IBM Cloud Docs
Getting started with IBM Cloud Juniper vSRX

Getting started with IBM Cloud Juniper vSRX

IBM Cloud® Juniper vSRX allows you to route private and public network traffic selectively, through a full-featured, enterprise-level firewall that is powered by JunOS software features, such as full routing stacks, QoS and traffic sharing, policy-based routing, and VPN.

For a list of known limitations with IBM Cloud® Juniper vSRX Gateway, see Known limitations.

Choosing a vSRX license

Two license types are available for your IBM Cloud® Juniper vSRX:

  • Standard
  • Content Security Bundle (CSB)

The CSB license is not available on vSRX gateways that are running with Linux Bridge based network models. The license is only available on SR-IOV enabled gateways. Details can be found here.

Each license includes a different set of features and options, and the following table outlines the differences.

Table 1. License differences
License Type Features
Standard
  • Core security: firewall, ALG, screens, user firewall
  • IPsec VPN (site-to-site VPN)
  • NAT
  • CoS
  • Routing services: BGP, OSPF, DHCP, J-Flow, IPv4
  • Foundation: Static routing, management (J-Web, CLI, and NETCONF), on-box logging, diagnostics
Content Security Bundle (CSB)
Includes all Standard features, along with the additional features listed in the next column.
  • AppSecure
    • Application Tracking (AppTrack)
    • Application Firewall (AppFW)
    • Application Quality of Service (AppQoS)
    • Advanced policy-based routing (APBR)
    • Application Quality of Experience (AppQoE)
  • User Firewall
  • IPS
  • UTM
  • Anti Virus
  • Anti Spam
  • Web Filtering
  • Content Filtering
  • SSL Proxy
  • SSL Forward Proxy
  • SSL Reverse Proxy
  • SSL Decrypting Mirror

You can specify your license type when you order your vSRX, as well as change the license by using the Gateway Appliance Details page.

Ordering a vSRX

You can order your IBM Cloud® Juniper vSRX by following these steps:

  1. From your browser, open the Gateway Appliances page in the IBM Cloud catalog and log in to your account.

    You can also get here by logging in to the IBM Cloud UI console and selecting Classic Infrastructure > Network > Gateway appliance. Alternatively, from the IBM Cloud catalog, select the Network category then choose the Gateway Appliance tile.

  2. Choose Juniper vSRX (up to 1 Gbps) or Juniper vSRX (up to 10 Gbps) under Gateway Vendor.

  3. Choose your license type from license add-ons, either Standard or CSB.

    See the previous section for information on the features offered with each license.

  4. From the Gateway appliance section, enter your Hostname and Domain name information. These fields are already be populated with default information, so ensure that the values are correct.

  5. Check the High Availability option if needed, then select a data center Location, and the specific Pod you want from the menu.

    Only pods that already have an associated VLAN are displayed here. If you want to provision your gateway appliance in a pod you don't see listed, first create a VLAN there.

  6. From the Configuration section, choose your processor's RAM. You can also define an SSH key, if you want to use it to authenticate access to your new Gateway.

    The appropriate processor is chosen for you based on the license version you selected in step two. However, you can choose different RAM configurations.

  7. From the Storage disks section, choose the options that meet your storage requirements.

    RAID0 and RAID1 options are available for added protection against data loss, as are hot spares (backup components that can be placed into service immediately when a primary component fails).

    You can have up to four disks per vSRX. "Disk size" with a RAID configuration is the usable disk size, as RAID configurations are mirrored.

    Reserve more than the default disk setting if you plan to run network diagnostics that generate detailed logs.

  8. From the Network interface section, select your Uplink port speeds. The default selection is a single interface, but redundant and private only options are available as well. Choose the one that best fits your needs.

    The Network Interface Add Ons section allows you to select an IPv6 address if required, and shows you any additional included default options.

  9. Review your selections, check that you read the Third-Party Service Agreements, then click Create. The order is verified automatically.

After your order is approved, the provisioning of your IBM Cloud® Juniper vSRX Gateway starts automatically. When the provisioning process is complete, the new vSRX appears in the Gateway Appliances list page. Click the gateway name to open the Gateway Details page. The IP addresses, login username, and password for the device appear.

After you order and configure your gateway from the IBM Cloud catalog, you must also configure the device itself with the same settings.

Next steps

After your order is approved, the provisioning of your vSRX starts automatically. When the provisioning process is complete, the gateway appears in the Gateway Appliances list.

Click the gateway name to open the Gateway Details page. You find the IP addresses, login username, and passwords for the device.