Spawn vSRX Virtual Firewall in a Contrail Service Chain
Ensure that you have installed Contrail and have loaded the vSRX Virtual Firewall images with OpenStack Horizon or Glance.
You can use Contrail to chain various Layer 2 through Layer 7 services such as firewall, NAT, and IDP through vSRX Virtual Firewall VMs.
Create a Service Template
To create a service template:
See Contrail - Creating an In-Network or In-Network-NAT Service Chain for more details.
Create Left and Right Virtual Networks
Ensure that you have IP Address Management (IPAM) set up for your project.
To create a virtual network:
See Contrail - Creating a Virtual Network for more details
Create a vSRX Virtual Firewall Service Instance
To create a vSRX Virtual Firewall service instance:
You can also view this service instance from the OpenStack Instances table, but you should only use Contrail to delete service instances.
See Contrail - Creating an In-Network or In-Network-NAT Service Chain for more details.
Create a Network Policy
Add a Network Policy to a Virtual Network
To add a network policy to a virtual network:
See Contrail - Associating a Network to a Policy for more details.