Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Requirements for vSRX on Oracle Cloud Infrastructure

This topic provides the requirements for deploying vSRX instances on Oracle Cloud Infrastructure (OCI).

Minimum System Requirements for OCI

Table 1 lists the minimum system requirements for vSRX instances to be deployed on OCI.

Table 1: Minimum System Requirements for vSRX

Component

Specification and Details

Memory

4 GB

Disk space

16 GB

Oracle pre-defined VM shapes that vSRX support are listed below. If you need any other VM shapes, then please contact your Juniper sales representive.

Table 2: OCI VM Shapes Supported by vSRX
Shape OCPU Memory (GB) Local Disk (TB) Network Bandwidth Max VNICs Total: Linux
VM.Standard2.4 4 60 Block Storage only 4.1 Gbps 4
VM.Standard2.8 8 120 Block Storage only 8.2 Gbps 8

Interface Mapping for vSRX on OCI: The first network interface is used for the out-of-band management (fxp0) for vSRX.

We recommend putting revenue interfaces in routing instances as a best practice to avoid asymmetric traffic/routing, because fxp0 is part of the default (inet.0) table by default. With fxp0 as part of the default routing table, there might be two default routes needed: one for the fxp0 interface for external management access, and the other for the revenue interfaces for traffic access. Putting the revenue interfaces in a separate routing instance avoids this situation of two default routes in a single routing instance.

Note:

Ensure that interfaces belonging to the same security zone are in the same routing instance. See KB Article - Interface must be in the same routing instance as the other interfaces in the zone.

vSRX Default Settings with OCI

Do not use the load factory-default command on a vSRX OCI instance. The factory-default configuration removes the OCI preconfiguration. If you must revert to factory default, ensure that you manually reconfigure preconfiguration statements before you commit the configuration; otherwise, you will lose access to the vSRX instance. See Configure vSRX Using the CLI for preconfiguration details.

Best Practices for Deploying vSRX

Refer the following best practices for deploying vSRX:

  • Disable the source/destination check for all vSRX interfaces.

  • Limit public key access permissions to 400 for key pairs.

  • Ensure that there are no contradictions between OCI security groups and your vSRX configuration.