diff --git a/README.md b/README.md index a5eab72..8281c30 100644 --- a/README.md +++ b/README.md @@ -60,3 +60,4 @@ This project was written and is maintained by the following individuals: * sig9 * Ozzy Schoonover * Alexander Deca +* Xinyu Wei diff --git a/node-definitions/juniper/vsrx/README.md b/node-definitions/juniper/vsrx/README.md new file mode 100644 index 0000000..812ff5b --- /dev/null +++ b/node-definitions/juniper/vsrx/README.md @@ -0,0 +1,17 @@ +# Juniper vSRX Node Definitions + +This directory contains the following node definitions: + +* `jnpr-vsrx.yaml` - Juniper vSRX 3.0 Virtual Firewall + +## Caveats + +vSRX 3.0 support is considered **EXPERIMENTAL** within CML. + +### Image Availability + +Images for the vSRX 3.0 can be downloaded from https://support.juniper.net/support/downloads/?f=srx with a proper Juniper.net account and entitlement. + +### Notes + +The virtual SRX firewall has two different models, [vSRX and vSRX 3.0](https://supportportal.juniper.net/s/article/Overview-of-the-available-virtual-SRX-models-vSRX-and-vSRX-3-0), vSRX 3.0 qcow2 image was used along with this node definition, it uses 2 vCPU and 4 GB of RAM. diff --git a/node-definitions/juniper/vsrx/jnpr-vsrx.yaml b/node-definitions/juniper/vsrx/jnpr-vsrx.yaml new file mode 100644 index 0000000..7824e3e --- /dev/null +++ b/node-definitions/juniper/vsrx/jnpr-vsrx.yaml @@ -0,0 +1,209 @@ +# +# Juniper vSRX 3.0 virtual firewall node definition +# generated 2023-01-09 +# part of VIRL^2 +# +id: jnpr-vsrx +configuration: + generator: + driver: null + provisioning: + volume_name: disk + media_type: iso + files: + - name: juniper.conf + content: |- + system { + host-name insert_hostname_here; + autoinstallation { + delete-upon-commit; ## Deletes [system autoinstallation] upon change/commit + traceoptions { + level verbose; + flag { + all; + } + } + } + services { + ssh; + web-management { + http { + interface fxp0.0; + } + https { + system-generated-certificate; + interface fxp0.0; + } + } + } + syslog { + file interactive-commands { + interactive-commands any; + } + file messages { + any any; + authorization info; + } + } + license { + autoupdate { + url https://ae1.juniper.net/junos/key_retrieval; + } + } + } + security { + screen { + ids-option untrust-screen { + icmp { + ping-death; + } + ip { + source-route-option; + tear-drop; + } + tcp { + syn-flood { + alarm-threshold 1024; + attack-threshold 200; + source-threshold 1024; + destination-threshold 2048; + queue-size 2000; ## Warning: 'queue-size' is deprecated + timeout 20; + } + land; + } + } + } + policies { + from-zone trust to-zone trust { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + from-zone trust to-zone untrust { + policy default-permit { + match { + source-address any; + destination-address any; + application any; + } + then { + permit; + } + } + } + pre-id-default-policy { + then { + log { + session-close; + } + } + } + } + zones { + security-zone trust { + tcp-rst; + } + security-zone untrust { + screen untrust-screen; + } + } + } + interfaces { + fxp0 { + unit 0; + } + } + editable: true +inherited: + image: + ram: true + cpus: true + cpu_limit: true + data_volume: false + boot_disk_size: false + node: + ram: true + cpus: true + cpu_limit: true + data_volume: false + boot_disk_size: false +device: + interfaces: + has_loopback_zero: false + default_count: 5 + physical: + - fxp0 + - ge-0/0/0 + - ge-0/0/1 + - ge-0/0/2 + - ge-0/0/3 + - ge-0/0/4 + - ge-0/0/5 + - ge-0/0/6 + - ge-0/0/7 + - ge-0/0/8 + - ge-0/0/9 + - ge-0/0/10 + - ge-0/0/11 + - ge-0/0/12 + - ge-0/0/13 + - ge-0/0/14 + - ge-0/0/15 + - ge-0/0/16 + - ge-0/0/17 + - ge-0/0/18 + - ge-0/0/19 + - ge-0/0/20 + - ge-0/0/21 + - ge-0/0/22 + - ge-0/0/23 + - ge-0/0/24 + - ge-0/0/25 + - ge-0/0/26 + - ge-0/0/27 + - ge-0/0/28 + - ge-0/0/29 + - ge-0/0/30 + serial_ports: 1 +general: + description: Juniper vSRX 3.0 virtual firewall (EXPERIMENTAL) + nature: firewall + read_only: true +schema_version: "0.0.1" +sim: + linux_native: + cpus: 2 + disk_driver: virtio + driver: server + libvirt_domain_driver: kvm + nic_driver: virtio + ram: 4096 +boot: + timeout: 600 + completed: + - "login:" +pyats: + os: junos + config_extract_command: show configuration + use_in_testbed: true +ui: + description: |2- + Juniper vSRX 3.0 virtual firewall + + 4096MB, 2 vCPU + + ##### Note + **EXPERIMENTAL** + group: Others + icon: firewall + label: Juniper vSRX 3.0 + label_prefix: vsrx- + visible: true diff --git a/virl-base-images/juniper/vsrx/jnpr-vsrx-22-2-r2.yaml b/virl-base-images/juniper/vsrx/jnpr-vsrx-22-2-r2.yaml new file mode 100644 index 0000000..6e79d9f --- /dev/null +++ b/virl-base-images/juniper/vsrx/jnpr-vsrx-22-2-r2.yaml @@ -0,0 +1,13 @@ +# +# Juniper vSRX 3.0 image definition +# generated 2023-01-09 +# part of VIRL^2 +# + +id: jnpr-vsrx-22.2R2-S1.5 +label: Juniper vSRX 3.0 22.2R2 +node_definition_id: jnpr-vsrx +disk_image: junos-vsrx3-x86-64-22.2R2-S1.5.qcow2 +description: Juniper vSRX 3.0 22.2R2-S1 +read_only: true +schema_version: "0.0.1"