Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Requirements for vSRX Virtual Firewall on Oracle Cloud Infrastructure

This topic provides the requirements for deploying vSRX Virtual Firewall instances on Oracle Cloud Infrastructure (OCI).

Minimum System Requirements for OCI

Table 1 lists the minimum system requirements for vSRX Virtual Firewall instances to be deployed on OCI.

Table 1: Minimum System Requirements for vSRX Virtual Firewall


Specification and Details


4 GB

Disk space

16 GB

Oracle pre-defined VM shapes that vSRX Virtual Firewall support are listed below. If you need any other VM shapes, then please contact your Juniper sales representive.

Table 2: OCI VM Shapes Supported by vSRX Virtual Firewall
Shape OCPU Memory (GB) Local Disk (TB) Network Bandwidth Max VNICs Total: Linux
VM.Standard2.4 4 60 Block Storage only 4.1 Gbps 4
VM.Standard2.8 8 120 Block Storage only 8.2 Gbps 8

Interface Mapping for vSRX Virtual Firewall on OCI: The first network interface is used for the out-of-band management (fxp0) for vSRX Virtual Firewall.

We recommend putting revenue interfaces in routing instances as a best practice to avoid asymmetric traffic/routing, because fxp0 is part of the default (inet.0) table by default. With fxp0 as part of the default routing table, there might be two default routes needed: one for the fxp0 interface for external management access, and the other for the revenue interfaces for traffic access. Putting the revenue interfaces in a separate routing instance avoids this situation of two default routes in a single routing instance.


Ensure that interfaces belonging to the same security zone are in the same routing instance. See KB Article - Interface must be in the same routing instance as the other interfaces in the zone.

vSRX Virtual Firewall Default Settings with OCI

Do not use the load factory-default command on a vSRX Virtual Firewall OCI instance. The factory-default configuration removes the OCI preconfiguration. If you must revert to factory default, ensure that you manually reconfigure preconfiguration statements before you commit the configuration; otherwise, you will lose access to the vSRX Virtual Firewall instance. See Configure vSRX Using the CLI for preconfiguration details.

Best Practices for Deploying vSRX Virtual Firewall

Refer the following best practices for deploying vSRX Virtual Firewall:

  • Disable the source/destination check for all vSRX Virtual Firewall interfaces.

  • Limit public key access permissions to 400 for key pairs.

  • Ensure that there are no contradictions between OCI security groups and your vSRX Virtual Firewall configuration.