top of page
Esta página web se diseñó con la plataforma
.com
. Crea tu página web hoy.Comienza ya

JUNIPER FIREFLY HOST ON VMWARE

 

Date: 13-11-2014

Table of Contents

  • Introduction

Introduction

Juniper offers an amazing platform that gives you the ability to learn the Junos CLI without having to spend hundreds of dollars on a single device. This platform makes a perfect cost effective solution to get your hands wet.

 

The Junos Firefly is a Virtual SRX platform that runs on the VMWare hyper-visor that provides the same functionality as hardware devices. The vSRX supports up to 8 interfaces and can be used in place of a hardware device however performance will be directly related to the performance of your virtual infrastructure.

 

You can build a small lab using the vSRX with 5 devices on VMWware Workstation and learn the basics of Junos. The vSRX supports all features that are covered on the JNCIA and JNCIS-ENT blueprints from RIP, OSPF, Static Routing, Firewall Policies, NAT and more. Also, you can migrate this virtual machines to practise on GNS3 and built different topologies.

 

NOTE The vSRX however has limited support for switching so with this in mind it cannot replace the Juniper EX Series switch line. Firefly does not have fail over clustering. Having said that, you should consider buying at least two branch SRX ( 100 or 210 ) to practice fail over clustering . Have a look at prices for srx100s and ex2200c. These are small Ethernet Switches and will give you the chance to learn the kit.

Remember using only routed interfaces. Even though you can configure switched interfaces on this platform, the grim reality is that they won’t work at all.

Installing Firefly Host Security VM

• Operating System Virtual Appliance

• Memory: 512 MB

• Disk Space: 2.0 GB

 

NOTE In this case, I’m working with VMWare Workstation 10.0.1 build-1379776

 

Step 1: Run VMWare y select File/Open.

Select the file or virtual image xxxx.ova you downloaded before.

I’m using: junos-vsrx-12.1X44-D10.4-domestic.ova

 

Step 2: Accept the License Agreement and Edit the virtual machine Settings.

We’ll stick with these configuration changes for now, but we can automate all of this later!

The network properties for this JUNOS image are by default:

Anchor 1

Change VMnet0 Bridged Networking Settings

By default in VMWare Workstation 10, VMnet0 is set to use auto-bridging mode and is configured to bridge to all active network adapters on the host system. You can use the virtual network editor to change VMnet0 to bridge to one specific host network adapter, or restrict the host network adapters that VMnet0 auto-bridges to. The changes you make affect all virtual machines that use bridged networking on the host system.

 

In my case, my PC is connected to a router acting as a DHCP Server. VMnet0 will be linked to my physical network adapter so it can receive an IP address from my router.

 

Linking VMnet0 to your physical network adapter

Go to Virtual Network Editor:

Select The VMnet0 Network Adapter in Hardware tab. Here, choose the option, Bridged: Connected directly to the physical network (change from auto to your internal network adpter). Then click OK button.

Anchor 2

This first network adapter maps to ge-0/0/0.

You could easily add Network Adapter 2 through Network Adapter 10, which would map to ge-0/0/1 through ge-0/0/9 on the VSRX.

 

Step 3.  Power on this new Virtual Machine.

First thing you should notice is that Amnesiac is the default host-name. This indicates that our JunOS is running with the factory-default configuration (you can use the load factory-default command in configuration mode to have a JunOS in this state).

 

Initially, login: root (no password)

Write down:

cli + intro

show interfaces terse + intro

As you can see, ge-0/0/0.0 has been assigned the IP address 192.168.1.149/24 by my router with DHCP. Later, you’ll be able to change this IP address.

 

NOTE ge-0/0/0.0 = VMnet0.

 

Even though you can’t ping this interface from your PC (for security reasons), you can connect to this machine by using a web navigator.

Nevertheless, You can’t do many things here, so do the bassic configuration by using the CLI mode.

Basic configuration

Two options:

1) Using "config-wizard" before entering cli mode:

   root@% config-wizard

  •      IP:192.168.1.50/24

  •      DG: 192.168.1.1

  •      Hostname: Sevilla

  •      Domain-name: mynetwork.com

  •      root password: xxxx

  •      DNS Server: 8.8.8.8

 

2) Using CLI mode:

First, start the CLI and enter configuration mode:

  • root@% cli

  • root> configure

 

Set the name of the router and the router’s domain name:

  • root# set system host-name Sevilla

  • root# set system domain-name mynetwork.com

 

Next, change the IP address of the router’s Ethernet management interface, if your router has one. Use an IP address in the same address space as your network’s management network.

  • root# set interfaces ge-0/0/0 unit 0 family inet address 192.168.1.50/24

 

Add the default gateway:

  • root# set routing-options static route 0.0.0.0/24 next-hop 192.168.1.1

 

The router can also need to know the address of a DNS name server so that it can translate host names into IP addresses:

  • root# set system name-server 8.8.8.8

 

When you initially start the router, the root account has no password. Now is a good time to assign one for the account:

  • root# set system root-authentication plain-text-password

 

JUNOS software prompts you to type and retype the password. The password must be a mixture of uppercase and lowercase letters and must contain at least one digit.

 

NOTE When you set the password, the JUNOS software immediately encrypts it after you enter it so that no one can read it.

 

Finally, activate the configuration with the commit command:

  • root# commit

 

Let’s see if we can ping this machine from our PC or do the configuration via a web browser:

 

NOTE This is because by default the router is in flow-based mode:

Anchor 3

Junos can have two modes, Packet and Flow mode. Packet mode makes the SRX a simple traditional Router, while Flow mode makes the SRX a firewall. Both modes can co-exist in same box. Default is usually Flow mode. While in Flow mode, you always have to define Zones and Policies.

 

If you are a beginner I recommend that you do the following:

  • delete security

  • set security forwarding-options family mpls mode packet-based

  • set security forwarding-options family inet6 mode packet-based

  • set security forwarding-options family iso mode packet-based

  • commit

 

NOTE Then, reboot the SRX/J series after committing the changes. The change-over will not happen without a Reboot (…> request system reboot)

After rebooting, this machine will be in packet-based mode.

 

If you are an expert, you know what to do. Let's see an example.

Create the DMZ zone and allow ping and http service:

  • set security zones security-zone dmz host-inbound-traffic system-services ping

  • set security zones security-zone dmz host-inbound-traffic system-services http

OR

  • set security zones security-zone dmz host-inbound-traffic system-services all

Assign the interface ge-0/0/0 to the DMZ zone and apply the changes to be in effect:

  • set security zones security-zone dmz interfaces ge-0/0/0

  • commit

 

If everything is ok, now you can ping your machine and finish the configuration by using a web browser.

Finally, I recommed you to create more interfaces in VMWare and configure them on JUNOS so you can practise with different topologies.

 

END

Your e-mail will not be published.

You can use an invalid e-mail.

bottom of page