Before You Deploy vSRX Using the Azure CLI

 

Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX from the Azure CLI and customize the vSRX VM deployment settings and dependencies based on your network requirements in Microsoft Azure Cloud.

To help automate and simplify the deployment of the vSRX in the Microsoft Azure virtual network, Juniper Networks provides a series of scripts, Azure Resource Manager (ARM) templates and parameter files, and configuration files in the GitHub repository https://github.com/Juniper/vSRX-Azure. The ARM template includes resource parameters that enable you to customize your vSRX VM deployment, such as login credentials, network interfaces, and storage container name. The template consists of JavaScript Object Notation (JSON) expressions for your vSRX deployment.

The vSRX deployment files in the GitHub repository include:

  • The deploy-azure-vsrx.sh shell script to automate the deployment and configuration of the vSRX virtual machine (VM).

  • The vsrx.json template file to define the components of the Azure resource group and virtual hardware settings (VM size, interface number and network) of the vSRX VM.

  • The vsrx.parameters.json parameter file to identify the network interface parameters used to deploy the vSRX VMin Azure.

Before you deploy the vSRX virtual security appliance from the Azure CLI:

  • Review the requirements for deploying a vSRX VM in Microsoft Azure Cloud in Requirements for vSRX on Microsoft Azure.

  • Obtain an account for and a subscription to Microsoft Azure (see Microsoft Azure).

  • From the Azure portal, you must first manually deploy the vSRX image (only once) by using either the vSRX Next Generation Firewall (BYOL) or the vSRX Next Generation Firewall (PAYG) SKU to accept the EULA terms. This is a requirement before you can deploy the vSRX image from the Azure CLI. By default, the Azure portal deployment tool uses vSRX Next Generation Firewall (BYOL) SKU as the source image. Use your Microsoft account username and password to log into the Microsoft Azure portal.

    Note

    You will encounter a MarketplacePurchaseEligibilityFailed error if do not first accept the EULA terms for the vSRX image in the Azure portal before attempting to deploy the vSRX image from the Azure CLI.

  • Install Azure command line interface (Azure CLI) 1.0 and enable Azure Resource Management (ARM) mode (see Install the Azure CLI).

    Note

    The vSRX for Azure deployment shell script deploy-azure-vsrx.sh is written in shell and Azure CLI version 1.0 commands and does not support Azure CLI version 2.0.

  • Purchase a vSRX license or request an evaluation license. Licenses can be procured from the Juniper Networks License Management System (LMS).

Note

Deployment of vSRX to Microsoft Azure does not support the use of the Azure CLI from Microsoft Windows. This is because the deploy-azure-vsrx.sh shell script that is used as part of the deployment procedure can be run only from the Linux or Mac OS CLI.

When you deploy a vSRX VM in an Azure virtual network, note the following specifics of the deployment configuration:

vSRX deployment from the Azure CLI is described in detail in Deploying vSRX from the Azure CLI.

Release History Table
Release
Description
Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX from the Azure CLI and customize the vSRX VM deployment settings and dependencies based on your network requirements in Microsoft Azure Cloud.