- No category
advertisement
CHAPTER 6
vSRX Licensing
•
vSRX Feature Licenses Overview on page 87
•
Managing Licenses for vSRX on page 95
•
vSRX License Model Numbers on page 101
vSRX Feature Licenses Overview
Some Junos OS software features require a license to activate the feature.
To enable a licensed feature, you need to purchase, install, manage, and verify a license key that corresponds to each licensed feature. To conform to software feature licensing requirements, you must purchase one license per feature per instance. The presence of the appropriate software unlocking key on your virtual instance allows you to configure and use the licensed feature.
NOTE: If applicable for your vSRX deployment, vSRX pay-as-you-go images do not require any separate licenses. For the initial release of vSRX on Microsft
Azure, only the build-your-own-license (BYOL) model is supported.
•
vSRX License Procurement and Renewal on page 87
•
vSRX Evaluation License on page 88
•
•
•
•
Individual (á la carte) Feature Licenses on page 91
•
•
•
vSRX License Keys Components on page 92
•
License Management Fields Summary on page 93
vSRX License Procurement and Renewal
Licenses are usually ordered when the software application is purchased, and this information is bound to a customer ID. If you did not order the licenses when you purchased
Copyright © 2017, Juniper Networks, Inc.
87
vSRX Guide for KVM your software application, contact your account team or Juniper Networks Customer
Care for assistance.
Licenses can be procured from the
Juniper Networks License Management System (LMS)
.
For license renewal, use the show system license command to find the Juniper vSRX software serial number that you use to renew a license.
vsrx> show system license
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
Virtual Appliance 1 1 0 58 days
Licenses installed:
License identifier: E420588955
License version: 4
Software Serial Number: 20150625
Customer ID: vSRX-JuniperEval
Features:
Virtual Appliance - Virtual Appliance
count-down, Original validity: 60 days
License identifier: JUNOS657051
License version: 4
Software Serial Number: 9XXXXAXXXXXXX9
Customer ID: MyCompany
Features:
Virtual Appliance - Virtual Appliance
permanent
NOTE: Do not use the show chassis hardware command to get the serial number on vSRX, because that command is only appropriate for the physical
SRX Series devices. Also, the license for advanced security features available on the physical SRX Series devices cannot be used with vSRX deployments.
NOTE: If you are performing a software downgrade with licenses installed, you will see an error message in the CLI when you try to configure the licensed features or run the show system license status command.
We recommend deleting existing licenses before performing a software downgrade.
vSRX Evaluation License
To speed deployment of licensed features, the vSRX software image provides you with a 60-day product evaluation license and a 30-day advanced security features license, both of which allow you to use vSRX and licensed features for a specified period without having to install a license key.
lists vSRX evaluation license types.
88 Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
Table 22: vSRX Evaluation License Type
License Package
Trial license
(temporary for evaluation only)
Type Period
Product evaluation–Basic 60 days
Product evaluation–Advanced features
30 days
-
-
License Model
Number
Product Evaluation License
The vSRX software image includes a 60-day trial license. When you download and install the vSRX image, you are entitled to use this trial license for 60 days. It is intended as an evaluation license for using vSRX. This product-unlocking license is required to use the basic functions of the vSRX, such as networking, routing, and basic security features
(such as stateful firewall).
NOTE: The use of the 60-day trial license does not include vSRX support unless you already have a pre-existing vSRX support contract. If you require support during this 60-day evaluation period, please work with your Juniper
Account team or go to the J-Net Community forum ( http://forums.juniper.net/ ) and view the Support topics under the vSRX category.
Within 30 days of the license expiration date, a license expiration warning appears each time you log in to the vSRX instance. After the product evaluation license expires, you will not be able to use the vSRX; it will be disabled and flow configuration options will not work (the vSRX will stop forwarding traffic). At this point, only management interfaces and CLI configurations are preserved.
Advanced Security Features Evaluation License
The advanced security features license is a 30-day trial license for vSRX that is required for advanced security features such as UTM, IDP, and AppSecure. You can download the trial license for advanced security features from the vSRX Free Trial License Page .
The 30-day trial license period begins on the day you enable the enhanced security features after you install the 60-day product evaluation license for vSRX. To continue using vSRX features after the 30-day license period expires, you must purchase and install the license; otherwise, the features are disabled. If the license for advanced security features expires while the evaluation license (product unlocking license) is still valid, only the advanced security features that require a license are disabled.
Copyright © 2017, Juniper Networks, Inc.
89
vSRX Guide for KVM
License Types
NOTE: The UTM advanced features have a slightly different trial license strategy. UTM does not requires 30-day trial license but only a 30-day grace period. Once the 30-day advanced security features trial license expires,
Juniper Networks supports a 30-day grace period for you to continue using
UTM features. The 30-day grace period goes into effect after the 30-trial license expires.
There is also a 30-day trial license available for Juniper Sky Advanced Threat Prevention
(ATP). This is a second license that you can apply for a 30-day period in addition to the advanced security features license for vSRX to enable the Sky ATP features. You can download the Sky ATP trial license from the vSRX Free Trial License Page .
Juniper Networks provides a variety of licenses for both basic firewall features and advanced security features for different throughputs and durations.
If you want to use vSRX to provide basic firewall features, you can use standard (basic) licenses. However, to use some of the more advanced security features, such as
AppSecure, IDP, and UTM, you might need to purchase advanced features licenses.
The high-level categories for licenses are:
• Throughput–All licenses have an associated throughput. Throughput rates include 1
Gbps, 2 Gbps, and 4 Gbps on most platforms.
•
Features–Licenses are available for different combinations of feature sets, from standard (STD) through Content Security Bundle (CS-B).
• Individual or bundled–Licenses can be individual (á la carte) licenses for a set of features, or can be bundled together to provide a broad range of features in one easy license to maintain.
• Duration–All licenses have an associated time duration. You can purchase basic licenses as perpetual (never expire) or subscription based (1-year or 3-year duration). All vSRX licenses are subscription based.
•
New or renewal–All subscription licenses are either new (first-time purchase) or renewals (extending the license duration when the initial new subscription license is about to expire).
shows a sample license SKU and identifies how each field maps to these categories.
90 Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
Figure 7: Sample vSRX License SKU
Throughput
Bundled or individual
VSRX-10M-ASECB-3-R
Product Duration Feature set
New or renewal
These categories of licenses can also be combined, or stacked, to provide more flexibility for your vSRX use cases.
Throughput
Bandwidth or throughput license types allow you to use a single instance of the software for up to the maximum throughput specified in the license entitlement. Throughput can be combined on a single instance of the software so that the maximum throughput for that instance is the aggregate of all the throughput licenses assigned to that instance.
A throughput license cannot be split across multiple instances. Throughput is identified in the license entitlement in megabits per second (Mbps), or gigabits per second (Gbps).
For example, if you want 3 Gbps of throughput for a vSRX instance using the STD features, you would purchase a 1G STD license and a 2G STD license and install both on the vSRX.
If you wanted 2 Gbps of throughput on two vSRX instances acting as a chassis cluster, you could not use the same 2 Gbps license on both vSRX instances. You would need to purchase one set of licenses for each vSRX instance in the cluster.
License Duration
All licenses can be perpetual or subscription based.
•
Perpetual license–A perpetual license allows you to use the licensed software indefinitely. Perpetual licenses do not require renewals. Perpetual licenses do not include maintenance and upgrade support. You must purchase that separately, vSRX software releases such as vSRX for Azure or vSRX for AWS do not support perpetual licenses.
•
Subscription license–A subscription license is an annual license that allows you to use the licensed software feature for the matching duration. Subscriptions might involve periodic downloads of content (such as for IDP threat signature files). At the end of the license period, you need to renew the license to continue using it.
All subscription licenses are renewable.
Subscription licenses start when you retrieve the license key or 30 days after purchase if you have not retrieved the license key.
For more information, see vSRX subscriptions
.
Individual (á la carte) Feature Licenses
Every vSRX instance requires at least one standard license to support the desired throughput rate. Beyond that, you can select from a range of individual feature licenses
Copyright © 2017, Juniper Networks, Inc.
91
vSRX Guide for KVM that provide additional security feature sets. The feature license must match the standard license rate.
NOTE: AWS and Microsoft Azure do not support individual licenses.
For example, if you need AppSecure and Sophos antivirus features at 1 Gbps of throughput for a year, you could purchase the following individual licenses:
• VSRX-STD-1G-1—Provides the standard feature set and 1 Gbps of throughput.
•
VSRX-CS-1G-1—Provides the advanced features.
Bundled Licenses
Bundled licenses simplify the license management by combining one or more individual licenses into a single bundled license. Instead of installing and managing a standard throughput license and one or more individual advanced feature licenses, you can purchase one of the bundle license options and manage one license instead.
For example, if you need AppSecure and Sophos antivirus features at 1 Gbps of throughput for a year, you could purchase the single bundled VSRX-CS-B-1G-1 license, which includes the STD throughput license. This means you only need to manage one license instead of two individual licenses.
Stacking Licenses
You can combine individual or bundled licenses to combine features or build up the overall supplied throughput for the vSRX instance.
For example, you can combine a 1-Gbps license and a 2-Gbps license to have 3 Gbps of throughput for the vSRX instance. You can also combine individual licenses, such as
Sophos antivirus (SAV) and Websense Enhanced Web Filtering (EWF) to get both sets of security features.
NOTE: Individual licenses require a STD license with the same throughput rate.
vSRX License Keys Components
A license key consists of two parts:
• License ID—Alphanumeric string that uniquely identifies the license key. When a license is generated, it is given a license ID.
•
License data—Block of binary data that defines and stores all license key objects.
92 Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
For example, in the following typical license key, the string E413XXXX57 is the license ID, and the trailing block of data is the license data:
E413XXXX57 aaaaaa bbbbbb cccccc dddddd eeeeee ffffff
cccccc bbbbbb dddddd aaaaaa ffffff aaaaaa
aaaaaa bbbbbb cccccc dddddd eeeeee ffffff
cccccc bbbbbb dddddd aaaaaa ffffff
The license data conveys the customer ID and the software serial number (Juniper
Networks support reference number) to the vSRX instance.
License Management Fields Summary
The Licenses window displays a summary of licensed features that are configured on the vSRX instance and a list of licenses that are installed on the vSRX instance.
To view the license details, select Maintain>Licenses in the J-Web user interface. The
Licenses window appears as shown in
.
Figure 8: J-Web Licenses Window Showing Installed Licenses
You can also view the details of a license in the CLI using the show system license command. The following sample shows details of an evaluation license in the CLI:
License usage:
Licenses Licenses Licenses Expiry
Feature name used installed needed
anti_spam_key_sbl 0 1 0 2016-04-15
08:00:00 CST
idp-sig 0 1 0 2016-04-15
08:00:00 CST
appid-sig 0 1 0 2016-04-15
08:00:00 CST
av_key_sophos_engine 0 3 0 2016-07-29
Copyright © 2017, Juniper Networks, Inc.
93
vSRX Guide for KVM
94
08:00:00 CST
wf_key_websense_ewf 0 1 0 2016-04-15
08:00:00 CST
Virtual Appliance 1 1 0 2016-04-25
08:00:00 CST
Licenses installed:
License identifier: E420588955
License version: 4
Software Serial Number: 20150625
Customer ID: vSRX-JuniperEval
Features:
Virtual Appliance - Virtual Appliance
count-down, Original validity: 60 days
The information on the license management page is summarized in
Table 23: Summary of License Management Fields
Field Name Definition
Feature Summary
Feature
Licenses Used
Licenses Installed
Licenses Needed
Licenses expires on
Name of the licensed feature:
•
•
Features —Software feature licenses.
All features
—All-inclusive licenses.
Number of licenses currently being used on the vSRX instance. Usage is determined by the configuration. If a feature license exists and that feature is configured, the license is considered used.
Number of licenses installed on the vSRX instance for the particular feature.
Number of licenses required for legal use of the feature. Usage is determined by the configuration on the vSRX instance: If a feature is configured and the license for that feature is not installed, a license is needed.
Date the license expires.
Installed Licenses
ID
State
Version
Group
Unique alphanumeric ID of the license.
Valid
—The installed license key is valid.
Invalid —The installed license key is not valid.
Numeric version number of the license key.
If the license defines a group license, this field displays the group definition.
NOTE: Because group licenses are currently unsupported, this field is always blank.
Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
Table 23: Summary of License Management Fields (continued)
Field Name Definition
Enabled Features
Expiration
Name of the feature that is enabled with the particular license.
Date the license expires.
Software serial number The serial number is a unique 14-digit number that Juniper Networks uses to identify your particular software installation. You can find the software serial number in the Software Serial Number Certificate attached to the e-mail that was sent when you ordered your Juniper
Networks software or license. You can also use the show system license command to find the software serial number.
Customer ID ID that identifies the registered user.
Related
Documentation
• vSRX subscriptions
Managing Licenses for vSRX
Before you begin, ensure that you have retrieved the license key from the Juniper License
Management System (LMS).
This section includes the following topics:
•
vSRX Evaluation License Installation Process on page 95
•
Adding a New License Key with J-Web on page 96
•
Adding a New License Key from the CLI on page 97
•
Updating vSRX Licenses on page 98
•
Deleting a License with J-Web on page 99
•
Deleting a License with the CLI on page 100
•
License Warning Messages on page 100
vSRX Evaluation License Installation Process
Juniper Networks provides a 60-day evaluation license for vSRX standard features. When you download and install the vSRX image, you are entitled to use this evaluation license for 60 days as a trial. In addition to the 60-day vSRX evaluation license, there is a 30-day advanced security features trial license for vSRX that is required for advanced security features such as UTM, IDP, and AppSecure.
You can download the 30-day advanced security feature trial license from the vSRX Free
Trial License Page .
There is also a 30-day trial license available for Juniper Sky Advanced Threat Prevention
(ATP). This is a second license that you can apply for a 30-day period in addition to the
Copyright © 2017, Juniper Networks, Inc.
95
vSRX Guide for KVM advanced security features license for vSRX to enable the Sky ATP features. You can download the Sky ATP trial license from the vSRX Free Trial License Page
Installation of the advanced security feature trial license is similar to the regular license installation performed from the CLI (see
“Adding a New License Key from the CLI” on page 97
).
Within 30 days of the license expiration date, a license expiration warning appears each time you log in to the vSRX instance. After the product evaluation license expires, you will not be able to use the vSRX; it will be disabled and flow configuration options will not work (the vSRX will stop forwarding traffic). At this point, only management interfaces and CLI configurations are preserved.
NOTE: The 30-day evaluation license period begins on the day you enable enhanced security features after installing evaluation licenses.
To continue using vSRX features after an optional 30-day evaluation period, you must purchase and install the license. Otherwise, the features are disabled.
For details about the 60- and 30-day license evaluation periods for the vSRX see
Feature Licenses Overview” on page 87
.
Adding a New License Key with J-Web
To install a license using the J-Web interface:
1.
Select Maintain>Licenses on the J-Web user interface. The Licenses window is displayed as shown in
.
Figure 9: J-Web Licenses Window
96
2.
Under Installed Licenses, click Add. The Add License window is displayed as shown in
.
Copyright © 2017, Juniper Networks, Inc.
Figure 10: Add License Window
Chapter 6: vSRX Licensing
3.
Do one of the following, using a blank line to separate multiple license keys:
• Enter the full URL to the destination file containing the license key in the License
File URL box.
•
Paste the license key text, in plaintext format, in the License Key Text box.
4.
Click OK to add the license key. The License Details window is displayed as shown in
Figure 11: License Details Window
The license key is installed and activated on the vSRX instance.
Adding a New License Key from the CLI
You can add a license key from a local file, from a remote URL, or from the terminal.
To install a license from the CLI:
1.
Use the request system license add operational mode command to either add the license from a local file or remote URL that contains the license key, or to manually paste the license key in the terminal.
user@vsrx> request system license add terminal
[Type ^D at a new line to end input,
Copyright © 2017, Juniper Networks, Inc.
97
vSRX Guide for KVM
enter blank line between each license key]
E413XXXX57 aaaaaa bbbbbb cccccc dddddd eeeeee ffffff
cccccc bbbbbb dddddd aaaaaa ffffff aaaaaa
aaaaaa bbbbbb cccccc dddddd eeeeee ffffff
cccccc bbbbbb dddddd aaaaaa ffffff
E413XXXX57: successfully added add license complete (no errors)
NOTE: You can save the license key to a file and upload the file to the vSRX file system through FTP or Secure Copy (SCP), and then use the request system license add file-name command to install the license.
2.
Optionally, use the show system license command to view details of the licenses.
root@host> show system license
License usage: Licenses Licenses Licenses Expiry
Feature name used installed needed wf key websense ewf 1 0 1 invalid
Licenses installed: none
The license key is installed and activated on the vSRX instance.
Updating vSRX Licenses
You can update the vSRX licenses using either of the following two methods:
•
Automatic license update using the CLI
•
Manual license update using the CLI
As a prerequisite, you must install at least one valid license key on your vSRX instance for required features. License auto-update is performed based on the valid software serial number and customer ID embedded in the license key.
To enable automatic license updates from the CLI:
1.
Contact your account team or Juniper Networks Customer Care to extend the validity period of existing license keys and obtain the URL for a valid update server.
2.
Once you have successfully extended your license key and received the update server
URL, configure the auto-update parameter: user@host> set system license autoupdate url https://ae1.juniper.net/
3.
Configure renew options (if required). The following sample allows vSRX to contact the license server 30 days before the current license expires and sends an automatic update request every 6 hours.
98 Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing user@host> set system license renew before-expiration 30 user@host> set system license renew interval 6
To manually update the licenses from the CLI:
1.
Use the following command to update the license keys manually: user@host> request system license update <url.of.license.server>
This command sends a license update request to the license server immediately.
NOTE: The request system license update command will always use the default Juniper license server: https://ae1.juniper.net
2.
Check the status of the license by entering the show system license command.
Deleting a License with J-Web
To delete a license using the J-Web interface:
1.
Select Maintain>Licenses.
2.
Select the check box of the license or licenses you want to delete as shown in
.
Figure 12: Deleting a License
3.
Click Delete.
4.
Click OK to confirm your deletion as shown in
Copyright © 2017, Juniper Networks, Inc.
99
vSRX Guide for KVM
Figure 13: Delete Licenses Window
The license you deleted is removed.
Deleting a License with the CLI
To delete a license using the CLI:
1.
From operational mode, for each license, enter the following command and specify the license ID. You can delete only one license at a time.
user@host> request system license delete <license-key-identifier>
Or you can use the following command to delete all installed licenses.
user@host> request system license delete all
2.
Type yes when you are prompted to confirm the deletion.
Delete license JUNOS606279 ? [yes,no] (no)
The license you deleted is removed.
License Warning Messages
You must purchase a new license or renew your existing subscription-based license to have a seamless transition from the old license to the new one.
The following conditions occur when a license expires on vSRX:
• Evaluation license for the core expires—Packet forwarding on vSRX is disabled. However, you can manage vSRX through the fxp0 management interface, and the CLI configuration is preserved.
• Subscription-based licenses for advanced security features expire but subscription-based licenses for core services are active—A 30-day grace period begins, allowing the user to continue using advanced security features. After the grace period, advanced security features are disabled. Basic features are always available in the vSRX. After subscription-based licenses for core services expire, a warning message is displayed to notify the user, but basic features will remain preserved for the user.
•
Subscription-based license for core features expires but subscription-based license for advanced security features is active—A warning message is displayed to notify the user. However, you can continue to use the basic features on the vSRX. Advanced security features are disabled when the subscription-based license for advanced security features expires, but basic features will remain preserved for the user.
100 Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
To use features that require a license, you must install and configure a license. After the license expires, warning messages are displayed in the system log and on the J-Web dashboard.
When a license expires, the System Alarms section of the J-Web dashboard displays a message stating that the license has expired as shown in
Figure 14: J-Web Dashboard for License Expiry Warning
When a license expires, the following message appears when you log in:
Virtual Appliance License is invalid
vSRX License Model Numbers
The licenses used by all Juniper Networks instances are based on SKUs, which represent lists of features. Each license includes a list of features that the license enables along with information about those features.
For information about purchasing software licenses, contact your Juniper Networks sales representative at http://www.juniper.net/in/en/contact-us/
.
vSRX licenses are based on application packages and processing capacity.
Bandwidth (throughput) licenses allow you to use a single instance of the software for up to the maximum throughput specified in the license entitlement. Throughput licenses can be combined on a single instance of the software so that the maximum throughput for that instance is the aggregate of all the throughput licenses assigned to that instance.
A throughput license cannot be split across multiple instances. Throughput licenses are identified in the license entitlement in megabits per second (Mbps), or gigabits per second
(Gbps).
vSRX provides bandwidth in the following capacities (throughput per instance): 10 Mbps,
100 Mbps, 1 Gbps, 2 Gbps, and 4 Gbps. Each of these bandwidth tiers is offered with four different packages along with bandwidth based, a la carte, advanced Layer 7 security services SKUs.
describes the features available with the various license packages.
Copyright © 2017, Juniper Networks, Inc.
101
vSRX Guide for KVM
102
Table 24: vSRX Licensing Package Types
License
Type Description Duration
Secure Cloud
Connect
(SCC)
Includes the following features:
•
•
•
•
IPsec VPN (site-to-site VPN)
NAT
CoS
•
Routing services – BGP, OSPF, DHCP,
J-Flow, IPv4, and IPv6
Foundation – Static routing, management (J-Web, CLI, and
NETCONF), on-box logging, diagnostics
•
Software platform – KVM, Openstack,
ESXi 6.0, Contrail
Both perpetual and subscription license options are available.
See
for SCC bandwidth SKUs available for vSRX.
STD Includes the following features:
• Core security – firewall, ALG, screens, user firewall
•
•
•
•
IPsec VPN (site-to-site VPN)
NAT
CoS
Multicast services – IP Multicast (PIM,
IGMP)
•
•
•
Routing services – BGP, OSPF, DHCP,
J-Flow, IPv4, and IPv6
High availability
•
Foundation – Static routing, management (J-Web, CLI, and
NETCONF), on-box logging, diagnostics
Software platform – KVM, Openstack,
ESXi 6.0, Contrail
Both perpetual and subscription license options are available.
See
for STD bandwidth SKUs available for vSRX.
ASCB and
ASECB
Includes all STD features bundled with the following additional AppSecure features:
Subscription licenses only.
•
•
•
•
AppID
AppFW
AppQoS
AppTrack
See
for bandwidth SKUs available for vSRX with AppSecure and IPS features.
CS-B Includes all STD features bundled with
ASEC features and the addition of UTM capabilities:
•
•
•
•
Antispam
Antivirus
Content filtering
Web filtering
Subscription licenses only.
See
for CS-B bandwidth SKUs available for vSRX.
Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
Table 24: vSRX Licensing Package Types (continued)
License
Type Description Duration
Individual (a la carte)
Advanced
Security
Services (
ASEC, S-AV,
W-EWF, CS)
Individual (a la carte) Layer 7 security services licenses including:
•
•
•
•
Sophos antivirus
Websense enhanced Web filtering
AppSecure and IPS
Content Security (CS)
Subscription licenses only.
See
for
AppSecure and IPS SKUs available for vSRX.
See
for Sophos antivirus bandwidth SKUs available for vSRX.
lists the Web filtering subscription licenses available for vSRX.
NOTE: License stacking is allowed. So, for example, to license 20 Mbps of throughput for the standard (STD) feature set perpetually, use 2
VSRX-10M-STD licenses.
lists the standard bandwidth licenses available for vSRX.
Copyright © 2017, Juniper Networks, Inc.
103
vSRX Guide for KVM
104
Table 25: Secure Cloud Connect (SCC) vSRX Bandwidth Licenses
SCC Licenses Model Number
10M/100M/1G/2G/4G throughput—vSRX
SCC package (1-year, 3-year, or perpetual)
VSRX-10M-SCC
VSRX-10M-SCC-1
VSRX-10M-SCC-1-R
VSRX-10M-SCC-3
VSRX-10M-SCC-3-R
VSRX-100M-SCC
VSRX-100M-SCC-1
VSRX-100M-SCC-1-R
VSRX-100M-SCC-3
VSRX-100M-SCC-3-R
VSRX-1G-SCC
VSRX-1G-SCC-1
VSRX-1G-SCC-1-R
VSRX-1G-SCC-3
VSRX-1G-SCC-3-R
VSRX-2G-SCC
VSRX-2G-SCC-1
VSRX-2G-SCC-1-R
VSRX-2G-SCC-3
VSRX-2G-SCC-3-R
VSRX-4G-SCC
VSRX-4G-SCC-1
VSRX-4G-SCC-1-R
VSRX-4G-SCC-3
VSRX-4G-SCC-3-R
Copyright © 2017, Juniper Networks, Inc.
Table 26: Standard (STD) vSRX Bandwidth Licenses
STD Licenses Model Number
10M/100M/1G/2G/4G throughput—vSRX standard package (1 year, 3 years, and perpetual)
VSRX-10M-STD
VSRX-10M-STD-1
VSRX-10M-STD-1-R
VSRX-10M-STD-3
VSRX-10M-STD-3-R
VSRX-100M-STD
VSRX-100M-STD-1
VSRX-100M-STD-1-R
VSRX-100M-STD-3
VSRX-100M-STD-3-R
VSRX-1G-STD
VSRX-1G-STD-1
VSRX-1G-STD-1-R
VSRX-1G-STD-3
VSRX-1G-STD-3-R
VSRX-2G-STD
VSRX-2G-STD-1
VSRX-2G-STD-1-R
VSRX-2G-STD-3
VSRX-2G-STD-3-R
VSRX-4G-STD
VSRX-4G-STD-1
VSRX-4G-STD-1-R
VSRX-4G-STD-3
VSRX-4G-STD-3-R
Chapter 6: vSRX Licensing
Copyright © 2017, Juniper Networks, Inc.
105
vSRX Guide for KVM
106
lists the bandwidth licenses available for vSRX bundled with
AppSecure and IPS features.
Table 27: vSRX AppSecure and IPS Bundled (ASCB and ASECB) Bandwidth
Licenses
ASCB / ASECB Licenses Model Number
10M/100M/1G/2G/4G throughput—vSRX
AppSecure package includes all features in the STD package with IPS and
AppSecure (1-year or 3-year subscription)
VSRX-10M-ASECB-1
VSRX-10M-ASECB-1-R
VSRX-10M-ASECB-3
VSRX-10M-ASECB-3-R
VSRX-100M-ASCB-1
VSRX-100M-ASCB-1-R
VSRX-100M-ASCB-3
VSRX-100M-ASCB-3-R
VSRX-1G-ASECB-1
VSRX-1G-ASECB-1-R
VSRX-1G-ASECB-3
VSRX-1G-ASECB-3-R
VSRX-2G-ASECB-1
VSRX-2G-ASECB-1-R
VSRX-2G-ASECB-3
VSRX-2G-ASECB-3-R
VSRX-4G-ASECB-1
VSRX-4G-ASECB-1-R
VSRX-4G-ASECB-3
VSRX-4G-ASECB-3-R
lists the individual (a la cart) subscription licenses available for vSRX with AppSecure and IPS features.
Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
Table 28: Individual vSRX AppSecure and IPS Subscription Licenses
ASEC Licenses Model Number
10M/100M/1G/2G/4G subscription—vSRX AppSecure package includes IPS and AppSecure (1-year or
3-year subscription)
VSRX-10M-ASEC-1
VSRX-10M-ASEC-1-R
VSRX-10M-ASEC-3
VSRX-10M-ASEC-3-R
VSRX-100M-ASEC-1
VSRX-100M-ASEC-1-R
VSRX-100M-ASEC-3
VSRX-100M-ASEC-3-R
VSRX-1G-ASEC-1
VSRX-1G-ASEC-1-R
VSRX-1G-ASEC-3
VSRX-1G-ASEC-3-R
VSRX-2G-ASEC-1
VSRX-2G-ASEC-1-R
VSRX-2G-ASEC-3
VSRX-2G-ASEC-3-R
VSRX-4G-ASEC-1
VSRX-4G-ASEC-1-R
VSRX-4G-ASEC-3
VSRX-4G-ASEC-3-R
lists the Content Security bundled (CS-B) bandwidth licenses available for vSRX.
Copyright © 2017, Juniper Networks, Inc.
107
vSRX Guide for KVM
Table 29: vSRX Content Security Bundled (CS-B) Bandwidth Licenses
CS Licenses Model Number
10M/100M/1G/2G/4G throughput—vSRX
CS package includes all features in STD,
IPS, and AppSecure, enhanced Web filtering, Sophos antivirus, antispam, content filtering, (1-year or 3-year subscription).
VSRX-10M-CS-B-1
VSRX-10M-CS-B-1-R
VSRX-10M-CS-B-3
VSRX-10M-CS-B-3-R
VSRX-100M-CS-B-1
VSRX-100M-CS-B-1-R
VSRX-100M-CS-B-3
VSRX-100M-CS-B-3-R
VSRX-1G-CS-B-1
VSRX-1G-CS-B-1-R
VSRX-1G-CS-B-3
VSRX-1G-CS-B-3-R
VSRX-2G-CS-B-1
VSRX-2G-CS-B-1-R
VSRX-2G-CS-B-3
VSRX-2G-CS-B-3-R
VSRX-4G-CS-B-1
VSRX-4G-CS-B-1-R
VSRX-4G-CS-B-3
VSRX-4G-CS-B-3-R
lists the individual (a la carte) CS subscription licenses available for vSRX.
108 Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
Table 30: vSRX Individual Content Security (CS) Subscription Licenses
CS Licenses Model Number
10M/100M/1G/2G/4G throughput—vSRX
CS package includes enhanced Web filtering, Sophos antivirus, antispam,
AppSecure and IPS (1-year or 3-year subscription).
VSRX-10M-CS-1
VSRX-10M-CS-1-R
VSRX-10M-CS-3
VSRX-10M-CS-3-R
VSRX-100M-CS-1
VSRX-100M-CS-1-R
VSRX-100M-CS-3
VSRX-100M-CS-3-R
VSRX-1G-CS-1
VSRX-1G-CS-1-R
VSRX-1G-CS-3
VSRX-1G-CS-3-R
VSRX-2G-CS-1
VSRX-2G-CS-1-R
VSRX-2G-CS-3
VSRX-2G-CS-3-R
VSRX-4G-CS-1
VSRX-4G-CS-1-R
VSRX-4G-CS-3
VSRX-4G-CS-3-R
lists the individual (a la carte) Sophos antivirus (S-AV) bandwidth licenses available for vSRX.
Copyright © 2017, Juniper Networks, Inc.
109
vSRX Guide for KVM
Table 31: vSRX Individual Sophos Antivirus (S-AV) Bandwidth Licenses
S-AV Licenses Model Number
10M/100M/1G/2G/4G throughput—vSRX
S-AV license (1-year or 3-year subscription).
VSRX-10M-S-AV-1
VSRX-10M-S-AV-1-R
VSRX-10M-S-AV-3
VSRX-10M-S-AV-3-R
VSRX-100M-S-AV-1
VSRX-100M-S-AV-1-R
VSRX-100M-S-AV-3
VSRX-100M-S-AV-3-R
VSRX-1G-S-AV-1
VSRX-1G-S-AV-1-R
VSRX-1G-S-AV-3
VSRX-1G-S-AV-3-R
VSRX-2G-S-AV-1
VSRX-2G-S-AV-1-R
VSRX-2G-S-AV-3
VSRX-2G-S-AV-3-R
VSRX-4G-S-AV-1
VSRX-4G-S-AV-1-R
VSRX-4G-S-AV-3
VSRX-4G-S-AV-3-R
lists the individual (a la carte) enhanced Web filtering (W-EWF) subscription licenses available for vSRX.
110 Copyright © 2017, Juniper Networks, Inc.
Chapter 6: vSRX Licensing
Table 32: vSRX Individual Enhanced Web Filtering (W-EWF) Bandwidth
Licenses
W-EWF Licenses Model Number
10M/100M/1G/2G/4G throughput—vSRX
W-EWF license (1-year or 3 year subscription).
VSRX-10M-W-EWF-1
VSRX-10M-W-EWF-1-R
VSRX-10M-W-EWF-3
VSRX-10M-W-EWF-3-R
VSRX-100M-WEWF-1
VSRX-100M-WEWF-1-R
VSRX-100M-WEWF-3
VSRX-100M-WEWF-3-R
VSRX-1G-W-EWF-1
VSRX-1G-W-EWF-1-R
VSRX-1G-W-EWF-3
VSRX-1G-W-EWF-3-R
VSRX-2G-W-EWF-1
VSRX-2G-W-EWF-1-R
VSRX-2G-W-EWF-3
VSRX-2G-W-EWF-3-R
VSRX-4G-W-EWF-1
VSRX-4G-W-EWF-1-R
VSRX-4G-W-EWF-3
VSRX-4G-W-EWF-3-R
Copyright © 2017, Juniper Networks, Inc.
111
vSRX Guide for KVM
112 Copyright © 2017, Juniper Networks, Inc.
advertisement
Related manuals
advertisement
Table of contents
- 3 Table of Contents
- 7 List of Figures
- 9 List of Tables
- 11 About the Documentation
- 11 Documentation and Release Notes
- 11 Supported Platforms
- 11 Documentation Conventions
- 13 Documentation Feedback
- 14 Requesting Technical Support
- 14 Self-Help Online Tools and Resources
- 14 Opening a Case with JTAC
- 17 Chapter 1: Overview and Requirements
- 17 Understanding vSRX with KVM
- 17 vSRX Architecture
- 18 vSRX Performance Scale Up
- 19 vSRX Benefits and Use Cases
- 19 vSRX on KVM
- 20 System Requirements for vSRX on KVM
- 20 Software Requirements
- 21 KVM Kernel Recommendations for vSRX
- 22 Additional Linux Packages for vSRX on KVM
- 22 Hardware Recommendations
- 22 Best Practices Recommendations
- 23 NUMA Nodes
- 23 PCI NIC-to-VM Mapping
- 23 Mapping Virtual Interfaces to a vSRX VM
- 24 Interface Naming and Mapping
- 26 vSRX Factory-Default Settings
- 27 Chapter 2: Installation
- 27 Preparing Your Server for vSRX Installation
- 27 Enabling Nested Virtualization
- 29 Upgrading the Linux Kernel on Ubuntu
- 29 Installing vSRX with KVM
- 29 Installing vSRX with virt-manager
- 32 Installing vSRX with virt-install
- 34 Example: Installing and Launching vSRX on Ubuntu
- 34 Requirements
- 34 Overview
- 35 Quick Configuration
- 35 Installing and Launching a vSRX VM on Ubuntu
- 37 Step by Step Configuration
- 38 Adding Virtual Networks
- 40 Verifying the Virtual Networks
- 40 Downloading and Installing the vSRX Image
- 41 Verifying the vSRX Installation
- 42 Creating a Base Configuration on the vSRX Instance
- 45 Verifying the Basic Configuration on the vSRX Instance
- 46 Loading an Initial Configuration on a vSRX with KVM
- 46 Creating a vSRX Bootstrap ISO Image
- 47 Provisioning vSRX with an ISO Bootstrap Image on KVM
- 49 Chapter 3: vSRX VM Management
- 49 Connecting to the vSRX Management Console on KVM
- 50 Adding a Virtual Network to a vSRX VM with KVM
- 52 Adding a Virtio Virtual Interface to a vSRX VM with KVM
- 53 SR-IOV and PCI Passthrough on KVM
- 55 Configuring an SR-IOV Interface on KVM
- 56 Configuring a PCI Device for PCI Passthrough on KVM
- 58 Upgrading Multicore vSRX Flavors with KVM
- 58 Gracefully Shutdown the vSRX Instance with virt-manager
- 59 Upgrading Multi-core vSRX Flavors with virt-manager
- 60 Monitoring the vSRX VM in KVM
- 61 Managing the vSRX Instance on KVM
- 61 Powering On the vSRX Instance with virt-manager
- 61 Powering On the vSRX Instance with virsh
- 61 Pausing the vSRX Instance with virt-manager
- 62 Pausing the vSRX Instance with virsh
- 62 Rebooting the vSRX Instance with virt-manager
- 62 Rebooting the vSRX Instance with virsh
- 62 Powering Off the vSRX Instance with virt-manager
- 63 Powering Off the vSRX Instance with virsh
- 63 Gracefully Shutdown the vSRX Instance with virt-manager
- 64 Gracefully Shutdown the vSRX Instance with virsh
- 64 Removing the vSRX Instance with virsh
- 65 Chapter 4: Configuration
- 65 vSRX Configuration and Management Tools
- 65 Understanding the Junos OS CLI and Junos Scripts
- 65 Understanding the J-Web Interface
- 65 Understanding Junos Space Security Director
- 66 Configuring vSRX Using the CLI
- 67 Configuring vSRX Using the J-Web Interface
- 67 Accessing the J-Web Interface and Configuring vSRX
- 70 Applying the Configuration
- 70 Managing Security Policies for Virtual Machines Using Junos Space Security Director
- 73 Chapter 5: vSRX Chassis Clusters
- 73 Chassis Cluster Overview
- 74 Chassis Cluster Provisioning on vSRX
- 75 vSRX Cluster Staging and Provisioning for KVM
- 76 Creating the Chassis Cluster Virtual Networks with virt-manager
- 76 Creating the Chassis Cluster Virtual Networks with virsh
- 78 Configuring the Control and Fabric Interfaces with virt-manager
- 78 Configuring the Control and Fabric Interfaces with virsh
- 79 Enabling Chassis Cluster Formation
- 80 Configuring Chassis Cluster Fabric Ports
- 81 Chassis Cluster Quick Setup with J-Web
- 81 Manually Configuring a Chassis Cluster with J-Web
- 86 Verifying the Chassis Cluster Configuration
- 87 Chapter 6: vSRX Licensing
- 87 vSRX Feature Licenses Overview
- 87 vSRX License Procurement and Renewal
- 88 vSRX Evaluation License
- 89 Product Evaluation License
- 89 Advanced Security Features Evaluation License
- 90 License Types
- 91 Throughput
- 91 License Duration
- 91 Individual (á la carte) Feature Licenses
- 92 Bundled Licenses
- 92 Stacking Licenses
- 92 vSRX License Keys Components
- 93 License Management Fields Summary
- 95 Managing Licenses for vSRX
- 95 vSRX Evaluation License Installation Process
- 96 Adding a New License Key with J-Web
- 97 Adding a New License Key from the CLI
- 98 Updating vSRX Licenses
- 99 Deleting a License with J-Web
- 100 Deleting a License with the CLI
- 100 License Warning Messages
- 101 vSRX License Model Numbers
- 113 Chapter 7: Junos OS Features on vSRX
- 113 vSRX Feature Considerations
- 114 SRX Series Features Not Supported on vSRX
- 121 Chapter 8: Troubleshooting
- 121 Finding the Software Serial Number for vSRX