Introduction

To start Juniper series off, I’ll take you through the steps of beginning your first virtual Junos lab using Junos Firefly and VMware Fusion. By the end of this series, you should be able to setup your own virtual topology that enables you to practice for that JNCIA, S, P, or E exams you’re cramming for. The concepts you learn throughout this series should be applicable to other hypervisors.

Pre-requisites

Since we’ll be using nested virtualization, we’ll need a modern Mac which has a CPU that supports hardware virtualization and at least 16GB of RAM. You’ll also need to download and install VMware Fusion because it allows the hardware assisted virtualizaition feature of the CPU to be used in a virtual machine.

The following steps have been tested on a 2016 MacBook Pro that has 16 GB of RAM running MacOS Catalina Version 10.15.3 and VMware Fusion 11.5.1.

Software required for this tutorial:

• MacBook PRO with 16GB hardware of RAM
• VMware Fusion 11.5.1 – 30 days trial or buying
• VMware vSphere Hypervisor (a.k.a. ESXi 6.7.0 ISO) – 60 days trial or buying: —
  • Help how to install VMware vSphere ESXi 6.7 on a MacBook Pro guide: https://graspingtech.com/install-vmware-vpshere-esxi-mac/
• Junos Firefly Perimeter (a.k.a vSRX) version junos-vsrx3-x86-64-19.2R1-S2.2 – requires a valid Juniper support contract to download and is a 60 day trial: 
  • Installation guide by Juniper company: https://www.juniper.net/documentation/en_US/vsrx/information-products/pathway-pages/security-vsrx-vmware-guide-pwp.html

All photos are here: https://photos.app.goo.gl/G6V7w79UQmx8S39j6

How to Deploy vSRX on ESXi 6.7 

This I have found in Juniper information and I want to install:

!– wp:paragraph –>

At the end of this page you will se that ge-0/0/7 is also into installation!!! I install and configure to maximum number of networks that is supported by VMware Fusion so I can’t test if more networks can be created…

Step 1: Configure VMware Fusion Networking

Somebody said that “The first thing we need is to create two VMware Fusion custom networks”. I do not know if it is enough so I created other 8 networks.

Give the first one a name of vSphere. In my setup, I don’t enable DHCP or NAT for this network. 

Create another custom network called WAN which has NAT network enabled. In my setup, I don’t enable DHCP network.

If you want, create the other 8 networks by don’t enabled DHCP or NAT for the new networks. .

Step 2: Create ESXi 6.7 Virtual Machine 

Create the ESXi virtual machine using the steps from article: https://graspingtech.com/install-vmware-vpshere-esxi-mac/ but change the network settings when you get to the ESXi VM Settings step.

Click on the first Network Adapter and change it to the Private to my Mac custom network. 

Click on the second Network Adapter and change it to the vSphere custom network. 

Click on the next Network Adapter and change it to the WAN custom network.

Click on the next Network Adapter and change it to the vmnic2 – vmnic9 custom networks.

Step 3: Configure ESXi 6.7 Networking  on Web Browser (Firefox for example)

To do next:

– Rename the default virtual machine port group from VM Network to br-ext.
– Create a new vSwitch called Internal (with no uplinks).
– Create a new vSwitch called WAN with the uplink attached to the
– Create other port groups on the vmnic2 – vmnic9 vSwitch called vmnic2 – vmnic9.

Step by step for you to do:

Power-on VMware ESXi 6.7 application.

Login to the VMware ESXi web management user interface using a web browser.

Click Networking them Click on Port groups 

Rename the port group to br-ext, settings Accept all then click Save. Maybe have to change Security.

Create 8 port groups vmnic2 – vmnic9. Example of vmnic2: Virtual Switch vmmic 2,  settings Accept all then click Save. Maybe have to change Security.

Click the Virtual switches tab, then Add standard virtual switch. Give the vSwitch a name of Internal then Save.

Create another vSwitch called vmnic2 to vmnic9 but this time select the spare vmnic from 2 to 9 depending on the name. 

Create all switches for all vmnic’s meaning vmnic2 to vmnic9.

Add anotheres port group called vmic2 – vmnic9 this time selecting vmnic2 – vmnic9 as the virtual switchs.

Step 4: Install and deploy vSRX 

Click Virtual Machines and then Create / Register VM.

Select Deploy a virtual machine from an OVF or OVA file then click Next. 

Click Click to select files or drag/drop and select the junos-vsrx3-x86-64-19.2R1-S2.2.ide.ova file then click Open.

Give the virtual machine a name ofthen click  Next.

Select the datastore to place the virtual machine files on. It might be called datastore1 on your machine. Once selected, click Next. 

Accept License agreement then click Next. 

Make sure the Network mappings match the port groups we created then click Next. 

Click Finish to deploy the virtual machine.

Once the files have copied, the virtual machine will power-on automatically. You can view the console of the VM by right clicking on vSRX in the virtual machines list, then clicking Console and Open browser console. 

Is powered-on and you can see the following

Step 5: Power-off the vSRX virtual machine and add networks

In order to add networks connection to the vSRX machine you will need to power-off the VM off then edit the VM settings. 

To power-off the VM, right click on it then click Power and Power-off. Once powered-off, right click on the VM, then click Edit settings. 

Then Click Add network adapter 

Change and add networks of the new network adapter to vmnic2 – vmnic9. 

After all created you can see in vSRX this

Step 6: Boot ‘er up

I dave mine ideas but if you need other ideas about configuration you can find it here https://lamoni.io/setting-up-junos-firefly-vsrx-in-vmware-player/

Enter in VMware ESXi using Firefox.

Power-on vSRX. Enter in vSRX configuration. You should be looking at a login prompt.

Like any blank-slated Junos device, the default username is “root” with no password.

We want to be at the Junos CLI, though:

• root% cli
• root>

I delete all deaf all default configuration and I configure as in the next photo:

Step 7: First Problem and Solution with ssh opening

I have configured the vSRX. But I was unable to sign-in from Terminal…

Solution is here: https://stackabuse.com/how-to-fix-warning-remote-host-identification-has-changed-on-mac-and-linux/

When you connect to a server via SSH, it gets a fingerprint for the ECDSA key, which it then saves to your home directory under ~/.ssh/known_hosts. This is done after first connecting to the server

Note: If you are 100% sure that this was expected behaving and that there is no potential security issue, you’ll need to fix the issue before continuing. The easiest ways I’ve found to fix this problem is the following solution

Use the ssh-keygen utility to delete the offending key from your known_hosts file, which can be done with the following command:

So in my example I’d use it like this:

Step 8: Second Problem and Solution into vSRX

The ge-0/0/0 and ge-0/0/1 are visible in > show interfaces terse command.

What I have done ..

1. Power-off vSRX device using command > request system power-off then
2. Enter in Firefox -> VMware ESXi -> vSRX > Edit > Network Adapter then
3. For each Network Adapter vmnic set Adapter Type to VMXNET 3 and save the
4. Power-on the vSRX device

The interface ge-0/0/0 – ge-0/0/7 is visible into > show interfaces terse command

I can see this, meaning ge-0/0/7 aded one more than expected.

And how we see networks into VMware ESXi

Please write me only on email: silvique_ms@yahoo.com

All Photos: