How to run Juniper Firefly Perimeter vSRX on GNS3

Firefly Perimeter is a virtual security appliance that provides security and networking services at the perimeter in virtualized private or public cloud environments. It runs as a virtual machine (VM) on a standard x86 server and delivers similar security and networking features available on branch SRX Series devices.

However not all the features that are supported by SRX hardware devices are supported. Here is the list of features supported by current firefly 12.1x46-d10 release.

Firefly Perimeter Hardware Specifications

  • Memory 2 GB
  • Disk space 2 GB
  • vCPUs 2
  • vNICs Up to 10
  • Virtual Network Interface Card type (NIC) E1000

Thanks to Juniper’s software evaluation program we can download the Firefly Perimeter security solution for free and test it out for 60 days. In this tutorial we are going to connect Firefly Perimeter to GNS3 and create a simple lab to test connectivity between two vSRX instances. As GNS3 has built-in support for VirtualBox and Qemu/KVM they both can used as hypervisor.

Firefly Perimeter virtual machines can be download here. You have to use your Juniper account to proceed the download but a valid service contract is not required to to download Firefly Perimeter virtual machine.

Picture1-Login_to_Juniper_Web

Picture 1 - Juniper Login Window

Notice that they are both JVA and OVA files available for download. We will download the OVA file archive that contains vmdk vSRX image and other files required for running vSRX on VMware appliance.

Picture2-Download

Picture 2 - Firefly Perimeter Download Page

Part 1 Running Firefly Perimeter as Qemu Appliance

This part discuss how to convert Firefly Perimeter installed  on VMware image to qcow2 disk format that is recognized by Qemu and explains GNS3 Qemu settings configuration. As the current GNS3 1.0 beta2 does not have Qemu support included yet we will use the most latest GNS3 0.8.7 version with Qemu support.

1.1. Extract vmdk Virtual Disk from OVA File

$ tar xvf junos-vsrx-12.1X46-D10.2-domestic.ova

Picture3-Extractin_OVA_File

Picture 3 - Extracting OVA File

Starting at version 0.12, Qemu-kvm has native support for VMware virtual machines disks. When we have a closer look at the virtual disk we will find that the disk type is streamOptimized read only disk.

Picture4-The_Content_of_Virtual_Disk

Picture 4 - StreamOptimized Virtual Machine Disk

As you can see, Qemu refuses to open streamOptimized virtual disks complaining that VMDK version 3 must be read only.

Picture5-Qemu_Fails_to_Open_VMDK3

Picture 5 - Qemu fails to open StreamOptimized Virtual Machine Disk

A workaround consists of the conversion from streamOptimized vmdk disk to the copy and write qcow2 virtual machine disk type tha is recognized by Qemu.

qemu-img convert -O qcow2 junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk junos-vsrx-12.1X46-D10.2-domestic.img

Picture6-VMDK_to_QCOW2_Virtual_Machine_Disk

Picture 6 - Converting from VMDK to QCOW2 Virtual Machine Disk

Part 1.2 GNS3 Qemu General and Guest Settings Configuration for Firefly Permiter

Start GNS3 0.8.7 and create a new project. Navigate to Edit -> Preferences -> Qemu -> Qemu General Settings. Configure Qemu general parameters and click test button.

Picture7–GNS4_General_Qemu Settings

Picture 7 - GNS3 General Qemu Settings

Go ahead and configure GNS3 Guest settings. Navigate to Edit -> Preferences -> Qemu -> Qemu Guest. Configure vSRX parameters according to the picture below.

Picture8–GNS3_General_Qemu Settings

 Picture 8 - Qemu Guest Settings

Note  Do not omit Qemu option -smp 2. According to my test, it is required to configuretwo CPUs for VM  otherwise all Gigabit Ethernet interfaces are not recognized.

Part 2 Running Firefly Perimeter as VirtualBox Appliance

In this part we are going to convert Firefly Perimeter installed on VMware virtual machine disk (VMDK) to the native Virtualbox disk format - Virtual Disk Image (VDI). Then we will create a VirtualBox Firefly Perimeter VM and attach a virtual disk with installed Firefly Perimeter to this machine.  At the end, we will configure GNS3 VirtualBox General Settings and  VirtualBox VMs Settings to support our newly created Firefly Perimeter Vm.

Note  As the new GNS3 1.0 version supports VirtualBox we will use it.

2.1. Extract Vmdk Virtual Disk from OVA File

$ tar xvf junos-vsrx-12.1X46-D10.2-domestic.ova

Convert VMware VMDK disk to VirtualBox disk VDI.

$ vboxmanage clonehd -format VDI junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk junos-vsrx-12.1X46-D10.2-domestic.vdi

Start VirtualBox Manager with the command below.

$ sudo virtualbox

Navigate to Machine-> New and select Type and Version as it is shown on the picture below.

Picture9–Creating_new_Vbox_VM

Picture 9 - Creating New VirtualBox VM

Assign at least 1024 MB RAM to our VM. Continue to the Hard Drive window and select path to VDI disk.

Picture10–Seleting_Hard_Drive

Picture 10 - Selecting Hard Drive for VM

Left click on Firefly Perimeter VM and press Ctrl-S to open VM settings window. Navigate to  System-> Processor and increase number of CPU to 2. This is need otherwise Junos fails to recognize Gigabit Ethernet interfaces.

Picture11–Increasing_the_number_of_CPU

Picture 11 - Increasing Number of CPU to 2

Note For each Firefly Perimeter network device inside GNS3 project, VirtualBox VM must be created first. For this reason we  consider the Firefly Perimeter  VM we have just created as the base image and we will used for cloning any other Firefly Perimeter VMs. Left click on Firefly Perimeter VM and press Ctrl-O.

Picture11–Cloning_Firefly_Base_VM

Picture 12 - Cloning Firefly Perimeter Base VM

Select the Full Clone option a continue with pressing Clone button.

2.2 GNS3 VirtualBox General and Guest Settings Configuration for Firefly Permiter

Start GNS3 1.x and create a new project. If you run GNS3 on Linux, navigate to Edit -> Preferences -> VirtualBox -> General Settings. Configure path to VirtualBox wrapper.

Picture12–VirtualBox_Preferences

Picture 13 - VirtualBox General Settings

Switch to VirtualBox VMs menu. Click on Refresh VM List button an select our virtual machine from the list. Change the default NIC type from Automatic to Paravirtualized (virtio-net) type otherwise connection will not be working.

Picture13–VirtualBox_VMs_Preferences

Picture 14 - VirtualBox VMs Preferences

3. Testing Connectivity between Firefly Perimeter vSRX Instances

We are going to connect two instances of Firefly Perimeter vSRX routers via Gigabit Ethernet interfaces em0. The interface em0 represents an interface GigabiEthernet 0/0/0 in vSRX cli.  We will assign IP address to the interfaces and issue the ping command on the vSRX-I  router  pinging the IP address 192.168.1.2 of the second router.

Picture10-vSRX_Testing_Toplogy

Picture 15 - Testing Topology

Start the routers and login as root without the blank password. Type the command cli to enter vSRX CLI. Check the available GigabitEthernet interfaces with the command:

root> show interfaces ge-0/0/* terse

Picture11-Firefly_Gigabit Ethernet_Interfaces

Picture 16 - Firefly Perimeter Gigabit Ethernet Interfaces

They are seven GigabitEthernet interfaces presented in CLI output. Now assign particular IP address to the interface ge-0/0/0 on both routers.

vSRX-I Configuration

root@%
root@% cli
root> configure
[edit]
root# set system host-name vSRX-I
root# set system root-authentication plain-text-password
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
root# set security zones security-zone untrust interfaces ge-0/0/0  host-inbound-traffic system-services ping
root# commit
root@vSRX-I> exit

vSRX-II Configuration

root@%
root@% cli
root> configure
[edit]
root# set system host-name vSRX-II
root# set system root-authentication plain-text-password
root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.2/24
root# set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic system-services ping
root# commit
root@vSRX-II> exit

To test connectivity between router, ping IP address 192.168.1.2 from the router vSRX-I.

Picture11-Ping from vSRX-I_to_vSRX-II

Picture 17 - Successful Ping Between Routers

4. Issues

This chapter describes the issues and their workarounds that I have noticed while I was playing with vSRX VirtualBox and Qemu instances.

4.1 Single vCPU Versus Multiple vCPUs

When a single CPU is used for a vSRX instance, Gigabit Ethernet interfaces are not presented in vSRX CLI. To overcome this issue, assign two CPUs for each node. For a Qemu instance you can do it inside GNS3. Navigate to Advanced settings tab under a node configuration and type -smp 2 option to the Additional setting option. It is shown on the Picture 8. As for VMware and VirtualBox instances the number of  processors can be changed only inside the VMware or VirtualBox VMs manager.

4.2 Same MAC Address Assigned to  Cloned VirtualBox vSRX Instances

You have to reinitialize MAC address during cloning  vSRX Vbox instance otherwise the clone source and the clone share the same MAC address. In this case a connection is not working. As a workaround check the box - Reinitialize the MAC address for all network cards during a cloning process.

4.3 Vlan Tagging on vSRX L3 interface when Intel PRO/1000MT Desktop (82540EM) is Used

When the default Intel Intel PRO/1000MT Desktop (82540EM) is used, vSRX Vbox instance inserts 802.1Q header to the frame even the vSRX interface is not configured as a trunk. Captured traffic is shown on the picture below.

Picture 18 - 802.1Q Header Added to Ethernet Frame 

In this case connection is not working. As a workaround set the NIC type to paravirtualized network virtio-net inside GNS3. Left click on node -> Configure-> Network-> Type. The picture 19 displays captured ARP request after the NIC type was changed to virtio-net for VirtualBox vSRX instance.

Picture 19 - ARP Request Without 802.1Q Header  

End.

Links
http://www.junosworkbook.com/

83 thoughts on “How to run Juniper Firefly Perimeter vSRX on GNS3

  1. Hello,
    In the beggining of the article you are writing that also virtualbox can be used.
    In new GNS3 I can't find Qemu anymore so I would like to use Virtualbox instead.
    I tried to create a new VM in Virtualbox with converted .vdmk but the machine will stuck at bootloader. Is there something which I need to do to fix that?
    Thank you.

      1. Thanks for quick answer.
        So for now it is only possible to run it as Quemu which is not supported in new GNS3 or run it in VMWare Player and connect it through network?

          1. Ok so tried today and Firefly is working also in VirtualBox.
            After adding it to GNS3 I am able to connect to console of the device. As this is some image without GUI and probably also shell last thing I saw from booting was bootloader but device was actualy booting and working, but without anithing shown on screen of VB.

    1. I have the same problem at the beginning, but I sort it out with checking this:

      1. RAM - need to have 1024M at least
      2. PROCESSOR - set to 2, PAE/NX enable
      3. SYSTEM TYPE BSD, VERSION FREEBSD(32-bit)

      Maybe you can try

  2. Hello Radovan your website is great!
    I would like to run my SRX Firefly in my windows 7 . Can i convert .vmdk to .vdi i want it to run on my GNS3 as my guest user.

    What OS do you use to integrate via emu your srx?
    Can I use my backtrack or ubuntu? thanks

    1. JOVINO,
      you don't need to convert vmdk to vdi as VirtualBox can run vmdk images natively. But you should know that Gigabit interfaces aren't presented when Vbox is used to run SRX image. So far I haven't had time to troubleshoot this behavior.
      Personally I use Fedora as host but any Linux distro will be fine.

    2. you don't need backtrack or ubuntu, you can convert .vmdk to .vdi on Win7.
      first you copy cmd to the dir where VirtualBox installed. then copy the .vmdk to the dir too. At last , exec the command , it will work.

  3. Additional question sir i've tried to run my .vmdk on my vbox how come i'm stuck "BTX loader 1.00" can you help me? thanks!

    1. Be patient and wait for login prompt. Boot messages are being sent to console that's why you can't see them inside Vbox window. When you run image inside GNS3 you can see the whole boot process in Vbox console.

  4. Don't mind my other post i already solved the problem .
    I don't have any interfaces available in order to communicate with other routers lol anyway i will try my best to solve the problem we both encounter about the missing interfaces

    1. So far I've made test with the interfaces that can be configured via GNS3 1.0beta2 and available for VirtualBox 4.3.16. But the result is the same - Gigabit interfaces are not presented for some reason.
      PCnet-PCI II (Am79C970A)
      PCNet-FAST II (Am79C973)
      Intel Pro/1000 MT Desktop (82540EM)
      Intel Pro/1000 T Server (82543GC)
      Intel Pro/1000 MT Server (82545EM)
      Paravirtualized Network (virtio-net)

    2. Hi All,
      I am using a windows 8 laptop (64 Bit)

      converted the vmdk to vdi
      I tried creating a VM in Oracle Virtual Box manager using the VDI and when i try to start
      a window appears and it stays on the screen without any further action

      Loading /boor/loader
      /boor/loader tried
      will boot from alternate path
      loading /cf/boot/loader

      BTX Loader 1.00 BTX version 1.02

      Can someone help on this ?I have been trying to setup this for more than a day now .:(

  5. Did you used the latest GNS3 beta version?
    What interface is present? does em0,em1 are available?
    can you post your result for : show interface terse?
    thanks! By the way your blog is great i learned a lot from it .

    1. I'm using GNS3 1.0beta2. Navigate to VM settings and increase the number of CPU to 2. However even Ge interfaces are presented now, I can't issue the successful ping between VSRX instances. I'm using VirtualBox 4.3.16. Maybe Vbox issue (but I can ping two Linux Core machines) or problem with VSRX configuration (I have only little experience with VSRX configuration). Can you please try it?

      1. OK I definitely got it running on VirtualBox. The key is to configure two CPU for each VSRX VM in Vbox settings and select paravirtualized network (virtio-net) NIC in GNS3 Vbox VM settings. In that case, Gigabit NICs are presented and connection is working. I will update tutorial soon

  6. Wow great news!
    You're the best i'm looking forward to your tutorial.
    I'm excited to share it with my colleagues and introduce your site to them.
    By the way I only use 128 Ram for my SRX Vbox settings is it enough or should i make it 256?

      1. Hello, thanks for info.
        Tried today with 2 CPU and 1GB of RAM and it is also working.
        So probably the problem was only in number of CPU.
        I also checked configuration of Machine imported to VMWare Player directly from Juniper Website and the config there is for 2CPU and 2GB RAM. If i changed config in VMWare to 1 CPU gigabit interfaces are gone.

  7. I tried 512MB for VBOX configuration all works well still I don't know how can I increase the processor to TWO . My GNS3 0.8.6 . When I creating my SRX to vbox what kind of network adapter i will use Bridge adapater,Nat,Etc?
    Then i will use paravirtualized? Thank you

    1. the number of CPU must be changed in VM settings using Vbox Manager. I've already mentioned it VBox section of the tutorial but I will add a screenshot. According to my tests, ping between two vSRX instances was not working for all NICs available for Vbox machine except of the paravirtualized NIC type.

  8. Ok I will wait for your new tutorial about integrating SRX to virtual box . Looking forward about it . I appreciate your passion for this stuff!

  9. Hello sir! I'm back i've been following your tutorial since you updated it.
    I have a problem i follow all the steps still the gigabit ethernet is still not present.
    Here is my configuration on my vbox .

    Processor: 2 cpu
    Network adapter : NAT /Advance Option :Adapter Type : Para virtualized
    I already tried to use Intel PRO and PC-Net
    No gigabit Ethernet present

    GNS3 config
    Virtualbox Guest config
    NIC model: virtio

    GNS3 version 0.8.6

  10. Hi Radovan,
    I followed the article on Part - 1, I did the exactly the samething as you mentioned in Running Firefly Perimeter as Qemu Appliance..
    I can start the Quemu machine in gns3, I saw a green light on the right pannel, no issues... but when I console it, the terminal popsup and close it within a sec. tried different setting and never worked..
    My machine settings are: I have windows 7 (64bit) installed and I have installed VMware workstation 10.0.3, then installed Ubuntu 14.04.1 LTS 64bit, then installed gns3.. then followed your article, i didnt miss anything from your article part - 1. only issue iam ifacing is i cant get the console working. Pls help..

    I also followed your article 2 , VBOX on windows 7, samething, when I start the VBOX Guest in gns3 and start, then I get the error:
    FATAL: No bootable medium found! system halted..

    pls help..

    Thanks & Regards
    Lish

    1. Hi,
      as for Qemu part of my tutorial, kvm is enabled. I think it should be disabled in your case.
      I have no idea why you can't boot from vdi disk. Did you use vboxmanage utility to convert from vmdk to vdi disk? If yes, you can make this test. Use qemu-img in your Ubuntu OS to convert from vmdk do vdi:
      qemu-img convert -O vdi junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk junos-vsrx-12.1X46-D10.2-domestic.vdi
      Then copy Firefly vdi disk to Windows 7 and boot the VM again with your new vdi disk attached. Any change?

  11. Hi,

    GNS3 beta 3 supported Qemu .

    So , anybody tried running vsrx on GNS3 Beta with Virtual Box on Window OS ?

  12. Hi,
    Thanks for the quick response.. yes I have enabled KVM as per your screenshot for Qemu part.. :(

    I used vboxmanage utility to convert from vmdk to vdi disk? yes.. in windows...

    Brilliant thanks..:) :) :) :)
    - I just tried as per your solution, tried convert it in ubuntu, and copy over on windows 7.. this time I can boot them - no issues.. I could see the GE interfaces... but em0 interfaces were disapperead.. is that normal?

    I tried tested creating 3 routers and configured the IPS, but I couldnt get the Ping working.. I set the nic model to virtio in gns3, and I just leave it as it default setting in VOBX network setting.

    Pls advice..
    Thanks

    1. For some reason, converting to vdi on Windows doesn't create a disk that can be booted. On Linux, it's working ok. I have no physical machine with Windows installed to make some more tests maybe I will create the virtual one.
      If you can see Gigabit Eternet interfaces in Junos CLI, it's a desirable behavior.
      I guess there is an error in your configuration. Just connect two FireFly instances and to the same config as I did in the tutorial.

  13. Thanks Radovan, I didnt realise that I have to use the below command..
    set security zones security-zone untrust interfaces ge-0/0/0 host-inbound-traffic system-services ping

    I never used it before when i used it with ge-0/0/0 interfaces, it worked before so i omitted when i use other interfaces like ge-0/0/1 or ge-0/0/2 etc etc

    i have leanrt something new.. Thanks verymuch.. :) i can sleep peacefully after some days battle, and then back to Junos Track.. :)

  14. Ok I have tried OSPF with 3 routers.
    R1 (ge-0/0/1) connected to R2(ge-0/0/1), & R2 (ge-0/0/2) connected to R3(ge-0/0/1)
    I have configured the IP addresses on the interfaces and can ping each other, I also have configured Loopback0 address on R1: 1.1.1.1/24 & R3:3.3.3.3/24
    And I have advertised in ospf area 0 along with the physical addresses & lo0's.
    i can see the R3's lo0 from R1 routing table, likewise I can see R1's lo0 in R3's routing table..
    But i am not able to ping the R3 lo0 from R1 nor R1 Lo0 from R3.
    What do I need to do here?
    any help pls
    Thanks

  15. Hi Radovan,

    ANy help on the above pls?
    I just realized that I am not able to ping from R1 to R2(ge-0/0/2) interface IP address or even R3-(ge-0/0/1)
    likewise from R3, to R2(ge-0/0/1) or even R1 (ge-0/0/1) interface IP's.

    any thoughts?

    Thanks

    1. Lish,
      can you ping Ethernet interfaces R1(Ge0/0/1)-(Ge0/0/1)R2 and R2(Ge0/0/2)-(Ge0/0/1)R3. If yes, check the routing tables on all routers. If they are all OSPF routes there, problem is definitely connected with your configuration (not with emulator or GNS3). Then my question is if you allowed ping service on all interfaces across the routers.

  16. Hi Radovan,
    Thanks for coming back to me on this, Yes I can ping directly connected interfaces. Also I can see the routes..
    I have retried with 2 routers with ospf. still not able to.
    R1(ge-0/0/1) connected to R2(ge-0/0/1)
    I configured with the following:

    R1:
    set system host-name R1
    set interfaces ge-0/0/1 unit 0 family inet address 121.121.121.1/24
    set interfaces lo0 unit 0 family inet address 1.1.1.1/24
    set routing-options router-id 1.1.1.1
    set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
    set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols ospf

    R2:
    set system host-name R2
    set interfaces ge-0/0/1 unit 0 family inet address 121.121.121.2/24
    set interfaces lo0 unit 0 family inet address 2.2.2.2/24
    set routing-options router-id 2.2.2.2
    set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
    set protocols ospf area 0.0.0.0 interface lo0.0 passive
    set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
    set security zones security-zone untrust interfaces ge-0/0/1.0 host-inbound-traffic protocols ospf
    ==============================================

    from R1: ping 2.2.2.2 & from R2: ping 1.1.1.1 failed even using source interface as lo0..
    I have tried the below also to see if I can ping neighbor lo0 address...still No..
    ================================================
    set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic system-services ping
    set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic protocols ospf
    ================================================
    root@R1> show route

    inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    1.1.1.0/24 *[Direct/0] 01:29:39
    > via lo0.0
    1.1.1.1/32 *[Local/0] 01:29:39
    Local via lo0.0
    2.2.2.0/24 *[OSPF/10] 01:03:45, metric 1
    > to 121.121.121.2 via ge-0/0/1.0
    2.2.2.2/32 *[OSPF/10] 01:03:45, metric 1
    > to 121.121.121.2 via ge-0/0/1.0
    121.121.121.0/24 *[Direct/0] 01:29:39
    > via ge-0/0/1.0
    121.121.121.1/32 *[Local/0] 01:29:39
    Local via ge-0/0/1.0
    224.0.0.5/32 *[OSPF/10] 01:08:26, metric 1
    MultiRecv

    root@R1>

    root@R2> show route

    inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    1.1.1.0/24 *[OSPF/10] 01:04:31, metric 1
    > to 121.121.121.1 via ge-0/0/1.0
    1.1.1.1/32 *[OSPF/10] 01:04:31, metric 1
    > to 121.121.121.1 via ge-0/0/1.0
    2.2.2.0/24 *[Direct/0] 01:31:20
    > via lo0.0
    2.2.2.2/32 *[Local/0] 01:31:20
    Local via lo0.0
    121.121.121.0/24 *[Direct/0] 01:31:20
    > via ge-0/0/1.0
    121.121.121.2/32 *[Local/0] 01:31:20
    Local via ge-0/0/1.0
    224.0.0.5/32 *[OSPF/10] 01:04:51, metric 1
    MultiRecv

    root@R2>

    ==========================================
    ======================================================================

    root@R1> show ospf neighbor
    Address Interface State ID Pri Dead
    121.121.121.2 ge-0/0/1.0 Full 2.2.2.2 128 38

    root@R1> show ospf neighbor detail
    Address Interface State ID Pri Dead
    121.121.121.2 ge-0/0/1.0 Full 2.2.2.2 128 34
    Area 0.0.0.0, opt 0x52, DR 121.121.121.1, BDR 121.121.121.2
    Up 01:08:23, adjacent 01:08:23

    root@R1>

    root@R1> ping 121.121.121.2
    PING 121.121.121.2 (121.121.121.2): 56 data bytes
    64 bytes from 121.121.121.2: icmp_seq=0 ttl=64 time=0.783 ms
    64 bytes from 121.121.121.2: icmp_seq=1 ttl=64 time=0.999 ms
    ^C
    --- 121.121.121.2 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.783/0.891/0.999/0.108 ms

    root@R1>

    ======================================================================
    root@R2> show ospf neighbor
    Address Interface State ID Pri Dead
    121.121.121.1 ge-0/0/1.0 Full 1.1.1.1 128 37

    root@R2>

    root@R2> show ospf neighbor detail
    Address Interface State ID Pri Dead
    121.121.121.1 ge-0/0/1.0 Full 1.1.1.1 128 35
    Area 0.0.0.0, opt 0x52, DR 121.121.121.1, BDR 121.121.121.2
    Up 01:08:53, adjacent 01:08:53

    root@R2> ping 121.121.121.1
    PING 121.121.121.1 (121.121.121.1): 56 data bytes
    64 bytes from 121.121.121.1: icmp_seq=0 ttl=64 time=0.883 ms
    64 bytes from 121.121.121.1: icmp_seq=1 ttl=64 time=0.897 ms
    ^C
    --- 121.121.121.1 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.883/0.890/0.897/0.007 ms

    root@R2>

    ======================================================================

    I dont know if I am doing something wrong here.. Appriciate if you can help pls..

    Thanks & Reg,
    Lish

    1. Lish, thank you for detailed output it made my troubleshooting much easier. I suggest you to do following:
      1) Add lo.0 to the untrust zone on both routers (I guess you already did it)
      set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic system-services ping
      set security zones security-zone untrust interfaces lo0.0 host-inbound-traffic protocols ospf

      2) Create the following security policy on both routers
      set security policies from-zone untrust to-zone untrust policy default-permit match source-address any
      set security policies from-zone untrust to-zone untrust policy default-permit match destination-address any
      set security policies from-zone untrust to-zone untrust policy default-permit match application any
      set security policies from-zone untrust to-zone untrust policy default-permit then permit

      This configuration should solve your problem.
      Another option is to switch ge-0/0/1 and lo.0 to trusted zone and allow system-services ping for trusted zone. As the security policy trust to trust zone is created by default and permits all traffic and application, you don't have to create this zone. It is shown in Marc's tutorial:

  17. Brezular, Thanks for sharing your knowledge! You have one of the most useful blogs. As noted in your gns3 forum thread comment, I switched to qemu 1.6.2 (other version 1.1.0 I had just wouldn't work).

    If it helps anyone...I was able to get 6 instances running at 512 meg ram each. Although the only config I've got going is ospf for now). Using only qemu (not virtualbox or gns3). Had to use "-smp 2" as noted in this blog. Also used "-enable-kvm" & host cpu is at 18% on an phenomII 1100t. Also initially intf didn't show in 'show interface terse' but does in 'show int ge-0/0/0 for example. Maybe because I need to wait a bit (e.g. interface daemon or whatever take a moment).....because on other boots, I wait a sec and g/e intf is present in terse output. Anyway HTH someone.

  18. Hi,

    Thanks for the wonderful post. I was super excited and immediately tried downloading firefly .ova file and wanted to use in on my ubuntu system running GNS3.
    However, I couldn't convert .vmdk file (which I extracted from .ova file) to .img file for use in GNS3. It says "operation not permitted". I even tried to use v2v converter in my windows machine to convert .vmdk to .img file, no luck.

    I spent last two days searching Internet for a possible fix, but many have reported problems but no solution...some have passed this and installed successfully.

    I tried with two different Firefly versions, just in case if my previous downloaded file had some issues. Still no luck.

    How to get over this problem and convert .vmdk file to .img file? Is it possible for anyone of you to upload .img file if it is an easier option and if it doesn't break any agreement?

    I am preparing for my JNCIS-SEC exam this month and really need some hands-on to register the topics that I read from the books.

    Many thanks. Vx

  19. Hi,

    Successfully converted to .img file using another system and also made to work on GNS3. Thanks...your blog was really beneficial to me.

  20. Dears/Seniors,

    I need your help on below issue, please help to fix.

    Issue
    +++++++++++++++++++++++++++++++
    I have "junos-vsrx-12.1X47-D10.4-domestic-disk1.vmdk" file and I converted it to .vdi. Now I want to run this vdi file in virtual box and where in I would be able to run Juniper vSRX in GNS3.

    In Virtual BOX I configured the below settings

    1. OS - Linus
    2. Version - Debian 64 Bit
    3. CPU - 2
    4 RAM - 2048

    However, When I tried to boot the .VDI file , JUNOS gets booted but in Midway it goes to "db" mode and remain stuck @ the same place.

    Please help and advise me where/what is i am doing wrong here.

    I would be very thankful to u all.

  21. I tried to isolate the problem regarding the ge0/0/1 interface
    I just created a simple point to point topology I used ge0/0/1 interface for SRX still i can't ping the other side . I already configured all the necessary security
    ===============================
    policy to allow my services [edit security zones security-zone untrust]
    root# show
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    ge-0/0/1.0;
    }
    ========================================
    is it possible my ge0/0/1 is only virtually available but it can not forward packets towards its destination interface?
    1 interface can only be used ?

  22. regarding my post
    I tried to configured my interface ge0/0/0 it works well .
    but it all boils down when I try to use ge 0/0/1 it failed. thanks for the help!

  23. Thanks for this post.

    vSRX firefly works like a charm on my QEMU/GNS3 setup. I am using Window 7 with 16GB RAM and I can simulate several routers/switch scenario for my JNCIP-ENT exam preparation.

    If you want to use vSRX as a router, you can disable the security feature by invoking the following commands and reboot the device afterwards.

    =====================================
    delete security
    set security forwarding-options family inet6 mode packet-based
    set security forwarding-options family mpls mode packet-based
    set security forwarding-options family iso mode packet-based
    ========================================

    Have fun labbing :)

    1. Could u please share the steps dear ? I tried vrx to run on gns3 by convertting .vmdk to .vdi to ,img but no interface shown by vrx post boot operation . Please help

      1. Hi Gaurav, I only used .vmdk format and haven't explored the .vdi/.img format yet.

        When you encountered no interfaces (e.g. ge-0/0/0) showing up on your setup, try rebooting your router (e.g. request system reboot) and it will help.

        Also make sure that you have selected the correct adapter type on your EQMU VM Configuration section (e.g. GNS3 --> Preferences --> QEMU --> QEMU VMs ---> Network). In my case its e1000 and I have selected 8 adapters to give me interfaces ge-0/0/[0 to 7].

  24. Hi mar combat,

    Thanks for the response dear......

    Yday I tried some tweaks with GNS3 and vSRX and yeah it is working perfectly fine. :-)

    1. Hi GauravDeep - i am facing the same issue that you were facing. My firefly console gets struck at db> , prompt.

      Could you please guide as to what exactly you did to get this resolved in your case.

      Rgds,
      Net Race/

  25. Can anyone get it to work in packet mode (aka as a router-only)?

    Can't get them to ping each other after issuing the following cmds:

    delete security
    set security forwarding-options family mpls mode packet-based
    commit and-quit

    request system reboot

  26. Anyone know how much it cost to purchase this for lab use to learn Juniper, and what happens after the 60 day trial (it stops working or limited function)?

  27. I have installed success but when i log in, I get error
    Message from syslogd@ at Jan 8 07:34:13 ...
    SCHED: Thread 4 (Module Init) ran for 2140 ms without yielding

    Message from syslogd@ at Jan 8 07:34:29 ...
    SCHED: Thread 16 (Forwarding Thread) ran for 2777 ms without yielding

    Message from syslogd@ at Jan 8 07:34:29 ...
    Scheduler Oinker
    The command is very slow. it usually crashes and reboot.
    I'm running version GNS3 1.2.1, Virtualbox 4.3.20, Windows Server 2008
    I setup VM with 2GB RAM and 1 CPU for SRX. Please help me resolve this issue. Tks a lot

      1. I have assgined two CPUs for SRX and it's working but can't ping between two vSRX instances(change to paravirtualized NIC type). Please help me. Tks

        1. The key is to follow the cmds as shown below to place the SRX into packet-based mode. Otherwise, you'll need to modify the SRX security rules to allow pings.

  28. Hi,

    Iam using SRX in gns3 through QEMU
    Iam not able to ping from SRX - Cisco Router & also SRX to SRX

    I have tried all the scenario, allowed al the services but still no result.

    Is gns3 really support SRX.
    If yes then why it is not working

    Please . . .som one help me with this.
    I got stucked from past 1 week.
    Not getting any solution on internet.

    1. Amit,
      Make sure that you have the following commands in your config by running the first cmd from the top of the config hierarchy.

      show security | display set

      set security forwarding-options family inet6 mode packet-based
      set security forwarding-options family mpls mode packet-based
      set security forwarding-options family iso mode packet-based

      Run the following cmd to make sure that it matches as shown below:

      run show security flow status

      Flow forwarding mode:
      Inet forwarding mode: packet based
      Inet6 forwarding mode: packet based
      MPLS forwarding mode: packet based
      ISO forwarding mode: packet based

  29. Helo!

    I successfully integrate SRX to virtualbox and GNS3 all the interface are showing up.

    2CPU core assigned to my srx host
    Paravirtulized network enabled

    The problem now is only 1 interface can be used the other interfaces are just like a display to my srx . How can i resolved this one?

  30. Hi,

    I want to use firewall as firewall only (Not router).

    I think these commands will disable the security features.

    set security forwarding-options family inet6 mode packet-based
    set security forwarding-options family mpls mode packet-based
    set security forwarding-options family iso mode packet-based.

    Please suggest.

  31. I was able to install vSRX using Virtual Box and it started well but after I changed interfaces mode it is starting in db mode, here is the output, can someone please help me in this matter. I have assigned 2GB RAM and 2 processors.

    SRX-1 console is now available... Press RETURN to get started.
    Consoles: serial port
    BIOS drdata=0x4d050+0x100b2c syms=[0x4+0x92cf0+0x4+0xd1487]
    /boot/modules/libmbpool.ko text=0xd9c data=0x100
    /boot/modules/if_em_vjx.ko text=0xb794 data=0x5ec+0x204 /

    Hit [Enter] to boot immediately, or space bar for command prompt.
    Booting [/kernel]...
    platform_early_bootinit: Early Boot Initialization
    GDB: debug ports: sio
    GDB: current port: sio
    KDB: debugger backends: ddb gdb
    KDB: current backend: ddb
    Copyright (c) 1996-2013, Juniper Networks, Inc.
    All rights reserved.
    Copyright (c) 1992-2006 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
    JUNOS 12.1X44-D10.4 #0: 2013-01-08 05:52:29 UTC
    builder@briath.juniper.net:/volume/build/junos/12.1/service/12.1X44-D10.4/obj-i386/junos/bsd/kernels/VSRX/kernel
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz (2378.42-MHz 686-class CPU)
    Origin = "GenuineIntel" Id = 0x306c3 Stepping = 3
    Features=0x1783fbff
    Features2=0x201
    AMD Features=0x8100000
    Cores per package: 2
    real memory = 2147418112 (2047 MB)
    avail memory = 1488867328 (1419 MB)
    MPTable:
    FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
    cpu0 (BSP): APIC ID: 0
    cpu1 (AP): APIC ID: 1
    pnpbios: Bad PnP BIOS data checksum
    ioapic0: Changing APIC ID to 0
    ioapic0: Assuming intbase of 0
    ioapic0 irqs 0-23 on motherboard
    netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
    Initializing VSRX platform properties ..
    cpu0 on motherboard
    cpu1 on motherboard
    pcib0: pcibus 0 on motherboard
    pir0: on motherboard
    $PIR: BIOS IRQ 9 for 0.7.INTA does not match link 0x62 irq 10
    pci0: on pcib0
    isab0: at device 1.0 on pci0
    isa0: on isab0
    atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 1.1 on pci0
    ata0: on atapci0
    ata1: on atapci0
    pci0: at device 2.0 (no driver attached)
    pci0: at device 3.0 (no driver attached)
    pci0: at device 4.0 (no driver attached)
    pci0: at device 6.0 (no driver attached)
    Timecounter "PIIX" frequency 3579545 Hz quality 0
    smb0: irq 10 at device 7.0 on pci0
    pci0: at device 8.0 (no driver attached)
    pci0: at device 9.0 (no driver attached)
    pci0: at device 10.0 (no driver attached)
    orm0: at iomem 0xc0000-0xc7fff on isa0
    atkbdc0: at port 0x60,0x64 on isa0
    atkbd0: irq 1 on atkbdc0
    kbd0 at atkbd0
    psm0: irq 12 on atkbdc0
    psm0: model IntelliMouse Explorer, device ID 4
    vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    sc0: at flags 0x100 on isa0
    sc0: VGA
    sio0 at port 0x3f8-0x3ff irq 4 flags 0x90 on isa0
    sio0: type 16550A, console
    sio1: configured irq 5 not in bitmap of probed irqs 0
    sio1: port may not be enabled
    sio2: configured irq 3 not in bitmap of probed irqs 0
    sio2: port may not be enabled
    sio3: configured irq 7 not in bitmap of probed irqs 0
    sio3: port may not be enabled
    Initializing product: 131 ..
    ###PCB Group initialized for udppcbgroup
    ###PCB Group initialized for tcppcbgroup
    ad0: Device does not support APM
    ad0: 2048MB at ata0-master UDMA33
    SMP: AP CPU #1 Launched!
    Trying to mount root from ufs:/dev/ad0s1a
    WARNING: / was not properly dismounted
    Attaching /cf/packages/junos via /dev/mdctl...
    Mounted junos package on /dev/md0...

    Automatic reboot in progress...
    ** /dev/ad0s1a
    ** Last Mounted on /
    ** Root file system
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    ** Phase 5 - Check Cyl groups
    349 files, 115197 used, 709838 free (26 frags, 177453 blocks, 0.0% fragmentation)

    ***** FILE SYSTEM MARKED CLEAN *****
    ** /dev/ad0s1e
    ** Last Mounted on /config
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    ** Phase 5 - Check Cyl groups
    8 files, 7 used, 102776 free (4 frags, 25693 blocks, 0.0% fragmentation)

    ***** FILE SYSTEM MARKED CLEAN *****
    Verified junos signed by PackageProduction_12_1_0
    Verified jboot signed by PackageProduction_12_1_0
    Verified junos-vsrx-12.1X44-D10.4-domestic signed by PackageProduction_12_1_0
    WATCHDOG_TIMER : Loss of soft watchdog
    panic: Loss of soft watchdog
    cpuid = 0
    db_log_stack_trace_cmd(c0d02ea0,0,f6a7fb58,f6a7fb44,c05e5691) at db_log_stack_trace_cmd+0x36
    panic(f6a7fb58,f6a7fb58,0,1,6) at panic+0x2dc
    statclock(f6a7fc90,c5226630,4,f6a7fcd0,c0a9479f) at statclock+0x32d
    lapic_handle_timer(f6a7fc90) at lapic_handle_timer+0x9d
    Xtimerint() at Xtimerint+0x2f
    --- interrupt, eip = 0xc0a9c7d0, esp = 0xf6a7fcd0, ebp = 0xf6a7fcd0 ---
    cpu_idle_default(f6a7fd00,c05a3fd2,1,0,0) at cpu_idle_default+0x5
    cpu_idle(1,0,0,c5226630,c05a3f23) at cpu_idle+0x29
    idle_proc(0,f6a7fd38,0,0,0) at idle_proc+0xaf
    fork_exit(c05a3f23,0,f6a7fd38) at fork_exit+0x85
    fork_trampoline() at fork_trampoline+0x8
    --- trap 0, eip = 0, esp = 0xf6a7fd70, ebp = 0 ---
    ###Entering boot mastership relinquish phase
    KDB: enter: panic
    [thread pid 12 tid 100004 ]
    Stopped at kdb_enter+0x162: movl $0xc0c77125,0(%esp)
    db>
    SRX-1 console is now available... Press RETURN to get started.
    Consoles: serial port
    BIOS drive C: is disk0
    BIOS 639kB/2096064kB available memory

    FreeBSD/i386 bootstrap loader, Revision 1.2
    (builder@briath.juniper.net, Tue Jan 8 04:04:34 UTC 2013)
    Loading /boot/defaults/loader.conf
    /kernel text=0x894aa0 data=0x4d050+0x100b2c syms=[0x4+0x92cf0+0x4+0xd1487]
    /boot/modules/libmbpool.ko text=0xd9c data=0x100
    /boot/modules/if_em_vjx.ko text=0xb794 data=0x5ec+0x204 /

    Hit [Enter] to boot immediately, or space bar for command prompt.
    Booting [/kernel]...
    platform_early_bootinit: Early Boot Initialization
    GDB: debug ports: sio
    GDB: current port: sio
    KDB: debugger backends: ddb gdb
    KDB: current backend: ddb
    Copyright (c) 1996-2013, Juniper Networks, Inc.
    All rights reserved.
    Copyright (c) 1992-2006 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    The Regents of the University of California. All rights reserved.
    JUNOS 12.1X44-D10.4 #0: 2013-01-08 05:52:29 UTC
    builder@briath.juniper.net:/volume/build/junos/12.1/service/12.1X44-D10.4/obj-i386/junos/bsd/kernels/VSRX/kernel
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz (2361.41-MHz 686-class CPU)
    Origin = "GenuineIntel" Id = 0x306c3 Stepping = 3
    Features=0x1783fbff
    Features2=0x201
    AMD Features=0x8100000
    Cores per package: 2
    real memory = 2147418112 (2047 MB)
    avail memory = 1488867328 (1419 MB)
    MPTable:
    FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
    cpu0 (BSP): APIC ID: 0
    cpu1 (AP): APIC ID: 1
    pnpbios: Bad PnP BIOS data checksum
    ioapic0: Changing APIC ID to 0
    ioapic0: Assuming intbase of 0
    ioapic0 irqs 0-23 on motherboard
    netisr_init: !debug_mpsafenet, forcing maxthreads from 2 to 1
    Initializing VSRX platform properties ..
    cpu0 on motherboard
    cpu1 on motherboard
    pcib0: pcibus 0 on motherboard
    pir0: on motherboard
    $PIR: BIOS IRQ 9 for 0.7.INTA does not match link 0x62 irq 10
    pci0: on pcib0
    isab0: at device 1.0 on pci0
    isa0: on isab0
    atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 1.1 on pci0
    ata0: on atapci0
    ata1: on atapci0
    pci0: at device 2.0 (no driver attached)
    pci0: at device 3.0 (no driver attached)
    pci0: at device 4.0 (no driver attached)
    pci0: at device 6.0 (no driver attached)
    Timecounter "PIIX" frequency 3579545 Hz quality 0
    smb0: irq 10 at device 7.0 on pci0
    pci0: at device 8.0 (no driver attached)
    pci0: at device 9.0 (no driver attached)
    pci0: at device 10.0 (no driver attached)
    orm0: at iomem 0xc0000-0xc7fff on isa0
    atkbdc0: at port 0x60,0x64 on isa0
    atkbd0: irq 1 on atkbdc0
    kbd0 at atkbd0
    psm0: irq 12 on atkbdc0
    psm0: model IntelliMouse Explorer, device ID 4
    vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    sc0: at flags 0x100 on isa0
    sc0: VGA
    sio0 at port 0x3f8-0x3ff irq 4 flags 0x90 on isa0
    sio0: type 16550A, console
    sio1: configured irq 5 not in bitmap of probed irqs 0
    sio1: port may not be enabled
    sio2: configured irq 3 not in bitmap of probed irqs 0
    sio2: port may not be enabled
    sio3: configured irq 7 not in bitmap of probed irqs 0
    sio3: port may not be enabled
    Initializing product: 131 ..
    ###PCB Group initialized for udppcbgroup
    ###PCB Group initialized for tcppcbgroup
    ad0: Device does not support APM
    ad0: 2048MB at ata0-master UDMA33
    SMP: AP CPU #1 Launched!
    Trying to mount root from ufs:/dev/ad0s1a
    WARNING: / was not properly dismounted
    Attaching /cf/packages/junos via /dev/mdctl...
    Mounted junos package on /dev/md0...

    Automatic reboot in progress...
    ** /dev/ad0s1a
    ** Last Mounted on /
    ** Root file system
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    ** Phase 5 - Check Cyl groups
    349 files, 115197 used, 709838 free (26 frags, 177453 blocks, 0.0% fragmentation)

    ***** FILE SYSTEM MARKED CLEAN *****
    ** /dev/ad0s1e
    ** Last Mounted on /config
    ** Phase 1 - Check Blocks and Sizes
    ** Phase 2 - Check Pathnames
    ** Phase 3 - Check Connectivity
    ** Phase 4 - Check Reference Counts
    ** Phase 5 - Check Cyl groups
    8 files, 7 used, 102776 free (4 frags, 25693 blocks, 0.0% fragmentation)

    ***** FILE SYSTEM MARKED CLEAN *****
    Verified junos signed by PackageProduction_12_1_0
    Verified jboot signed by PackageProduction_12_1_0
    Verified junos-vsrx-12.1X44-D10.4-domestic signed by PackageProduction_12_1_0

    WATCHDOG_TIMER : Loss of soft watchdog
    panic: Loss of soft watchdog
    cpuid = 0
    db_log_stack_trace_cmd(c0d02ea0,0,f6a7fb58,f6a7fb44,c05e5691) at db_log_stack_trace_cmd+0x36
    panic(f6a7fb58,f6a7fb58,f6a7fc80,1,6) at panic+0x2dc
    statclock(f6a7fc90,c5226630,4,f6a7fcd0,c0a9479f) at statclock+0x32d
    lapic_handle_timer(f6a7fc90) at lapic_handle_timer+0x9d
    Xtimerint() at Xtimerint+0x2f
    --- interrupt, eip = 0xc0a9c7d0, esp = 0xf6a7fcd0, ebp = 0xf6a7fcd0 ---
    cpu_idle_default(f6a7fd00,c05a3fd2,1,0,0) at cpu_idle_default+0x5
    cpu_idle(1,0,0,0,c0a9d10d) at cpu_idle+0x29
    idle_proc(0,f6a7fd38,0,0,0) at idle_proc+0xaf
    fork_exit(c05a3f23,0,f6a7fd38) at fork_exit+0x85
    fork_trampoline() at fork_trampoline+0x8
    --- trap 0, eip = 0, esp = 0xf6a7fd70, ebp = 0 ---
    ###Entering boot mastership relinquish phase
    KDB: enter: panic
    [thread pid 12 tid 100004 ]
    Stopped at kdb_enter+0x162: movl $0xc0c77125,0(%esp)

  32. Getting following error(s) from Win 7 command line(as admin):

    C:\Program Files\Oracle\VirtualBox>VBoxManage.exe clonehd -format VDI junos-vsrx-12.1X47-D10.4-domes
    tic-disk1.vmdk junos-vsrx-12.1X47-D10.4-domestic.vdi
    VBoxManage.exe: error: Could not get the storage format of the medium 'C:\Program Files\Oracle\Virtu
    alBox\junos-vsrx-12.1X47-D10.4-domestic-disk1.vmdk' (VERR_NOT_SUPPORTED)
    VBoxManage.exe: error: Details: code VBOX_E_IPRT_ERROR (0x80bb0005), component Medium, interface IMe
    dium, callee IUnknown
    VBoxManage.exe: error: Context: "OpenMedium(Bstr(pszFilenameOrUuid).raw(), enmDevType, enmAccessMode
    , fForceNewUuidOnOpen, pMedium.asOutParam())" at line 178 of file VBoxManageDisk.cpp

    any comment please, I do not have access to junos-vsrx-12.1X46-D10.2-domestic.ova only to junos-vsrx-12.1X47-D10.4-domestic.ova

    Thanks

    Christian

  33. I have implemented the srxfirefly in virtualbox and integrated with gns3, i can started the console and can access the srx from GNS3.

    but i cannot ping from cisco to SRX , Please advise/

    SRXvirtbalbox-------------------------Cisco 2601
    192.168.1.1/24

    i cannot ping either way.

  34. Hi Radovan -

    I have tried to Install Juniper firefly on my Laptop with virutual box. My laptop has only one processor. But when i try to the create Juniper firefly VM with 2 processor, i get struck at db> prompt.

    I am able to reach the login prompt when i create the
    VM with single processor, but cannot view the GiG interfaces.

    Is it becuse my host laptop is running with single processor? Is there a way to overcome this issue? Please guide me.

    Rgds,
    Netrace.

  35. Thanks a lot for this guide.
    I am using Ubuntu 14.04 LTS and running vSRX Perimeter (Firefly) on virtualbox.

    @Netrace
    I doubt there is a way to overcome the single core processor problem.

    Let us know if you were able to solve it.

  36. When I connect VSRX to Cisco router or any host in GNS3, I am unable to ping them. No ARP. Looking at packet in Wireshark, i noticed that SRX has 802.1q encapsulation. How do I fix that? The interface on juniper are configured as layer 3 and not trunk mode. Any help will be appreciated.

  37. I have just installed vSRX in Virtualbox, The router is able to start correctly, I have followed the basic configuration to ping from above but in still can not ping the other interface/IP. I dont know what I am doing wrong. Been working on these for days. I need help, whether its my configuration or Gns3 or emulator.
    R1
    set system root-authentication encrypted-password "$1$cinlC6UJ$gtkO5bpu"
    set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.1/24
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping

    R2
    set system root-authentication encrypted-password "$1$w3i12yY4/"
    set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.2/24
    set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services ping

    Any help will be much appreciated. Thanks

  38. Hello Radovan

    I am from 2019, above all , many thanks for your article.
    I have tried to follow your article but I am unable to download the image first :(
    even though , I have signed up for the site.
    If you still have that image , could you send it to me please?
    (I have installed vcp_17.1R1.8-disk1.vmdk , JunOS Olive-disk1.vmdk but there is no security zones command :( )

    Many thanks!!
    DY

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.