Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Deploy vSRX Virtual Firewall in a Hyper-V Host Using the Hyper-V Manager

Use this procedure to deploy and configure the vSRX Virtual Firewall as a virtual security appliance in the Hyper-V environment using Hyper-V Manager.

Note the following for deploying vSRX Virtual Firewall on a Microsoft Hyper-V server:

  • Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX Virtual Firewall only on Microsoft Hyper-V Server 2012 R2 or 2012.

  • Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, you can deploy the vSRX Virtual Firewall on Microsoft Hyper-V Server 2016.

Note:

To upgrade an existing vSRX Virtual Firewall instance, see Migration, Upgrade, and Downgrade in the vSRX Virtual Firewall Release Notes.

To deploy vSRX Virtual Firewall using Hyper-V Manager:

  1. Download the vSRX Virtual Firewall software image for Microsoft Hyper-V from the Juniper Networks website. The vSRX Virtual Firewall disk image supported by Microsoft Hyper-V is a virtual hard disk (VHD) format file.
    CAUTION:

    Do not change the filename of the downloaded software image or the installation will fail.

  2. Log onto your Hyper-V host computer using the Administrator account.
  3. Open the Hyper-V Manager by selecting Start > Administrative Tools > Hyper-V Manager. The welcome page for Hyper-V appears the first time that you open Hyper-V Manager.
  4. Create a virtual machine by selecting Action > New > Virtual Machine. The Before You Begin screen appears for the New Virtual Machine Wizard. Click Next to move through each page of the wizard, or you can click the name of a page in the left pane to move directly to that page.
  5. From the Specify Name and Location page (see Figure 1), enter a name and location for the vSRX Virtual Firewall VM that you are creating and then click Next. We recommend that you keep this name the same as the hostname you intend to assign to the vSRX Virtual Firewall VM.
    Figure 1: Specify Name and Location Page Specify Name and Location Page
  6. From the Specify Generation page (see Figure 2), keep the default setting of Generation 1 as the generation of the vSRX Virtual Firewall VM and then click Next.
    Figure 2: Specify Generation Page Specify Generation Page
  7. From the Assign Memory page (see Figure 3), enter 4096 MB as the amount of startup memory to assign to the vSRX Virtual Firewall VM. Leave Use Dynamic Memory for this virtual machine clear. Click Next.
    Figure 3: Assign Memory Page Assign Memory Page
  8. From the Configure Networking page (see Figure 4), select a virtual switch from a list of existing virtual switches on the Hyper-V host computer to connect to the vSRX Virtual Firewall management interface. The default is Not connected. Click Next.
    Note:

    See Add vSRX Interfaces for the procedure on adding virtual switches for the vSRX Virtual Firewall VM using the Virtual Switch Manager.

    Figure 4: Configure Networking Page Configure Networking Page
  9. From the Connect Virtual Hard Disk page (see Figure 5), click Use an existing virtual hard disk and browse to the location of the vSRX Virtual Firewall virtual hard disk (VHD) file (downloaded in Step 1). Click Next.
    Figure 5: Connect Virtual Hard Disk Page Connect Virtual Hard Disk Page
  10. After you have finished configuring the new virtual machine, verify your selections in the Summary page (see Figure 6) and then click Finish to complete the installation.
    Figure 6: Summary Page Summary Page
  11. Right-click the vSRX Virtual Firewall VM and select Settings from the context menu.
  12. From the Settings dialog box, under the Hardware section, select Processor. The Processor pane appears (see Figure 7). Enter 2 in the Number of virtual processors field (the default is 1).
    Figure 7: Processor Pane Processor Pane
  13. From the Settings dialog box, under the Hardware section, select Network Adapter. The Network Adapter pane appears (see Figure 8).

    From the Virtual switch drop-down list, select a virtual switch to assign to a network adapter to be used by the vSRX Virtual Firewall VM (see Add vSRX Interfaces for details on adding virtual switches). Each network adapter that is defined for a vSRX Virtual Firewall is mapped to a specific interface. See Requirements for vSRX on Microsoft Hyper-V for a summary of interface names and mappings for a vSRX Virtual Firewall VM.

    Note:

    If you need to add a network adapter to assign to a virtual switch, click Add Hardware > Network Adapter > Add.

    Figure 8: Network Adapter Pane Network Adapter Pane
  14. Enable the MAC address spoofing function for the vSRX Virtual Firewall VM if a network adapter is to be used as an interface for Layer 2 mode support on the vSRX Virtual Firewall. From the Network Adapter pane select Advanced Features. The Advanced Features pane appears (see Figure 9). Click the Enable MAC address spoofing check box.

    MAC address spoofing allows each network adapter to change its source MAC address for outgoing packets to one that is not assigned to them. Enabling MAC address spoofing ensures those packets are not dropped by the network adapter if the source MAC address fails to match the outgoing interface MAC address.

    Click OK when you complete your vSRX Virtual Firewall VM selections.

    Figure 9: Network Adapter Advanced Features Pane Network Adapter Advanced Features Pane
  15. On Microsoft Hyper-V Server 2016, you will need to enable nested virtualization for the vSRX Virtual Firewall VM before you power on the vSRX Virtual Firewall instance. This procedure can only be performed in the Hyper-V environment using Windows PowerShell (see, Deploy vSRX in a Hyper-V Host Using Windows PowerShell, Step 9). You cannot enable nested virtualization from the Hyper-V Manager because nessted virtualization is not supported on Microsoft Hyper-V Server 2012.
    Note: This step is applicable only for vSRX Virtual Firewall (which uses and requires nested virtualization) and not for vSRX Virtual Firewall 3.0.
    Note:

    Nested virtualization can only be configured on a host running Microsoft Hyper-V Server 2016. In addition, Dynamic Memory must be disabled on the virtual machine containing the nested instance of Hyper-V.

  16. Launch and power on the vSRX Virtual Firewall instance in the Hyper-V Manager by selecting the vSRX Virtual Firewall VM from the list of virtual machines. Right-click and select Start from the context menu (or select Action > Start).
  17. Configure the basic settings for the vSRX Virtual Firewall (see Configure vSRX Using the CLI).

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
15.1X49-D80
Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX Virtual Firewall only on Microsoft Hyper-V Server 2012 R2 or 2012.
15.1X49-D100
Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, you can deploy the vSRX Virtual Firewall on Microsoft Hyper-V Server 2016.