Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Requirements for vSRX Virtual Firewall on Google Cloud Platform

Google Compute Engine Instance Types

To create a vSRX Virtual Firewall instance, you need to choose a machine type. The machine type specifies a particular collection of virtualized hardware resources available to a VM instance, including the memory size, vCPU count, and maximum disk capacity.

Google Compute Engine allows you to use predefined machine or instances types or customized machine or instance types based on your needs. Table 1 below shows the predefined machine types available in Google Compute Engine.

Table 1: Google Compute Engine Instance Types

Machine Name

Description

vCPUs

Memory (GB)

vSRX Virtual Firewall 3.0 Instance

Maximum number of Persistent Disks

Maximum total Persistent Disk Size (TB)

RSS Type

n1-standard-4

Standard machine type with 4 vCPUs and 15 GB of memory

4

15

vSRX Virtual Firewall-4CPU-15G memory

16

64

SWRSS

n1-standard-8

Standard machine type with 8 vCPUs and 30 GB of memory

8

30

vSRX Virtual Firewall-8CPU-30G memory

16

64

SWRSS

n1-standard-16

Standard machine type with 16 vCPUs and 60 GB of memory

16

60

vSRX Virtual Firewall-16CPU-60G memory

16

64

SWRSS

A single Google Compute Engine instance supports up to eight network interfaces. If you want to configure eight interfaces, choose n1-standard-8 or a larger machine type. After choosing the machine type, define the networking attributes and SSH Keys for the VM. For more information on network interfaces, see Creating instances with multiple network interfaces.

vSRX Virtual Firewall Support for Google Cloud

Starting in Junos OS Release 19.2R1, vSRX Virtual Firewall with 1 Junos Control Plane (JCP) vCPU, 1 data plane vCPU, and 4 GB of vRAM is supported.

vSRX Virtual Firewall Specifications for GCP

This topic provides details about hardware and software requirements for deploying vSRX Virtual Firewall with Google.

Minimum System Requirements for Google Cloud Platform

Table 2 lists the minimum system requirements and the Junos OS release in which a particular software specification was introduced for vSRX Virtual Firewall instances to be deployed on GCP.

Table 2: Minimum System Requirements for vSRX Virtual Firewall on GCP

Component

Specification

Release Introduced

Memory

4 GB

Junos OS Release 19.2R1

Disk space

19-GB IDE drive

Junos OS Release 19.2R1

vCPUs

1 Junos Control Plane (JCP) vCPU and 1 data plane vCPU

Junos OS Release 19.2R1

vNICs

2-8 vNICs

  • Virtio

  • SR-IOV is not supported by GCP.

Junos OS Release 19.2R1

Software feature license

For more information, see Flex Software Subscription Model and Juniper Flex Program Support for Juniper Products.

NA

Software packaging

Google Compute Engine has specific requirements for the bootable image that is imported to Google cloud space. For more information, see https://cloud.google.com/compute/docs/ images/import-existing-image#create_ image_file.

For initial deployment, the .img file is used and for software upgrade, the .tgz image is used.

NA

Interface Mapping for vSRX Virtual Firewall on Google Cloud

Each network adapter defined for a vSRX Virtual Firewall is mapped to a specific interface, depending on whether the vSRX Virtual Firewall instance is a standalone VM or one of a cluster pair for high availability. The interface names and mappings in vSRX Virtual Firewall are shown in Table 3.

Note the following:

  • In standalone mode:

    • fxp0 is the out-of-band management interface.

    • ge-0/0/0 is the first traffic (revenue) interface.

Table 3 shows the interface names and mappings for a standalone vSRX Virtual Firewall on Google cloud.

Table 3: Interface Names for a Standalone vSRX Virtual Firewall on GCP

Network Adapter

Interface Name in Junos OS for vSRX Virtual Firewall

1

fxp0

2

ge-0/0/0

3

ge-0/0/1

4

ge-0/0/2

5

ge-0/0/3

6

ge-0/0/4

7

ge-0/0/5

8

ge-0/0/6

vSRX Virtual Firewall Default Settings on GCP

vSRX Virtual Firewall requires the following basic configuration settings:

  • Interfaces must be assigned IP addresses.

  • Interfaces must be bound to zones.

  • Policies must be configured between zones to permit or deny traffic.

Table 4 lists the factory-default settings for security policies on the vSRX Virtual Firewall instance.

Table 4: Factory-Default Settings for Security Policies

Source Zone

Destination Zone

Policy Action

trust

untrust

permit

trust

trust

permit

untrust

trust

deny