Add Juniper vSRX 3.0 node and image definition files (#32)

* Add Juniper vSRX 3.0 node and image definition files * Add Juniper vSRX 3.0 day 0 config
2025-10-23 07:42:03 +00:00 · 2023-01-11 06:05:34 +09:00
parent e2f4389732
commit 46930d5014
4 changed files with 240 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -60,3 +60,4 @@ This project was written and is maintained by the following individuals:
 * sig9 <sig9@sig9.org>
 * Ozzy Schoonover <OzzySchoonover@gmail.com>
 * Alexander Deca <alexander@deca-consulting.be>
+* Xinyu Wei <trustywolf@sfc.wide.ad.jp>
--- a/node-definitions/juniper/vsrx/README.md
+++ b/node-definitions/juniper/vsrx/README.md
@@ -0,0 +1,17 @@
+# Juniper vSRX Node Definitions
+
+This directory contains the following node definitions:
+
+* `jnpr-vsrx.yaml` - Juniper vSRX 3.0 Virtual Firewall
+
+## Caveats
+
+vSRX 3.0 support is considered **EXPERIMENTAL** within CML.
+
+### Image Availability
+
+Images for the vSRX 3.0 can be downloaded from https://support.juniper.net/support/downloads/?f=srx with a proper Juniper.net account and entitlement.
+
+### Notes
+
+The virtual SRX firewall has two different models, [vSRX and vSRX 3.0](https://supportportal.juniper.net/s/article/Overview-of-the-available-virtual-SRX-models-vSRX-and-vSRX-3-0), vSRX 3.0 qcow2 image was used along with this node definition, it uses 2 vCPU and 4 GB of RAM.
--- a/node-definitions/juniper/vsrx/jnpr-vsrx.yaml
+++ b/node-definitions/juniper/vsrx/jnpr-vsrx.yaml
@@ -0,0 +1,209 @@
+#
+# Juniper vSRX 3.0 virtual firewall node definition
+# generated 2023-01-09
+# part of VIRL^2
+#
+id: jnpr-vsrx
+configuration:
+  generator:
+    driver: null
+  provisioning:
+    volume_name: disk
+    media_type: iso
+    files:
+      - name: juniper.conf
+        content: |-
+          system {
+              host-name insert_hostname_here;
+              autoinstallation {
+                  delete-upon-commit; ## Deletes [system autoinstallation] upon change/commit
+                  traceoptions {
+                      level verbose;
+                      flag {
+                          all;
+                      }
+                  }
+              }
+              services {
+                  ssh;
+                  web-management {
+                      http {
+                          interface fxp0.0;
+                      }
+                      https {
+                          system-generated-certificate;
+                          interface fxp0.0;
+                      }
+                  }                               
+              }
+              syslog {
+                  file interactive-commands {
+                      interactive-commands any;
+                  }
+                  file messages {
+                      any any;
+                      authorization info;
+                  }
+              }
+              license {
+                  autoupdate {
+                      url https://ae1.juniper.net/junos/key_retrieval;
+                  }
+              }
+          }
+          security {
+              screen {
+                  ids-option untrust-screen {
+                      icmp {
+                          ping-death;
+                      }                           
+                      ip {
+                          source-route-option;
+                          tear-drop;
+                      }
+                      tcp {
+                          syn-flood {
+                              alarm-threshold 1024;
+                              attack-threshold 200;
+                              source-threshold 1024;
+                              destination-threshold 2048;
+                              queue-size 2000; ## Warning: 'queue-size' is deprecated
+                              timeout 20;
+                          }
+                          land;
+                      }
+                  }
+              }
+              policies {
+                  from-zone trust to-zone trust {
+                      policy default-permit {
+                          match {
+                              source-address any;
+                              destination-address any;
+                              application any;
+                          }
+                          then {
+                              permit;
+                          }
+                      }
+                  }
+                  from-zone trust to-zone untrust {
+                      policy default-permit {
+                          match {
+                              source-address any;
+                              destination-address any;
+                              application any;
+                          }
+                          then {
+                              permit;
+                          }
+                      }
+                  }
+                  pre-id-default-policy {
+                      then {
+                          log {
+                              session-close;      
+                          }
+                      }
+                  }
+              }
+              zones {
+                  security-zone trust {
+                      tcp-rst;
+                  }
+                  security-zone untrust {
+                      screen untrust-screen;
+                  }
+              }
+          }
+          interfaces {
+              fxp0 {
+                  unit 0;
+              }
+          }
+        editable: true
+inherited:
+  image:
+    ram: true
+    cpus: true
+    cpu_limit: true
+    data_volume: false
+    boot_disk_size: false
+  node:
+    ram: true
+    cpus: true
+    cpu_limit: true
+    data_volume: false
+    boot_disk_size: false
+device:
+  interfaces:
+    has_loopback_zero: false
+    default_count: 5
+    physical:
+      - fxp0
+      - ge-0/0/0
+      - ge-0/0/1
+      - ge-0/0/2
+      - ge-0/0/3
+      - ge-0/0/4
+      - ge-0/0/5
+      - ge-0/0/6
+      - ge-0/0/7
+      - ge-0/0/8
+      - ge-0/0/9
+      - ge-0/0/10
+      - ge-0/0/11
+      - ge-0/0/12
+      - ge-0/0/13
+      - ge-0/0/14
+      - ge-0/0/15
+      - ge-0/0/16
+      - ge-0/0/17
+      - ge-0/0/18
+      - ge-0/0/19
+      - ge-0/0/20
+      - ge-0/0/21
+      - ge-0/0/22
+      - ge-0/0/23
+      - ge-0/0/24
+      - ge-0/0/25
+      - ge-0/0/26
+      - ge-0/0/27
+      - ge-0/0/28
+      - ge-0/0/29
+      - ge-0/0/30
+    serial_ports: 1
+general:
+  description: Juniper vSRX 3.0 virtual firewall (EXPERIMENTAL)
+  nature: firewall
+  read_only: true
+schema_version: "0.0.1"
+sim:
+  linux_native:
+    cpus: 2
+    disk_driver: virtio
+    driver: server
+    libvirt_domain_driver: kvm
+    nic_driver: virtio
+    ram: 4096
+boot:
+  timeout: 600
+  completed:
+    - "login:"
+pyats:
+  os: junos
+  config_extract_command: show configuration
+  use_in_testbed: true
+ui:
+  description: |2-
+    Juniper vSRX 3.0 virtual firewall
+
+    4096MB, 2 vCPU
+
+    ##### Note
+    **EXPERIMENTAL**
+  group: Others
+  icon: firewall
+  label: Juniper vSRX 3.0
+  label_prefix: vsrx-
+  visible: true
--- a/virl-base-images/juniper/vsrx/jnpr-vsrx-22-2-r2.yaml
+++ b/virl-base-images/juniper/vsrx/jnpr-vsrx-22-2-r2.yaml
@@ -0,0 +1,13 @@
+#
+# Juniper vSRX 3.0 image definition
+# generated 2023-01-09
+# part of VIRL^2
+#
+
+id: jnpr-vsrx-22.2R2-S1.5
+label: Juniper vSRX 3.0 22.2R2
+node_definition_id: jnpr-vsrx
+disk_image: junos-vsrx3-x86-64-22.2R2-S1.5.qcow2
+description: Juniper vSRX 3.0 22.2R2-S1
+read_only: true
+schema_version: "0.0.1"