vSRX VNF Configuration Settings

You can configure the vSRX VNF from Services > Service Name > Overview > Service Configuration. Your service provider usually configures base settings for the virtual machine (VM) in which the virtualized network function (VNF) resides and you configure settings for the service, such as policies.

Note A vSRX firewall virtualized network function (VNF) is always part of a service chain for a network service on a CPE device.

Use the information in the following tables to provide values for the available settings:

Table 147 shows the settings you can configure for the virtual machine (VM) that contains the VNF.
Note Your service provider usually configures the base settings and you should not need to change them.
Table 148 shows the firewall settings you can configure.

Table 147: Fields for the vSRX Base Settings

Field	Description
Host Name	For a cloud site, specify the hostname of the VM that contains the vSRX VNF. The field has no limit on the number of characters and accepts letters, numbers, and symbols. Example: vm-vsrx For an on-premise site, the vSRX application resides on the CPE device, and you cannot configure this setting.
Loopback Address	Specify an IPv4 loopback address for the management interface of the VM. Example: 192.0.2.25
DNS Servers	Specify the fully qualified domain names (FQDNs) or IP addresses of one or more DNS name servers. Example: 192.0.2.35
NTP Servers	Specify the FQDNs or IP addresses of one or more NTP servers. Example: 192.0.2.45
Syslog Servers	Specify the FQDNs or IP addresses of one or more system log servers. Example: 192.0.2.55
Enable Re-filter	Select True to enable a stateless firewall filter that protects the Routing Engine from denial-of-service (DoS) attacks or False to allow DoS attacks. Example: True
Enable Default Screens	For a cloud site, select True to enable the default screens security profile for the destination zone or False to disable default screening. Example: False You cannot configure this setting for an on-premise site.
Time Zone	Specify the time zone for the VM. Example: UTC
Right Interface	Specify the identifier of the VM interface that transmits data. Example: ge-0/0/1 For an on-premise site, the vSRX application resides on the CPE device, and you cannot configure this setting.
Left Interface	Specify the identifier of the VM interface that receives data. Example: ge-0/0/0 For an on-premise site, the vSRX application resides on the CPE device, and you cannot configure this setting.
SNMP Prefix List	If you set the Enable Re-filter field to True, specify the routes that the Junos Space Virtual Appliance uses for SNMP operations when it discovers the vSRX VNF. Example: 10.0.2.0/24
Ping Prefix List	If you set the Enable Re-filter field to True, specify the routes that the Junos Space Virtual Appliance uses for ping operations when it discovers the vSRX VNF. Example: 10.0.2.1/24
Space Servers	If you set the Enable Re-filter field to True, specify the IP addresses of the VMs that contain the Junos Space Virtual Appliances. Example: 10.0.2.50

Table 148: Fields for the vSRX Firewall Settings

Field	Description
Policy Name	Specify the name of the rule. The field has no limit on the number of characters and accepts letters, numbers, and symbols. Example: policy-1
Source Zone	Select the security zone from which packets originate. left—Interface that transmits data to the host right— Interface that receives data transmitted from the host Zone policies are applied to traffic traveling from one security zone (source zone) to another security zone (destination zone). This combination of a source zone and a destination zone is called a context. Example: left
Destination Zone	Select the security zone to which packets are delivered. left—Interface that transmits data to the host right—Interface that receives data transmitted from the host Zone policies are applied to traffic traveling from one security zone (source zone) to another security zone (destination zone). This combination of a source zone and a destination zone is called a context. Example: right
Source Address	Procedure Specify the source IP address prefixes that the network service uses as match criteria for incoming traffic. To add source addresses: Click the Source Address column. The source-address page appears. Select any to match any source IP address of packets or ipp to match a specific prefix in the source IP address for which the application enforces the policy. If you select ipp, specify a prefix. Click OK. Example: 10.0.2.30
Destination Address	Procedure Specify the destination IP address prefixes that the network service uses as match criteria for outgoing traffic. To add a destination address: Click the Destination Address column. The destination-address page appears. Select any to match any source IP address of packets or ipp to match a specific prefix in the source IP address for which the application enforces the policy. If you select ipp, specify a prefix. Click OK. Example: 192.0.2.0/24
Action	Select permit to transmit packets that match the rule or deny to drop packets that match the rule. Example: permit
Application	Procedure Specify the applications to which the policy applies. The applications are based on protocols and ports. To specify applications: Click the Application column. The application page appears. In the allowed_apps field, select any to match any application or app to choose specific applications. If you select app, press and hold the Ctrl key and click the required applications from the drop-down list. junos-tcp-any junos-udp-any junos-ftp junos-http junos-https junos-icmp-all junos-icmp-ping junos-telnet junos-tftp Click OK. Example: junos-tcp-any junos-udp-any

vSRX VNF Configuration Settings

Procedure

Procedure

Procedure

Related Documentation

Help us to improve. Rate this article.