Use this procedure to deploy and configure the vSRX Virtual Firewall as a virtual security
appliance in the Hyper-V environment using Hyper-V Manager.
Note the following for deploying vSRX Virtual Firewall on a Microsoft Hyper-V server:
Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX
Virtual Firewall only on Microsoft Hyper-V Server 2012 R2 or 2012.
Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, you can deploy the vSRX
Virtual Firewall on Microsoft Hyper-V Server 2016.
Note: To upgrade an existing vSRX Virtual Firewall instance, see Migration, Upgrade, and
Downgrade in the vSRX Virtual Firewall Release
Notes.
To deploy vSRX Virtual Firewall using Hyper-V Manager:
-
Download the vSRX Virtual Firewall software image for Microsoft Hyper-V from
the Juniper Networks website. The vSRX Virtual Firewall
disk image supported by Microsoft Hyper-V is a virtual hard disk (VHD) format
file.
CAUTION:
Do not change the filename of the downloaded software image or the
installation will fail.
- Log onto your Hyper-V host computer using the Administrator
account.
- Open the Hyper-V Manager by selecting Start > Administrative
Tools > Hyper-V Manager. The welcome page for Hyper-V appears
the first time that you open Hyper-V Manager.
- Create a virtual machine by selecting Action > New
> Virtual Machine. The Before You Begin screen appears for the
New Virtual Machine Wizard. Click Next to move through
each page of the wizard, or you can click the name of a page in the
left pane to move directly to that page.
-
From the Specify Name and Location page (see Figure 1), enter a name and location for the vSRX Virtual Firewall VM that you are
creating and then click Next. We recommend that you keep
this name the same as the hostname you intend to assign to the vSRX Virtual
Firewall VM.
Figure 1: Specify Name and Location Page
-
From the Specify Generation page (see Figure 2), keep the default setting of Generation 1 as the
generation of the vSRX Virtual Firewall VM and then click
Next.
Figure 2: Specify Generation Page
-
From the Assign Memory page (see Figure 3), enter 4096 MB as the amount of startup memory to
assign to the vSRX Virtual Firewall VM. Leave Use Dynamic Memory for
this virtual machine clear. Click Next.
Figure 3: Assign Memory Page
-
From the Configure Networking page (see Figure 4), select a virtual switch from a list of existing virtual switches on the
Hyper-V host computer to connect to the vSRX Virtual Firewall management
interface. The default is Not connected. Click
Next.
Note:
See Add vSRX Interfaces for the procedure on adding virtual
switches for the vSRX Virtual Firewall VM using the Virtual Switch
Manager.
Figure 4: Configure Networking Page
-
From the Connect Virtual Hard Disk page (see Figure 5), click Use an existing virtual hard disk and browse
to the location of the vSRX Virtual Firewall virtual hard disk (VHD) file
(downloaded in Step 1). Click Next.
Figure 5: Connect Virtual Hard Disk Page
- After you have finished configuring the new virtual machine,
verify your selections in the Summary page (see Figure 6) and then click Finish to
complete the installation.
Figure 6: Summary Page
-
Right-click the vSRX Virtual Firewall VM and select
Settings from the context menu.
- From the Settings dialog box, under the Hardware section,
select Processor. The Processor pane appears (see Figure 7). Enter 2 in the Number of virtual processors field (the default is 1).
Figure 7: Processor Pane
- From the Settings dialog box, under the Hardware section,
select Network Adapter. The Network Adapter pane appears
(see Figure 8).
From the Virtual switch drop-down list, select a virtual switch to assign to a network adapter to
be used by the vSRX Virtual Firewall VM (see Add vSRX
Interfaces for details on adding virtual switches). Each network
adapter that is defined for a vSRX Virtual Firewall is mapped to a specific
interface.
See Requirements for vSRX on Microsoft Hyper-V for a summary of
interface names and mappings for a vSRX Virtual Firewall VM.
Note: If you need to add a network adapter to assign to a virtual
switch, click Add Hardware > Network Adapter > Add.
Figure 8: Network Adapter
Pane
-
Enable the MAC address spoofing function for the vSRX Virtual Firewall VM if a
network adapter is to be used as an interface for Layer 2 mode
support on the vSRX
Virtual Firewall. From the Network Adapter pane select Advanced
Features. The Advanced Features pane appears (see Figure 9). Click the Enable MAC address spoofing check box.
MAC address spoofing allows each network adapter to change its source MAC
address for outgoing packets to one that is not assigned to them. Enabling
MAC address spoofing ensures those packets are not dropped by the network
adapter if the source MAC address fails to match the outgoing interface MAC
address.
Click OK when you complete your vSRX Virtual Firewall
VM selections.
Figure 9: Network Adapter Advanced Features Pane
-
On Microsoft Hyper-V Server 2016, you will need to enable nested virtualization
for the vSRX Virtual Firewall VM before you power on the vSRX Virtual Firewall
instance. This procedure can only be performed in the Hyper-V environment using
Windows PowerShell (see, Deploy vSRX
in a Hyper-V Host Using Windows PowerShell, Step 9). You cannot
enable nested virtualization from the Hyper-V Manager because nessted
virtualization is not supported on Microsoft Hyper-V Server 2012.
Note: This step is applicable only for vSRX Virtual Firewall (which uses and
requires nested virtualization) and not for vSRX Virtual Firewall
3.0.
Note:
Nested virtualization can only be configured on a host running Microsoft
Hyper-V Server 2016. In addition, Dynamic Memory must be disabled on the
virtual machine containing the nested instance of Hyper-V.
-
Launch and power on the vSRX Virtual Firewall instance in the Hyper-V Manager
by selecting the vSRX Virtual Firewall VM from the list of virtual machines.
Right-click and select Start from the context menu (or
select Action > Start).
-
Configure the basic settings for the vSRX Virtual Firewall (see Configure vSRX
Using the CLI).
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.
15.1X49-D80
Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy
the vSRX Virtual Firewall only on Microsoft Hyper-V Server 2012 R2 or
2012.
15.1X49-D100
Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, you can
deploy the vSRX Virtual Firewall on Microsoft Hyper-V Server
2016.