Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Deploy vSRX in a Hyper-V Host Using Windows PowerShell

Use this procedure to deploy and configure the vSRX as a virtual security appliance in the Hyper-V environment using Windows PowerShell.

Note the following for deploying vSRX on a Microsoft Hyper-V server:

  • Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX only on Microsoft Hyper-V Server 2012 R2 or 2012.

  • Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, you can deploy the vSRX on Microsoft Hyper-V Server 2016.

Note:

To upgrade an existing vSRX instance, see Migration, Upgrade, and Downgrade in the vSRX Release Notes.

To deploy vSRX using Windows PowerShell:

  1. Download the vSRX software image for Microsoft Hyper-V from the Juniper Networks website. The vSRX disk image supported by Microsoft Hyper-V is a virtual hard disk (VHD) format file.
    CAUTION:

    Do not change the filename of the downloaded software image or the installation will fail.

  2. On the Windows desktop, click the Start button and type Windows PowerShell.
  3. Right-click Windows PowerShell and select Run as administrator.
  4. Run the following command to enable Hyper–V using PowerShell:

    Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All

  5. Enter the New-VM command to create the vSRX VM. The command syntax is as follows:

    PS C:>\Users\Administrator> New-VM -Name <Name> -MemoryStartupBytes <Memory> -BootDevice <BootDevice> -VHDPath <VHDPath> -Path <Path> -Generation <Generation> -Switch <SwitchName>

    See Table 1 for a summary of the parameters in the New-VM command.

    Table 1: New-VM Command Parameters

    Parameter

    Description

    -Name

    Specify a name for the vSRX VM that you are creating. We recommend keeping this name the same as the hostname you intend to give to the vSRX VM.

    -MemoryStartupBytes

    Enter 4GB as the amount of startup memory to assign to the vSRX VM.

    -BootDevice

    Enter VHD as the device that the vSRX VM boots to when it starts.

    -VHDPath

    Specify the location of the vSRX virtual hard disk (VHD) file that you want to deploy.

    -Path

    Specify the location to store the vSRX VM configuration files.

    -Generation

    Enter 1 to create a generation 1 virtual machine for the vSRX.

    -SwitchName

    Specify the name of the virtual switch that you want the vSRX VM to assign to a network adapter used by the vSRX VM. Each network adapter that is defined for a vSRX is mapped to a specific interface. See Requirements for vSRX on Microsoft Hyper-V for a summary of interface names and mappings for a vSRX VM.

    Note:

    To locate the name of a previously created virtual switch, use the Get-VMSwitch command. See Add vSRX Interfaces for the procedure on adding virtual switches for the vSRX VM using the Virtual Switch Manager.

    The following is an example of the New-VM command syntax for creating a vSRX VM:

    PS C:>\Users\Administrator> New-VM -Name vSRX_0109 -MemoryStartupBytes 4GB -BootDevice VHD -VHDPath C:\Users\Public\Documents\Hyper-V\vsrx-0109-powershell\vsrx\media-vsrx-vmdisk-151X49D80.hyper-v.vhd -Path ’C:\Users\Public\Documents\Hyper-V\vsrx-0109\’ Generation 1 SwitchName test

  6. Set the number of processors for the newly created vSRX VM by entering the Set-VMProcessor command. Specify Count 2 for the number of processors. For example:

    PS C:>\Users\Administrator> Set-VMProcessor -VMName <vSRVName> -Count 2

  7. Verify the newly created vSRX VM by entering the Get-VM command. For example:

    PS C:>\Users\Administrator> Get-VM -VMName <vSRVName>

    The output for the command is as follows:

  8. Enable the MAC address spoofing function for the vSRX VM if a network adapter is to be used as an interface for Layer 2 mode support on the vSRX. MAC address spoofing allows the vSRX VM’s network adapter to change its source MAC address for outgoing packets to one that is not assigned to them. Enabling MAC address spoofing ensures those packets are not dropped by the network adapter if the source MAC address fails to match the outgoing interface MAC address.

    The command syntax is as follows:

    PS C:>\Users\Administrator> Set-VMNetworkAdapter -VMName <vSRVName> –computerName <HyperVHostName> –VMNetworkAdapter <NetworkAdapterName> -MacAddressSpoofing On

    Verify that MacAddressSpoofing is On.

    PS C:>\Users\Administrator> Get-VMNetworkAdapter -VMName <vSRVName> –computerName <HyperVHostName> | fl <HyperVHostName>name,macaddressspoofing

    The output for the command is as follows:

  9. Enable nested virtualization for the vSRX VM by using the Set-VMProcessor command, where VMName is the name of the vSRX VM you created. By default, the virtualization extensions are disabled for each VM. Nested virtualization allows you to run Hyper-V inside of a Hyper-V virtual machine. For example:

    PS C:>\Users\Administrator> Set-VMProcessor -VMName <vSRX_0109> -ExposeVirtualizationExtensions $true

    Note:

    Nested virtualization can only be configured on a host running Microsoft Hyper-V Server 2016. In addition, Dynamic Memory must be disabled on the virtual machine containing the nested instance of Hyper-V.

  10. Launch and power on the vSRX VM by using the Start-VM command, where Name is the name of the vSRX VM you created. For example:

    PS C:>\Users\Administrator> Start-VM -Name <vSRX_0109>

  11. Configure the basic settings for the vSRX (see Configure vSRX Using the CLI).

Related Documentation

Release History Table
Release
Description
15.1X49-D80
Starting in Junos OS Release 15.1X49-D80 and Junos OS Release 17.3R1, you can deploy the vSRX only on Microsoft Hyper-V Server 2012 R2 or 2012.
15.1X49-D100
Starting in Junos OS Release 15.1X49-D100 and Junos OS Release 17.4R1, you can deploy the vSRX on Microsoft Hyper-V Server 2016.