To start this series off, I'll take you through the steps of beginning your first virtual Junos lab using Junos Firefly and VMware Player. By the end of this series, you should be able to setup your own virtual topology that enables you to practice for that JNCIA, S, P, or E exam you're cramming for. The concepts you learn throughout this series should be applicable to other hypervisors.


Import the Junos vSRX OVA file into VMware Player

  1. Open VMware Player.
  2. Click "Open a Virtual Machine".
  3. Browse to and select the Junos vSRX OVA file you downloaded.
  4. Accept the License Agreement that appears
  5. Wait for the import process to complete

When the import process has completed, you'll be met with the following:

Our vSRX is now ready to boot-up, but before we do that, let's take a look at the virtual hardware that the vSRX comes configured with by default. Click "Edit virtual machine settings" to take a look under the hood:

The only components of interest to us right now are the Network Adapters. By default, vSRXs come with two interfaces (assumedly, one for "out-of-band" management, and one for communication with another device). Starting from the top of the list, these interfaces are directly transposed to "ge-0/0/x" interfaces within Junos (e.g. the first Network Adapter is ge-0/0/0, the second Network Adapter is ge-0/0/1, and so forth for any additional network adapters you would add). Click the first Network Adapter in the list. The "Network connection" shows the different types of "connections" we can set this virtual network adapter to.

Details about the options are as follows:

Network Adapter Connection Types

  • Bridged - This bridges the virtual network adapter to the network the host machine (e.g. your PC) is connected to. In other words, this virtual device will get its own IP address on your home network. From the perspective of your home router, this is just another device attached to it).

  • NAT - This gives the virtual network adapter a private IP in a subnet your computer and a virtual network adapter installed by VMware have been automatically configured for. Traffic from the vSRX to the outside world is NATd by VMware Player (by "outside", I mean, outside of the virtual network your computer and the vSRX live in).

  • Host-only - This gives the virtual network adapter a private IP in a subnet automatically configured by VMware. No communication to the "outside" world is possible for the VM due to no NAT'ing being done with this connection type.

  • Custom - VMware comes with a set of default virtual bridges you can attach your virtual's network adapters to.

  • LAN segment - Akin to the "Custom" option, you can create your own virtual bridges and give them whatever name you'd like. This option is usually the go-to when you start setting up bigger labs.

If this is at all confusing to you, think of it this way: this is where/how you "cable" your virtual devices together. If you have two vSRXs running in VMware Player, this is where you would connect their network adapters by throwing them into the same LAN segment. It's as simple as that.

With that said, we can leave the settings as they are (set to the Bridged connection type).

Boot 'er up

Hit the "Play" button, and you will see the boot process initiate. In (hopefully) under a minute, you should be looking at a login prompt. Like any blank-slated Junos device, the default username is "root" with no password.

When you first login, you're going to be thrown to the shell prompt (as is default when logging in as root on a Junos device). We want to be at the Junos CLI, though:

root% cli

Congratulations! You've got a beautiful blank vSRX at your disposal.

Configuring a root authentication password

Before we can make any real changes to the configuration, we have to set a root password (and while we're at it, we'll configure a hostname). Keep in mind that in *nix based operating systems, it's normal for the cursor to not type anything when you're prompted to enter a password:

root> edit
root# set system root-authentication plain-text-password
New password:
Retype new password:
root# set system host-name R1

Don't commit just yet (it's alright if you did... but we're not done making changes yet).

Switching to packet-based mode

vSRXs (and SRXs in general, at least the Branch SRXs) operate in one of two different modes: flow-based, or packet-based. The default is flow-based. This means that by default, SRXs won't route packets like a traditional router, but instead will process packets based on session or the state of the traffic. Because I don't want this series to be SRX/Security-centric, we're going to change the SRX's mode to packet-based. First, we'll remove all [edit security] config, and then configure packet-based mode for the available families.

root@R1# delete security
root@R1# set security forwarding-options family inet6 mode packet-based
root@R1# set security forwarding-options family iso mode packet-based
root@R1# set security forwarding-options family mpls mode packet-based
root@R1# commit and-quit

You'll see a warning message stating that a reboot is required since we've changed the mpls flow mode. Reboot the vSRX:

root@R1> request system reboot

Configure a non-root user

When the system comes back up, login with the root credentials you configured earlier, enter CLI mode, and then configure a super-user that we'll use later for SSH'ing into our vSRX.

root@R1% cli
root@R1> edit
root@R1# set system services ssh
root@R1# set system login user lamoni class super-user
root@R1# set system login user lamoni authentication plain-text-password
New password:
Retype new password:
root@R1# commit

Configure our management interface (ge-0/0/0) as a DHCP client

In the section about our Network Adapters, we left them set at the "Bridged" connection type. That means we should be able to configure DHCP on our ge-0/0/0 interface, and it should be given an IP address from your home router.

root@R1# set interfaces ge-0/0/0 unit 0 family inet dhcp
root@R1# commit and-quit

Verify our ge-0/0/0.0 interface has been assigned an IP address

Cool! Open up a command prompt on your PC and let's try to ping that IP address.

Now that we know we have connectivity to our VM, open up your favorite SSH client and let's connect to our device using the super-user account we configured earlier.

You'll now find yourself at the Junos CLI of your brand new vSRX that's just waiting for you to configure whatever your heart desires.


Now that you've gotten your hands a little dirty with setting up a VM, and learned some of the more basic principles (such as how to "cable" your devices), we'll tackle spinning up another vSRX (by cloning the one we just made) and configuring OSPF between the two in the next part of this series.

If you're feeling thirsty for some more knowledge, move on to Part 2 of the series

Thanks for reading!