Instead of spending hundreds of dollars on Juniper hardware, most of the labs found on this website can be completed using the vSRX Juniper Firefly Perimeter software which runs on VMWare. This lab will discuss and demonstrate the deployment of vSRX on VMWare Workstation.
For years the only way to learn Juniper JunOS was through expensive training classes that provided hands on lab time or building an “unsupported” JunOS Olive which lacked functions and features. Of course as of the second decade of the millennium changed all that with nearly everything you can imagine being virtualized from web servers to desktops to now even infrastructure devices including routers and firewalls.
With the introduction of the Juniper Firefly, also known as vSRX, you now have the ability to have a fully functional SRX platform that executes virtually inside a hypervisor or desktop virtualization software such as VMWare Workstation. This of course has made it significantly easier for young aspiring network engineers to obtain hands on skills with JunOS.
vSRX is capable of most functions that are included in the hardware platform with the exception of Ethernet-Switching. This of course touches on a good question, why would you need a virtual ethernet-switch and the answer is most commonly you wouldn’t. Because switches deploy use of hardware specific ASIC’s which increase performance, this would become a huge limitation in performance among virtualized switches and could significantly impact performance of network traffic.
The Firefly platform however does perform all other functions including but not limited to routing, firewall services, vpn services, NAT, DHCP and even MPLS.
The Junos Workbook website is purely an educational website offering free labs that can be used to learn the Juniper operating system and familiarize yourself with configuring Juniper network devices such as Routers, Switches and SRX Platforms. Because the command syntax between these platforms are the same, just as IOS is the same across multiple Cisco platforms, it makes it significantly easier to configure different devices using your existing foundational knowledge.
The Firefly vSRX Platform was designed to be used in Cloud based environments where rapid deployment of JunOS SRX Services could be achieved via scripting however it also provides an unparalleled educational tool as you can build your very own vSRX Lab inside VMWare Workstation.
All the labs published by Junos Workbook are designed to be completed within a vSRX enviroment with the exception of switching labs which are found in Section 4. Due to the lack of Ethernet-Switching support in vSRX you are required to have have EX Series switches or hardware SRX platforms to complete those labs.
This lab will concentrate on deploying the Firefly Perimeter vSRX OVA on VMWare Workstation 10.x and building the workbook topology so that you may complete the Junos Workbook labs. To get started click on the “Deploying the OVA” tab!
Prior to getting started you must obviously have the vSRX Software right? Unfortunately the vSRX Software is not free however you can obtain an evaluation version of the software which is fully functional and will be able to complete most labs found on this website. In order to obtain the evaluation you must have a Juniper account you if you do not have one you’ll need to sign up which can take up to 30 minutes to receive the Welcome email. After which you can download the vSRX Evaluation software from the following location;
Before you get started you must have VMWare Workstation 8.x or greater installed on your computer with at least 8GB RAM and a Dual Core processor.
Locate the downloaded .OVA File and double click it and you will be presented with an “Import Virtual Machine” Window which looks something like this;
You must rename the virtual machine so you can import it more than once, in this case we’ve named it vSRX_R1. You also can specify where the VM will be import to, the default value here should be fine unless you’re Documents folder is hosted on a file server in which case you’d want to store the VM locally under C:\Virtual Machines\
After clicking Import you will be prompted to agree to the EULA as shown below;
After clicking accept the VM will import and you’ll see the virtual machine in your list of VM’s under VMWare Workstation as shown below;
Next up you need to click on “Edit virtual machine settings” so we can add a serial port which will be used to connect to this vSRX using Putty or SecureCRT 7.3 or greater.
After clicking edit settings you should see something like this;
Now click on the “Add” button and highlight Serial Port as shown below and click next;
You will need to select “Output to named pipe” as shown below and click next;
Now you’ll be presented with the option to name the pipe, the Default is fine as \\.\pipe\com_1 however you can rename it to \\.\pipe\r1 if you like to make it easier to reference down the road. You must also select from the second drop down box “The other end is an application.” as shown below and click finish;
Once completed you should see the newly added Serial Port in the Hardware list as shown below;
While at the “Virtual Machine Settings” window click on the “Add…” button and select Network Adapter as shown below and click next;
Next you’ll be presented with the Network Adapter Type options, in this case we can leave the default values as “NAT: Used to share the host’s IP Address” and just click finish.
Keep in mind you need to add two additional Network Adapters to the vSRX for a total of four network adapters so you’ll need to complete this process twice after the initial OVA import. Once completed you should see something like this;
Now that you’ve finished importing a single vSRX you need to do this process three more times so that you have four vSRX Platforms to work with! After you can completed the importation and modification of all vSRX VM’s you can continue on to building the topology!
In order to build out the topology virtually so that the vSRX devices can communicate with each other, you’ll need to create four LAN segments. These LAN segments function like virtual switches and are internal to VMware only. You can however assign network adapters to physical interfaces but this is not required.
First off you need to edit the settings of the vSRX_R1 virtual machine and select “Network Adapter” as this is the first network adapter and will become Ge-0/0/0 inside the vSRX You will then be presented with five network connection options, Bridged, NAT, Host-only, Custom and LAN segment as shown below;
Select the LAN segment bullet and click on on the LAN Segments… button and you should be presented with a Global LAN Segments window as shown below;
Click on the Add button and create a LAN segment called “vSRX_LAN1” Also create 3 more segments called “vSRX_LAN2”, “vSRX_LAN3”, “vSRX_LAN4” and once completed you should see something like this;
Once finished click the OK button and now you’ll be back at the Network connection settings for the first Network Adapter. Now when you click the drop down box under LAN segment you should have the four options you just created as shown below;
for the first “Network Adapter” select the “vSRX_LAN1” LAN Segment.
“Network Adapter 2” should be placed into LAN Segment “vSRX_LAN2”,
“Network Adapter 3” should be placed into LAN Segment “vSRX_LAN3”
“Network Adapter 4” should be placed into LAN Segment “vSRX_LAN4”.
Once all the adapters are assigned to the correct LAN Segments you should see something like this;
At which point you can now click the OK button and the vSRX has been successfully imported and configured using the Junos Workbook vSRX Topology.
You must repeat these steps for vSRX_R2, vSRX_R3 and vSRX_R4 so that all Network Adapters on each VM instance are placed in the correct LAN Segments.
You can also view the vSRX Physical Topology used on all labs found on the Junos Workbook on the topology page or by clicking the button below;
Once you have completed building the topology you can continue on to the “Starting and Connecting to vSRX” tab
Make sure that all the settings are correct on each vSRX before powering on the VM. Once you’re ready to actually power on the VM just click the “Power on this virtual machine” button as shown below;
Once you have powered on the vSRX and it completes the boot process you will eventually be prompted with a Username: prompt as shown below;
The very first time you power on the device, it will have a default configuration in which case it will generate RSA keys and will have NO root password. You can continue to boot the existing vSRX VM’s and move on to the next steps.
If you remember, earlier when configuring the VM Settings you added a serial port to each vSRX. This serial port will be used by Putty and SecureCRT to connect to the console port of the vSRX.
If you are using putty, launch the application and select “Serial” and replace COM1 with \\.\pipe\com_1 or whatever named pipe you used during the Serial Port configuration of each VM.
After clicking the open button you should now connect to the Console port of the vSRX as shown below;
At this point you have console access to the vSRX as you would if you were to plug into the console port of a SRX hardware platform. This makes it easier to copy and paste configuration from the putty window as you cannot copy and paste using the VMWare Workstation console.
Also note that you can save these sessions so that you do not have to keep typing in the named pipe each time you want to connect!
As of SecureCRT 7.3, Named Pipes are officially supported. Most engineers in the field use SecureCRT over Putty as it offers several advantages such as scripting, tabs, chat window and more!
In SecureCRT create a new session as you normally would and select the Serial Protocol and click next and you should be presented with the following window;
On the Port: drop down select Named Pipe which is located at the very top of the list and you’ll be given the option to type in the Name of pipe: This is where you’d type in \\.\pipe\com_1 as shown above.
Once the named pipe parameters have been added and you click next you will need to specify a unique Session name. In this case we’re just using vSRX_R# whereas # is the vSRX Router Number. After you click finish you can connect to the session as demonstrated below;
If you have a dedicated VMWare ESXi Server in your home office you can choose to run the vSRX virtual instances on that server to free up desktop resources for your video games 😉 The next lab discusses and demonstrates the vSRX configuration on VMWare ESXi 5.x Hypervisor!