paulmataruso/cml-community
1
0
Fork 0
mirror of https://github.com/CiscoDevNet/cml-community.git synced 2025-10-23 07:42:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Juniper vSRX 3.0 node and image definition files (#32)

Browse Source 
* Add Juniper vSRX 3.0 node and image definition files

* Add Juniper vSRX 3.0 day 0 config
This commit is contained in:
Xinyu Wei
2023-01-11 06:05:34 +09:00
committed by GitHub
parent e2f4389732
commit 46930d5014
4 changed files with 240 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -60,3 +60,4 @@ This project was written and is maintained by the following individuals:
* sig9 <sig9@sig9.org> * sig9 <sig9@sig9.org>
* Ozzy Schoonover <OzzySchoonover@gmail.com> * Ozzy Schoonover <OzzySchoonover@gmail.com>
* Alexander Deca <alexander@deca-consulting.be> * Alexander Deca <alexander@deca-consulting.be>
* Xinyu Wei <trustywolf@sfc.wide.ad.jp>

17
node-definitions/juniper/vsrx/README.md Normal file
View File

@@ -0,0 +1,17 @@
# Juniper vSRX Node Definitions
This directory contains the following node definitions:
* `jnpr-vsrx.yaml` - Juniper vSRX 3.0 Virtual Firewall
## Caveats
vSRX 3.0 support is considered **EXPERIMENTAL** within CML.
### Image Availability
Images for the vSRX 3.0 can be downloaded from https://support.juniper.net/support/downloads/?f=srx with a proper Juniper.net account and entitlement.
### Notes
The virtual SRX firewall has two different models, [vSRX and vSRX 3.0](https://supportportal.juniper.net/s/article/Overview-of-the-available-virtual-SRX-models-vSRX-and-vSRX-3-0), vSRX 3.0 qcow2 image was used along with this node definition, it uses 2 vCPU and 4 GB of RAM.

209
node-definitions/juniper/vsrx/jnpr-vsrx.yaml Normal file
View File

@@ -0,0 +1,209 @@
#
# Juniper vSRX 3.0 virtual firewall node definition
# generated 2023-01-09
# part of VIRL^2
#
id: jnpr-vsrx
configuration:
generator:
driver: null
provisioning:
volume_name: disk
media_type: iso
files:
- name: juniper.conf
content: |-
system {
host-name insert_hostname_here;
autoinstallation {
delete-upon-commit; ## Deletes [system autoinstallation] upon change/commit
traceoptions {
level verbose;
flag {
all;
}
}
}
services {
ssh;
web-management {
http {
interface fxp0.0;
}
https {
system-generated-certificate;
interface fxp0.0;
}
}
}
syslog {
file interactive-commands {
interactive-commands any;
}
file messages {
any any;
authorization info;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
pre-id-default-policy {
then {
log {
session-close;
}
}
}
}
zones {
security-zone trust {
tcp-rst;
}
security-zone untrust {
screen untrust-screen;
}
}
}
interfaces {
fxp0 {
unit 0;
}
}
editable: true
inherited:
image:
ram: true
cpus: true
cpu_limit: true
data_volume: false
boot_disk_size: false
node:
ram: true
cpus: true
cpu_limit: true
data_volume: false
boot_disk_size: false
device:
interfaces:
has_loopback_zero: false
default_count: 5
physical:
- fxp0
- ge-0/0/0
- ge-0/0/1
- ge-0/0/2
- ge-0/0/3
- ge-0/0/4
- ge-0/0/5
- ge-0/0/6
- ge-0/0/7
- ge-0/0/8
- ge-0/0/9
- ge-0/0/10
- ge-0/0/11
- ge-0/0/12
- ge-0/0/13
- ge-0/0/14
- ge-0/0/15
- ge-0/0/16
- ge-0/0/17
- ge-0/0/18
- ge-0/0/19
- ge-0/0/20
- ge-0/0/21
- ge-0/0/22
- ge-0/0/23
- ge-0/0/24
- ge-0/0/25
- ge-0/0/26
- ge-0/0/27
- ge-0/0/28
- ge-0/0/29
- ge-0/0/30
serial_ports: 1
general:
description: Juniper vSRX 3.0 virtual firewall (EXPERIMENTAL)
nature: firewall
read_only: true
schema_version: "0.0.1"
sim:
linux_native:
cpus: 2
disk_driver: virtio
driver: server
libvirt_domain_driver: kvm
nic_driver: virtio
ram: 4096
boot:
timeout: 600
completed:
- "login:"
pyats:
os: junos
config_extract_command: show configuration
use_in_testbed: true
ui:
description: |2-
Juniper vSRX 3.0 virtual firewall
4096MB, 2 vCPU
##### Note
**EXPERIMENTAL**
group: Others
icon: firewall
label: Juniper vSRX 3.0
label_prefix: vsrx-
visible: true

13
virl-base-images/juniper/vsrx/jnpr-vsrx-22-2-r2.yaml Normal file
View File

@@ -0,0 +1,13 @@
#
# Juniper vSRX 3.0 image definition
# generated 2023-01-09
# part of VIRL^2
#
id: jnpr-vsrx-22.2R2-S1.5
label: Juniper vSRX 3.0 22.2R2
node_definition_id: jnpr-vsrx
disk_image: junos-vsrx3-x86-64-22.2R2-S1.5.qcow2
description: Juniper vSRX 3.0 22.2R2-S1
read_only: true
schema_version: "0.0.1"