Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Requirements for vSRX on Oracle Cloud Infrastructure

This topic provides the requirements for deploying vSRX instances on Oracle Cloud Infrastructure (OCI).

Minimum System Requirements for OCI

Table 1 lists the minimum system requirements for vSRX instances to be deployed on OCI.

Table 1: Minimum System Requirements for vSRX

Component

Specification and Details

Memory

4 GB

Disk space

16 GB

Oracle pre-defined VM shapes that vSRX support are listed below. If you need any other VM shapes, then please contact your Juniper sales representive.

Table 2: OCI VM Shapes Supported by vSRX
Shape OCPU Memory (GB) Local Disk (TB) Network Bandwidth Max VNICs Total: Linux
VM.Standard2.4 4 60 Block Storage only 4.1 Gbps 4
VM.Standard2.8 8 120 Block Storage only 8.2 Gbps 8

Interface Mapping for vSRX on OCI: The first network interface is used for the out-of-band management (fxp0) for vSRX.

We recommend putting revenue interfaces in routing instances as a best practice to avoid asymmetric traffic/routing, because fxp0 is part of the default (inet.0) table by default. With fxp0 as part of the default routing table, there might be two default routes needed: one for the fxp0 interface for external management access, and the other for the revenue interfaces for traffic access. Putting the revenue interfaces in a separate routing instance avoids this situation of two default routes in a single routing instance.

Note:

Ensure that interfaces belonging to the same security zone are in the same routing instance. See KB Article - Interface must be in the same routing instance as the other interfaces in the zone.

vSRX Default Settings with OCI

Do not use the load factory-default command on a vSRX OCI instance. The factory-default configuration removes the OCI preconfiguration. If you must revert to factory default, ensure that you manually reconfigure preconfiguration statements before you commit the configuration; otherwise, you will lose access to the vSRX instance. See Configure vSRX Using the CLI for preconfiguration details.

Best Practices for Deploying vSRX

Refer the following best practices for deploying vSRX:

  • Disable the source/destination check for all vSRX interfaces.

  • Limit public key access permissions to 400 for key pairs.

  • Ensure that there are no contradictions between OCI security groups and your vSRX configuration.