Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

vSRX Overview

SUMMARY In this topic you learn about vSRX architecture and its benefits.

vSRX is a virtual security appliance that provides security and networking services at the perimeter or edge in virtualized private or public cloud environments. vSRX runs as a virtual machine (VM) on a standard x86 server. vSRX is built on the Junos operating system (Junos OS) and delivers networking and security features similar to those available on the software releases for the SRX Series Services Gateways.

The vSRX provides you with a complete Next-Generation Firewall (NGFW) solution, including core firewall, VPN, NAT, advanced Layer 4 through Layer 7 security services such as Application Security, intrusion detection and prevention (IPS), and UTM features including Enhanced Web Filtering and Anti-Virus. Combined with Sky ATP, the vSRX offers a cloud-based advanced anti-malware service with dynamic analysis to protect against sophisticated malware, and provides built-in machine learning to improve verdict efficacy and decrease time to remediation.

Figure 1 shows the high-level architecture.

Figure 1: vSRX Architecture vSRX Architecture

vSRX includes the Junos control plane (JCP) and the packet forwarding engine (PFE) components that make up the data plane. vSRX uses one virtual CPU (vCPU) for the JCP and at least one vCPU for the PFE. Starting in Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, multi-core vSRX supports scaling vCPUs and virtual RAM (vRAM). Additional vCPUs are applied to the data plane to increase performance.

Junos OS Release 18.4R1 supports a new software architecture vSRX 3.0 that removes dual OS and nested virtualization requirement of existing vSRX architecture.

In vSRX 3.0 architecture, FreeBSD 11.x is used as the guest OS and the Routing Engine and Packet Forwarding Engine runs on FreeBSD 11.x as single virtual machine for improved performance and scalability. vSRX 3.0 uses DPDK to process the data packets in the data plane. A direct Junos upgrade from vSRX to vSRX 3.0 software is not supported.

vSRX 3.0 has the following enhancements compared to vSRX:

  • Removed the restriction of requiring nested VM support in hypervisors.

  • Removed the restriction of requiring ports connected to control plane to have Promiscuous mode enabled.

  • Improved boot time and enhanced responsiveness of the control plane during management operations.

  • Improved live migration.

Figure 2 shows the high-level architecture for vSRX 3.0

Figure 2: vSRX 3.0 ArchitecturevSRX 3.0 Architecture

Benefits

vSRX on standard x86 servers enables you to quickly introduce new services, deliver customized services to customers, and scale security services based on dynamic needs. vSRX is ideal for public, private, and hybrid cloud environments.

Some of the key benefits of vSRX in a virtualized private or public cloud multitenant environment include:

  • Stateful firewall protection at the tenant edge

  • Faster deployment of virtual firewalls into new sites

  • Ability to run on top of various hypervisors and public cloud infrastructures

  • Full routing, VPN, core security, and networking capabilities

  • Application security features (including IPS and App-Secure)

  • Content security features (including Anti Virus, Web Filtering, Anti Spam, and Content Filtering)

  • Centralized management with Junos Space Security Director and local management with J-Web Interface

  • Juniper Networks Sky Advanced Threat Prevention (Sky ATP) integration

Release History Table
Release
Description
15.1X49-D70
Starting in Junos OS Release 15.1X49-D70 and Junos OS Release 17.3R1, multi-core vSRX supports scaling vCPUs and virtual RAM (vRAM). Additional vCPUs are applied to the data plane to increase performance.