRX L3 interface when Intel PRO/1000MT Desktop (82540EM) is Used
When the default Intel Intel PRO/1000MT Desktop (82540EM) is used, vSRX Vbox instance inserts 802.1Q header to the frame even the vSRX interface is not configured as a trunk. Captured traffic is shown on the picture below.
Picture 18 - 802.1Q Header Added to Ethernet Frame
In this case connection is not working. As a workaround set the NIC type to paravirtualized network virtio-net inside GNS3. Left click on node -> Configure-> Network-> Type. The picture 19 displays captured ARP request after the NIC type was changed to virtio-net for VirtualBox vSRX instance.
Picture 19 - ARP Request Without 802.1Q Header
End.
Hello,
In the beggining of the article you are writing that also virtualbox can be used.
In new GNS3 I can't find Qemu anymore so I would like to use Virtualbox instead.
I tried to create a new VM in Virtualbox with converted .vdmk but the machine will stuck at bootloader. Is there something which I need to do to fix that?
Thank you.
So far I haven't been successful with running Firefly vSRX on VirtualBox. Sorry for confusion, I change the article.
Thanks for quick answer.
So for now it is only possible to run it as Quemu which is not supported in new GNS3 or run it in VMWare Player and connect it through network?
You are right, they're only those two options. Or you can wait for Qemu support that is planned for next GNS3 version.
Ok so tried today and Firefly is working also in VirtualBox.
After adding it to GNS3 I am able to connect to console of the device. As this is some image without GUI and probably also shell last thing I saw from booting was bootloader but device was actualy booting and working, but without anithing shown on screen of VB.
For me Firefly it's working on Vbox too but they're not any GigabitEthernet interfaces presented. How about you?
Same here. I realize that after I post comment.
I have the same problem at the beginning, but I sort it out with checking this:
1. RAM - need to have 1024M at least
2. PROCESSOR - set to 2, PAE/NX enable
3. SYSTEM TYPE BSD, VERSION FREEBSD(32-bit)
Maybe you can try
Hello Radovan your website is great!
I would like to run my SRX Firefly in my windows 7 . Can i convert .vmdk to .vdi i want it to run on my GNS3 as my guest user.
What OS do you use to integrate via emu your srx?
Can I use my backtrack or ubuntu? thanks
JOVINO,
you don't need to convert vmdk to vdi as VirtualBox can run vmdk images natively. But you should know that Gigabit interfaces aren't presented when Vbox is used to run SRX image. So far I haven't had time to troubleshoot this behavior.
Personally I use Fedora as host but any Linux distro will be fine.
Hi sir,
i have vmdk image and i m using vmware but gig interface not showing plz advise.
Increase the number of CPU to 2.
you don't need backtrack or ubuntu, you can convert .vmdk to .vdi on Win7.
first you copy cmd to the dir where VirtualBox installed. then copy the .vmdk to the dir too. At last , exec the command , it will work.
Great ! Thank you for your quick response sir!
Have a nice day . Did you also tried to emulate HP routers to run on GNS3?
Sure.
Additional question sir i've tried to run my .vmdk on my vbox how come i'm stuck "BTX loader 1.00" can you help me? thanks!
Be patient and wait for login prompt. Boot messages are being sent to console that's why you can't see them inside Vbox window. When you run image inside GNS3 you can see the whole boot process in Vbox console.
Don't mind my other post i already solved the problem .
I don't have any interfaces available in order to communicate with other routers lol anyway i will try my best to solve the problem we both encounter about the missing interfaces
So far I've made test with the interfaces that can be configured via GNS3 1.0beta2 and available for VirtualBox 4.3.16. But the result is the same - Gigabit interfaces are not presented for some reason.
PCnet-PCI II (Am79C970A)
PCNet-FAST II (Am79C973)
Intel Pro/1000 MT Desktop (82540EM)
Intel Pro/1000 T Server (82543GC)
Intel Pro/1000 MT Server (82545EM)
Paravirtualized Network (virtio-net)
Hi All,
I am using a windows 8 laptop (64 Bit)
converted the vmdk to vdi
I tried creating a VM in Oracle Virtual Box manager using the VDI and when i try to start
a window appears and it stays on the screen without any further action
Loading /boor/loader
/boor/loader tried
will boot from alternate path
loading /cf/boot/loader
BTX Loader 1.00 BTX version 1.02
Can someone help on this ?I have been trying to setup this for more than a day now .:(
You need to enable a Serial Port for the VM. Simple as that.
Did you used the latest GNS3 beta version?
What interface is present? does em0,em1 are available?
can you post your result for : show interface terse?
thanks! By the way your blog is great i learned a lot from it .
I think I got it running on Vbox with gigabit interfaces presented but need to do some more tests.
What version of GNS3 did you use sir?
I'm using GNS3 1.0beta2. Navigate to VM settings and increase the number of CPU to 2. However even Ge interfaces are presented now, I can't issue the successful ping between VSRX instances. I'm using VirtualBox 4.3.16. Maybe Vbox issue (but I can ping two Linux Core machines) or problem with VSRX configuration (I have only little experience with VSRX configuration). Can you please try it?
OK I definitely got it running on VirtualBox. The key is to configure two CPU for each VSRX VM in Vbox settings and select paravirtualized network (virtio-net) NIC in GNS3 Vbox VM settings. In that case, Gigabit NICs are presented and connection is working. I will update tutorial soon
Wow great news!
You're the best i'm looking forward to your tutorial.
I'm excited to share it with my colleagues and introduce your site to them.
By the way I only use 128 Ram for my SRX Vbox settings is it enough or should i make it 256?
Seems that 256MB is really not enough. According to the this document, you need minimum 4GB for a host and 2 GB for a guest (Firefly Perimeter).
Hello, thanks for info.
Tried today with 2 CPU and 1GB of RAM and it is also working.
So probably the problem was only in number of CPU.
I also checked configuration of Machine imported to VMWare Player directly from Juniper Website and the config there is for 2CPU and 2GB RAM. If i changed config in VMWare to 1 CPU gigabit interfaces are gone.
I tried 512MB for VBOX configuration all works well still I don't know how can I increase the processor to TWO . My GNS3 0.8.6 . When I creating my SRX to vbox what kind of network adapter i will use Bridge adapater,Nat,Etc?
Then i will use paravirtualized? Thank you
the number of CPU must be changed in VM settings using Vbox Manager. I've already mentioned it VBox section of the tutorial but I will add a screenshot. According to my tests, ping between two vSRX instances was not working for all NICs available for Vbox machine except of the paravirtualized NIC type.
Ok I will wait for your new tutorial about integrating SRX to virtual box . Looking forward about it . I appreciate your passion for this stuff!
You don't need to wait as I updated tutorial 2 days before.
Great!
Thanks sir Radovan
Hello sir! I'm back i've been following your tutorial since you updated it.
I have a problem i follow all the steps still the gigabit ethernet is still not present.
Here is my configuration on my vbox .
Processor: 2 cpu
Network adapter : NAT /Advance Option :Adapter Type : Para virtualized
I already tried to use Intel PRO and PC-Net
No gigabit Ethernet present
GNS3 config
Virtualbox Guest config
NIC model: virtio
GNS3 version 0.8.6
Hi Radovan,
I followed the article on Part - 1, I did the exactly the samething as you mentioned in Running Firefly Perimeter as Qemu Appliance..
I can start the Quemu machine in gns3, I saw a green light on the right pannel, no issues... but when I console it, the terminal popsup and close it within a sec. tried different setting and never worked..
My machine settings are: I have windows 7 (64bit) installed and I have installed VMware workstation 10.0.3, then installed Ubuntu 14.04.1 LTS 64bit, then installed gns3.. then followed your article, i didnt miss anything from your article part - 1. only issue iam ifacing is i cant get the console working. Pls help..
I also followed your article 2 , VBOX on windows 7, samething, when I start the VBOX Guest in gns3 and start, then I get the error:
FATAL: No bootable medium found! system halted..
pls help..
Thanks & Regards
Lish
Hi,
as for Qemu part of my tutorial, kvm is enabled. I think it should be disabled in your case.
I have no idea why you can't boot from vdi disk. Did you use vboxmanage utility to convert from vmdk to vdi disk? If yes, you can make this test. Use qemu-img in your Ubuntu OS to convert from vmdk do vdi:
qemu-img convert -O vdi junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk junos-vsrx-12.1X46-D10.2-domestic.vdi
Then copy Firefly vdi disk to Windows 7 and boot the VM again with your new vdi disk attached. Any change?
Hi,
GNS3 beta 3 supported Qemu .
So , anybody tried running vsrx on GNS3 Beta with Virtual Box on Window OS ?
Hi,
Thanks for the quick response.. yes I have enabled KVM as per your screenshot for Qemu part.. :(
I used vboxmanage utility to convert from vmdk to vdi disk? yes.. in windows...
Brilliant thanks..:) :) :) :)
- I just tried as per your solution, tried convert it in ubuntu, and copy over on windows 7.. this time I can boot them - no issues.. I could see the GE interfaces... but em0 interfaces were disapperead.. is that normal?
I tried tested creating 3 routers and configured the IPS, but I couldnt get the Ping working.. I set the nic model to virtio in gns3, and I just leave it as it default setting in VOBX network setting.
Pls advice..
Thanks
For some reason, converting to vdi on Windows doesn't create a disk that can be booted. On Linux, it's working ok. I have no physical machine with Windows installed to make some more tests maybe I will create the virtual one.
If you can see Gigabit Eternet interfaces in Junos CLI, it's a desirable behavior.
I guess there is an error in your configuration. Just connect two FireFly instances and to the same config as I did in the tutorial.
Thanks Radovan, I didnt realise that I have to use the below command..
set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic system-services ping
I never used it before when i used it with ge-0/0/0 interfaces, it worked before so i omitted when i use other interfaces like ge-0/0/1 or ge-0/0/2 etc etc
i have leanrt something new.. Thanks verymuch.. :) i can sleep peacefully after some days battle, and then back to Junos Track.. :)
Ok I have tried OSPF with 3 routers.
R1 (ge-0/0/1) connected to R2(ge-0/0/1), & R2 (ge-0/0/2) connected to R3(ge-0/0/1)
I have configured the IP addresses on the interfaces and can ping each other, I also have configured Loopback0 address on R1: 1.1.1.1/24 & R3:3.3.3.3/24
And I have advertised in ospf area 0 along with the physical addresses & lo0's.
i can see the R3's lo0 from R1 routing table, likewise I can see R1's lo0 in R3's routing table..
But i am not able to ping the R3 lo0 from R1 nor R1 Lo0 from R3.
What do I need to do here?
any help pls
Thanks
Hi Radovan,
ANy help on the above pls?
I just realized that I am not able to ping from R1 to R2(ge-0/0/2) interface IP address or even R3-(ge-0/0/1)
likewise from R3, to R2(ge-0/0/1) or even R1 (ge-0/0/1) interface IP's.
any thoughts?
Thanks
Lish,
can you ping Ethernet interfaces R1(Ge0/0/1)-(Ge0/0/1)R2 and R2(Ge0/0/2)-(Ge0/0/1)R3. If yes, check the routing tables on all routers. If they are all OSPF routes there, problem is definitely connected with your configuration (not with emulator or GNS3). Then my question is if you allowed ping service on all interfaces across the routers.
Hi Radovan,
Thanks for coming back to me on this, Yes I can ping directly connected interfaces. Also I can see the routes..
I have retried with 2 routers with ospf. still not able to.
R1(ge-0/0/1) connected to R2(ge-0/0/1)
I configured with the following:
R1:
set system host-name R1
set interfaces ge-0/0/1 unit 0 family inet address 121.121.121.1/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/24
set routing-options router-id 1.1.1.1
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols ospf
R2:
set system host-name R2
set interfaces ge-0/0/1 unit 0 family inet address 121.121.121.2/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/24
set routing-options router-id 2.2.2.2
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols ospf
==============================================
from R1: ping 2.2.2.2 & from R2: ping 1.1.1.1 failed even using source interface as lo0..
I have tried the below also to see if I can ping neighbor lo0 address...still No..
================================================
set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic protocols ospf
================================================
root@R1> show route
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/24 *[Direct/0] 01:29:39
> via lo0.0
1.1.1.1/32 *[Local/0] 01:29:39
Local via lo0.0
2.2.2.0/24 *[OSPF/10] 01:03:45, metric 1
> to 121.121.121.2 via ge-0/0/1.0
2.2.2.2/32 *[OSPF/10] 01:03:45, metric 1
> to 121.121.121.2 via ge-0/0/1.0
121.121.121.0/24 *[Direct/0] 01:29:39
> via ge-0/0/1.0
121.121.121.1/32 *[Local/0] 01:29:39
Local via ge-0/0/1.0
224.0.0.5/32 *[OSPF/10] 01:08:26, metric 1
MultiRecv
root@R1>
root@R2> show route
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.0/24 *[OSPF/10] 01:04:31, metric 1
> to 121.121.121.1 via ge-0/0/1.0
1.1.1.1/32 *[OSPF/10] 01:04:31, metric 1
> to 121.121.121.1 via ge-0/0/1.0
2.2.2.0/24 *[Direct/0] 01:31:20
> via lo0.0
2.2.2.2/32 *[Local/0] 01:31:20
Local via lo0.0
121.121.121.0/24 *[Direct/0] 01:31:20
> via ge-0/0/1.0
121.121.121.2/32 *[Local/0] 01:31:20
Local via ge-0/0/1.0
224.0.0.5/32 *[OSPF/10] 01:04:51, metric 1
MultiRecv
root@R2>
==========================================
======================================================================
root@R1> show ospf neighbor
Address Interface State ID Pri Dead
121.121.121.2 ge-0/0/1.0 Full 2.2.2.2 128 38
root@R1> show ospf neighbor detail
Address Interface State ID Pri Dead
121.121.121.2 ge-0/0/1.0 Full 2.2.2.2 128 34
Area 0.0.0.0, opt 0x52, DR 121.121.121.1, BDR 121.121.121.2
Up 01:08:23, adjacent 01:08:23
root@R1>
root@R1> ping 121.121.121.2
PING 121.121.121.2 (121.121.121.2): 56 data bytes
64 bytes from 121.121.121.2: icmp_seq=0 ttl=64 time=0.783 ms
64 bytes from 121.121.121.2: icmp_seq=1 ttl=64 time=0.999 ms
^C
--- 121.121.121.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.783/0.891/0.999/0.108 ms
root@R1>
======================================================================
root@R2> show ospf neighbor
Address Interface State ID Pri Dead
121.121.121.1 ge-0/0/1.0 Full 1.1.1.1 128 37
root@R2>
root@R2> show ospf neighbor detail
Address Interface State ID Pri Dead
121.121.121.1 ge-0/0/1.0 Full 1.1.1.1 128 35
Area 0.0.0.0, opt 0x52, DR 121.121.121.1, BDR 121.121.121.2
Up 01:08:53, adjacent 01:08:53
root@R2> ping 121.121.121.1
PING 121.121.121.1 (121.121.121.1): 56 data bytes
64 bytes from 121.121.121.1: icmp_seq=0 ttl=64 time=0.883 ms
64 bytes from 121.121.121.1: icmp_seq=1 ttl=64 time=0.897 ms
^C
--- 121.121.121.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.883/0.890/0.897/0.007 ms
root@R2>
======================================================================
I dont know if I am doing something wrong here.. Appriciate if you can help pls..
Thanks & Reg,
Lish
Lish, thank you for detailed output it made my troubleshooting much easier. I suggest you to do following:
1) Add lo.0 to the untrust zone on both routers (I guess you already did it)
set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic system-services ping
set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic protocols ospf
2) Create the following security policy on both routers
set security policies from-zone untrust to-zone untrust policy default-permit match source-address any
set security policies from-zone untrust to-zone untrust policy default-permit match destination-address any
set security policies from-zone untrust to-zone untrust policy default-permit match application any
set security policies from-zone untrust to-zone untrust policy default-permit then permit
This configuration should solve your problem.
Another option is to switch ge-0/0/1 and lo.0 to trusted zone and allow system-services ping for trusted zone. As the security policy trust to trust zone is created by default and permits all traffic and application, you don't have to create this zone. It is shown in Marc's tutorial:
Thanks Radovan, Sorry I havent tested this yet, I will test this and let you know..
Thanks a million Once again..
thanks Radovan, its working :)
Brezular, Thanks for sharing your knowledge! You have one of the most useful blogs. As noted in your gns3 forum thread comment, I switched to qemu 1.6.2 (other version 1.1.0 I had just wouldn't work).
If it helps anyone...I was able to get 6 instances running at 512 meg ram each. Although the only config I've got going is ospf for now). Using only qemu (not virtualbox or gns3). Had to use "-smp 2" as noted in this blog. Also used "-enable-kvm" & host cpu is at 18% on an phenomII 1100t. Also initially intf didn't show in 'show interface terse' but does in 'show int ge-0/0/0 for example. Maybe because I need to wait a bit (e.g. interface daemon or whatever take a moment).....because on other boots, I wait a sec and g/e intf is present in terse output. Anyway HTH someone.
Thx for you feedback.
Hi,
Thanks for the wonderful post. I was super excited and immediately tried downloading firefly .ova file and wanted to use in on my ubuntu system running GNS3.
However, I couldn't convert .vmdk file (which I extracted from .ova file) to .img file for use in GNS3. It says "operation not permitted". I even tried to use v2v converter in my windows machine to convert .vmdk to .img file, no luck.
I spent last two days searching Internet for a possible fix, but many have reported problems but no solution...some have passed this and installed successfully.
I tried with two different Firefly versions, just in case if my previous downloaded file had some issues. Still no luck.
How to get over this problem and convert .vmdk file to .img file? Is it possible for anyone of you to upload .img file if it is an easier option and if it doesn't break any agreement?
I am preparing for my JNCIS-SEC exam this month and really need some hands-on to register the topics that I read from the books.
Many thanks. Vx
Hi,
Successfully converted to .img file using another system and also made to work on GNS3. Thanks...your blog was really beneficial to me.
Dears/Seniors,
I need your help on below issue, please help to fix.
Issue
+++++++++++++++++++++++++++++++
I have "junos-vsrx-12.1X47-D10.4-domestic-disk1.vmdk" file and I converted it to .vdi. Now I want to run this vdi file in virtual box and where in I would be able to run Juniper vSRX in GNS3.
In Virtual BOX I configured the below settings
1. OS - Linus
2. Version - Debian 64 Bit
3. CPU - 2
4 RAM - 2048
However, When I tried to boot the .VDI file , JUNOS gets booted but in Midway it goes to "db" mode and remain stuck @ the same place.
Please help and advise me where/what is i am doing wrong here.
I would be very thankful to u all.
I tried to isolate the problem regarding the ge0/0/1 interface
I just created a simple point to point topology I used ge0/0/1 interface for SRX still i can't ping the other side . I already configured all the necessary security
===============================
policy to allow my services [edit security zones security-zone untrust]
root# show
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/1.0;
}
========================================
is it possible my ge0/0/1 is only virtually available but it can not forward packets towards its destination interface?
1 interface can only be used ?
regarding my post
I tried to configured my interface ge0/0/0 it works well .
but it all boils down when I try to use ge 0/0/1 it failed. thanks for the help!
Do you have the same result with both Qemu and VirtualBox?
Thanks for this post.
vSRX firefly works like a charm on my QEMU/GNS3 setup. I am using Window 7 with 16GB RAM and I can simulate several routers/switch scenario for my JNCIP-ENT exam preparation.
If you want to use vSRX as a router, you can disable the security feature by invoking the following commands and reboot the device afterwards.
=====================================
delete security
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
========================================
Have fun labbing :)
Could u please share the steps dear ? I tried vrx to run on gns3 by convertting .vmdk to .vdi to ,img but no interface shown by vrx post boot operation . Please help
Hi Gaurav, I only used .vmdk format and haven't explored the .vdi/.img format yet.
When you encountered no interfaces (e.g. ge-0/0/0) showing up on your setup, try rebooting your router (e.g. request system reboot) and it will help.
Also make sure that you have selected the correct adapter type on your EQMU VM Configuration section (e.g. GNS3 --> Preferences --> QEMU --> QEMU VMs ---> Network). In my case its e1000 and I have selected 8 adapters to give me interfaces ge-0/0/[0 to 7].
Hi mar combat,
Thanks for the response dear......
Yday I tried some tweaks with GNS3 and vSRX and yeah it is working perfectly fine. :-)
Is it working in packet mode? Or are you using it as a FW?
Hi GauravDeep - i am facing the same issue that you were facing. My firefly console gets struck at db> , prompt.
Could you please guide as to what exactly you did to get this resolved in your case.
Rgds,
Net Race/
Can anyone get it to work in packet mode (aka as a router-only)?
Can't get them to ping each other after issuing the following cmds:
delete security
set security forwarding-options family mpls mode packet-based
commit and-quit
request system reboot
Anyone know how much it cost to purchase this for lab use to learn Juniper, and what happens after the 60 day trial (it stops working or limited function)?
I have installed success but when i log in, I get error
Message from syslogd@ at Jan 8 07:34:13 ...
SCHED: Thread 4 (Module Init) ran for 2140 ms without yielding
Message from syslogd@ at Jan 8 07:34:29 ...
SCHED: Thread 16 (Forwarding Thread) ran for 2777 ms without yielding
Message from syslogd@ at Jan 8 07:34:29 ...
Scheduler Oinker
The command is very slow. it usually crashes and reboot.
I'm running version GNS3 1.2.1, Virtualbox 4.3.20, Windows Server 2008
I setup VM with 2GB RAM and 1 CPU for SRX. Please help me resolve this issue. Tks a lot
Assign two CPUs for SRX guest in Vbox settings otherwise NICs are not recognized.
I have assgined two CPUs for SRX and it's working but can't ping between two vSRX instances(change to paravirtualized NIC type). Please help me. Tks
The key is to follow the cmds as shown below to place the SRX into packet-based mode. Otherwise, you'll need to modify the SRX security rules to allow pings.
Hi,
Iam using SRX in gns3 through QEMU
Iam not able to ping from SRX - Cisco Router & also SRX to SRX
I have tried all the scenario, allowed al the services but still no result.
Is gns3 really support SRX.
If yes then why it is not working
Please . . .som one help me with this.
I got stucked from past 1 week.
Not getting any solution on internet.
Amit,
Make sure that you have the following commands in your config by running the first cmd from the top of the config hierarchy.
show security | display set
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based
Run the following cmd to make sure that it matches as shown below:
run show security flow status
Flow forwarding mode:
Inet forwarding mode: packet based
Inet6 forwarding mode: packet based
MPLS forwarding mode: packet based
ISO forwarding mode: packet based
Helo!
I successfully integrate SRX to virtualbox and GNS3 all the interface are showing up.
2CPU core assigned to my srx host
Paravirtulized network enabled
The problem now is only 1 interface can be used the other interfaces are just like a display to my srx . How can i resolved this one?
Hi,
I want to use firewall as firewall only (Not router).
I think these commands will disable the security features.
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family mpls mode packet-based
set security forwarding-options family iso mode packet-based.
Please suggest.
Hi,
My VMs are running perfectly now, Thanks to your article.
However I am not able to onboard the VM that is running in Qemu in Juniper NSM.
On Analyzing, I found the issue as shown in the below links:
http://s27.postimg.org/xr1lw8nn7/qemu.png
http://s3.postimg.org/x92su60ur/player.png
The VM running in Qemu is not having Serial Number.
Any idea what can be the issue & how to resolve it?
I was able to install vSRX using Virtual Box and it started well but after I changed interfaces mode it is starting in db mode, here is the output, can someone please help me in this matter. I have assigned 2GB RAM and 2 processors.
SRX-1 console is now available... Press RETURN to get started.
Consoles: serial port
BIOS drdata=0x4d050+0x100b2c syms=[0x4+0x92cf0+0x4+0xd1487]
/boot/modules/libmbpool.ko text=0xd9c data=0x100
/boot/modules/if_em_vjx.ko text=0xb794 data=0x5ec+0x204 /
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...
platform_early_bootinit: Early Boot Initialization
GDB: debug ports: sio
GDB: current port: sio
KDB: debugger backends: ddb gdb
KDB: current backend: ddb
Copyright (c) 1996-2013, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
JUNOS 12.1X44-D10.4 #0: 2013-01-08 05:52:29 UTC
builder@briath.juniper.net:/volume/build/junos/12.1/service/12.1X44-D10.4/obj-i386/junos/bsd/kernels/VSRX/kernel
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz (2378.42-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x306c3 Stepping = 3
Features=0x1783fbff
Features2=0x201
AMD Features=0x8100000
Cores per package: 2
real memory = 2147418112 (2047 MB)
avail memory = 1488867328 (1419 MB)
MPTable:
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 1
pnpbios: Bad PnP BIOS data checksum
ioapic0: Changing APIC ID to 0
ioapic0: Assuming intbase of 0
ioapic0 irqs 0-23 on motherboard
netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
Initializing VSRX platform properties ..
cpu0 on motherboard
cpu1 on motherboard
pcib0: pcibus 0 on motherboard
pir0: on motherboard
$PIR: BIOS IRQ 9 for 0.7.INTA does not match link 0x62 irq 10
pci0: on pcib0
isab0: at device 1.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 1.1 on pci0
ata0: on atapci0
ata1: on atapci0
pci0: at device 2.0 (no driver attached)
pci0: at device 3.0 (no driver attached)
pci0: at device 4.0 (no driver attached)
pci0: at device 6.0 (no driver attached)
Timecounter "PIIX" frequency 3579545 Hz quality 0
smb0: irq 10 at device 7.0 on pci0
pci0: at device 8.0 (no driver attached)
pci0: at device 9.0 (no driver attached)
pci0: at device 10.0 (no driver attached)
orm0: at iomem 0xc0000-0xc7fff on isa0
atkbdc0: at port 0x60,0x64 on isa0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
psm0: irq 12 on atkbdc0
psm0: model IntelliMouse Explorer, device ID 4
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: at flags 0x100 on isa0
sc0: VGA
sio0 at port 0x3f8-0x3ff irq 4 flags 0x90 on isa0
sio0: type 16550A, console
sio1: configured irq 5 not in bitmap of probed irqs 0
sio1: port may not be enabled
sio2: configured irq 3 not in bitmap of probed irqs 0
sio2: port may not be enabled
sio3: configured irq 7 not in bitmap of probed irqs 0
sio3: port may not be enabled
Initializing product: 131 ..
###PCB Group initialized for udppcbgroup
###PCB Group initialized for tcppcbgroup
ad0: Device does not support APM
ad0: 2048MB at ata0-master UDMA33
SMP: AP CPU #1 Launched!
Trying to mount root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
Attaching /cf/packages/junos via /dev/mdctl...
Mounted junos package on /dev/md0...
Automatic reboot in progress...
** /dev/ad0s1a
** Last Mounted on /
** Root file system
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
349 files, 115197 used, 709838 free (26 frags, 177453 blocks, 0.0% fragmentation)
***** FILE SYSTEM MARKED CLEAN *****
** /dev/ad0s1e
** Last Mounted on /config
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
8 files, 7 used, 102776 free (4 frags, 25693 blocks, 0.0% fragmentation)
***** FILE SYSTEM MARKED CLEAN *****
Verified junos signed by PackageProduction_12_1_0
Verified jboot signed by PackageProduction_12_1_0
Verified junos-vsrx-12.1X44-D10.4-domestic signed by PackageProduction_12_1_0
WATCHDOG_TIMER : Loss of soft watchdog
panic: Loss of soft watchdog
cpuid = 0
db_log_stack_trace_cmd(c0d02ea0,0,f6a7fb58,f6a7fb44,c05e5691) at db_log_stack_trace_cmd+0x36
panic(f6a7fb58,f6a7fb58,0,1,6) at panic+0x2dc
statclock(f6a7fc90,c5226630,4,f6a7fcd0,c0a9479f) at statclock+0x32d
lapic_handle_timer(f6a7fc90) at lapic_handle_timer+0x9d
Xtimerint() at Xtimerint+0x2f
--- interrupt, eip = 0xc0a9c7d0, esp = 0xf6a7fcd0, ebp = 0xf6a7fcd0 ---
cpu_idle_default(f6a7fd00,c05a3fd2,1,0,0) at cpu_idle_default+0x5
cpu_idle(1,0,0,c5226630,c05a3f23) at cpu_idle+0x29
idle_proc(0,f6a7fd38,0,0,0) at idle_proc+0xaf
fork_exit(c05a3f23,0,f6a7fd38) at fork_exit+0x85
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xf6a7fd70, ebp = 0 ---
###Entering boot mastership relinquish phase
KDB: enter: panic
[thread pid 12 tid 100004 ]
Stopped at kdb_enter+0x162: movl $0xc0c77125,0(%esp)
db>
SRX-1 console is now available... Press RETURN to get started.
Consoles: serial port
BIOS drive C: is disk0
BIOS 639kB/2096064kB available memory
FreeBSD/i386 bootstrap loader, Revision 1.2
(builder@briath.juniper.net, Tue Jan 8 04:04:34 UTC 2013)
Loading /boot/defaults/loader.conf
/kernel text=0x894aa0 data=0x4d050+0x100b2c syms=[0x4+0x92cf0+0x4+0xd1487]
/boot/modules/libmbpool.ko text=0xd9c data=0x100
/boot/modules/if_em_vjx.ko text=0xb794 data=0x5ec+0x204 /
Hit [Enter] to boot immediately, or space bar for command prompt.
Booting [/kernel]...
platform_early_bootinit: Early Boot Initialization
GDB: debug ports: sio
GDB: current port: sio
KDB: debugger backends: ddb gdb
KDB: current backend: ddb
Copyright (c) 1996-2013, Juniper Networks, Inc.
All rights reserved.
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
JUNOS 12.1X44-D10.4 #0: 2013-01-08 05:52:29 UTC
builder@briath.juniper.net:/volume/build/junos/12.1/service/12.1X44-D10.4/obj-i386/junos/bsd/kernels/VSRX/kernel
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz (2361.41-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x306c3 Stepping = 3
Features=0x1783fbff
Features2=0x201
AMD Features=0x8100000
Cores per package: 2
real memory = 2147418112 (2047 MB)
avail memory = 1488867328 (1419 MB)
MPTable:
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 1
pnpbios: Bad PnP BIOS data checksum
ioapic0: Changing APIC ID to 0
ioapic0: Assuming intbase of 0
ioapic0 irqs 0-23 on motherboard
netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
Initializing VSRX platform properties ..
cpu0 on motherboard
cpu1 on motherboard
pcib0: pcibus 0 on motherboard
pir0: on motherboard
$PIR: BIOS IRQ 9 for 0.7.INTA does not match link 0x62 irq 10
pci0: on pcib0
isab0: at device 1.0 on pci0
isa0: on isab0
atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 1.1 on pci0
ata0: on atapci0
ata1: on atapci0
pci0: at device 2.0 (no driver attached)
pci0: at device 3.0 (no driver attached)
pci0: at device 4.0 (no driver attached)
pci0: at device 6.0 (no driver attached)
Timecounter "PIIX" frequency 3579545 Hz quality 0
smb0: irq 10 at device 7.0 on pci0
pci0: at device 8.0 (no driver attached)
pci0: at device 9.0 (no driver attached)
pci0: at device 10.0 (no driver attached)
orm0: at iomem 0xc0000-0xc7fff on isa0
atkbdc0: at port 0x60,0x64 on isa0
atkbd0: irq 1 on atkbdc0
kbd0 at atkbd0
psm0: irq 12 on atkbdc0
psm0: model IntelliMouse Explorer, device ID 4
vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: at flags 0x100 on isa0
sc0: VGA
sio0 at port 0x3f8-0x3ff irq 4 flags 0x90 on isa0
sio0: type 16550A, console
sio1: configured irq 5 not in bitmap of probed irqs 0
sio1: port may not be enabled
sio2: configured irq 3 not in bitmap of probed irqs 0
sio2: port may not be enabled
sio3: configured irq 7 not in bitmap of probed irqs 0
sio3: port may not be enabled
Initializing product: 131 ..
###PCB Group initialized for udppcbgroup
###PCB Group initialized for tcppcbgroup
ad0: Device does not support APM
ad0: 2048MB at ata0-master UDMA33
SMP: AP CPU #1 Launched!
Trying to mount root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted
Attaching /cf/packages/junos via /dev/mdctl...
Mounted junos package on /dev/md0...
Automatic reboot in progress...
** /dev/ad0s1a
** Last Mounted on /
** Root file system
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
349 files, 115197 used, 709838 free (26 frags, 177453 blocks, 0.0% fragmentation)
***** FILE SYSTEM MARKED CLEAN *****
** /dev/ad0s1e
** Last Mounted on /config
** Phase 1 - Check Blocks and Sizes
** Phase 2 - Check Pathnames
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
8 files, 7 used, 102776 free (4 frags, 25693 blocks, 0.0% fragmentation)
***** FILE SYSTEM MARKED CLEAN *****
Verified junos signed by PackageProduction_12_1_0
Verified jboot signed by PackageProduction_12_1_0
Verified junos-vsrx-12.1X44-D10.4-domestic signed by PackageProduction_12_1_0
WATCHDOG_TIMER : Loss of soft watchdog
panic: Loss of soft watchdog
cpuid = 0
db_log_stack_trace_cmd(c0d02ea0,0,f6a7fb58,f6a7fb44,c05e5691) at db_log_stack_trace_cmd+0x36
panic(f6a7fb58,f6a7fb58,f6a7fc80,1,6) at panic+0x2dc
statclock(f6a7fc90,c5226630,4,f6a7fcd0,c0a9479f) at statclock+0x32d
lapic_handle_timer(f6a7fc90) at lapic_handle_timer+0x9d
Xtimerint() at Xtimerint+0x2f
--- interrupt, eip = 0xc0a9c7d0, esp = 0xf6a7fcd0, ebp = 0xf6a7fcd0 ---
cpu_idle_default(f6a7fd00,c05a3fd2,1,0,0) at cpu_idle_default+0x5
cpu_idle(1,0,0,0,c0a9d10d) at cpu_idle+0x29
idle_proc(0,f6a7fd38,0,0,0) at idle_proc+0xaf
fork_exit(c05a3f23,0,f6a7fd38) at fork_exit+0x85
fork_trampoline() at fork_trampoline+0x8
--- trap 0, eip = 0, esp = 0xf6a7fd70, ebp = 0 ---
###Entering boot mastership relinquish phase
KDB: enter: panic
[thread pid 12 tid 100004 ]
Stopped at kdb_enter+0x162: movl $0xc0c77125,0(%esp)
Getting following error(s) from Win 7 command line(as admin):
C:\Program Files\Oracle\VirtualBox>VBoxManage.exe clonehd -format VDI junos-vsrx-12.1X47-D10.4-domes
tic-disk1.vmdk junos-vsrx-12.1X47-D10.4-domestic.vdi
VBoxManage.exe: error: Could not get the storage format of the medium 'C:\Program Files\Oracle\Virtu
alBox\junos-vsrx-12.1X47-D10.4-domestic-disk1.vmdk' (VERR_NOT_SUPPORTED)
VBoxManage.exe: error: Details: code VBOX_E_IPRT_ERROR (0x80bb0005), component Medium, interface IMe
dium, callee IUnknown
VBoxManage.exe: error: Context: "OpenMedium(Bstr(pszFilenameOrUuid).raw(), enmDevType, enmAccessMode
, fForceNewUuidOnOpen, pMedium.asOutParam())" at line 178 of file VBoxManageDisk.cpp
any comment please, I do not have access to junos-vsrx-12.1X46-D10.2-domestic.ova only to junos-vsrx-12.1X47-D10.4-domestic.ova
Thanks
Christian
I have implemented the srxfirefly in virtualbox and integrated with gns3, i can started the console and can access the srx from GNS3.
but i cannot ping from cisco to SRX , Please advise/
SRXvirtbalbox-------------------------Cisco 2601
192.168.1.1/24
i cannot ping either way.
Hi Radovan -
I have tried to Install Juniper firefly on my Laptop with virutual box. My laptop has only one processor. But when i try to the create Juniper firefly VM with 2 processor, i get struck at db> prompt.
I am able to reach the login prompt when i create the
VM with single processor, but cannot view the GiG interfaces.
Is it becuse my host laptop is running with single processor? Is there a way to overcome this issue? Please guide me.
Rgds,
Netrace.
Thanks a lot for this guide.
I am using Ubuntu 14.04 LTS and running vSRX Perimeter (Firefly) on virtualbox.
@Netrace
I doubt there is a way to overcome the single core processor problem.
Let us know if you were able to solve it.
When I connect VSRX to Cisco router or any host in GNS3, I am unable to ping them. No ARP. Looking at packet in Wireshark, i noticed that SRX has 802.1q encapsulation. How do I fix that? The interface on juniper are configured as layer 3 and not trunk mode. Any help will be appreciated.
Read the point 4.3. You need to change NIC type to virtio-net.
I have just installed vSRX in Virtualbox, The router is able to start correctly, I have followed the basic configuration to ping from above but in still can not ping the other interface/IP. I dont know what I am doing wrong. Been working on these for days. I need help, whether its my configuration or Gns3 or emulator.
R1
set system root-authentication encrypted-password "$1$cinlC6UJ$gtkO5bpu"
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
R2
set system root-authentication encrypted-password "$1$w3i12yY4/"
set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.2/24
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping
Any help will be much appreciated. Thanks
Please, change the NIC type to virtio-net. Please, read the point 4.3
Hello Radovan
I am from 2019, above all , many thanks for your article.
I have tried to follow your article but I am unable to download the image first :(
even though , I have signed up for the site.
If you still have that image , could you send it to me please?
(I have installed vcp_17.1R1.8-disk1.vmdk , JunOS Olive-disk1.vmdk but there is no security zones command :( )
Many thanks!!
DY