Skip to main content

Creating Juniper VSRX 2.0 VM on Virtualbox

Juniper has come out with their latest version of VSRX 2.0 (formerly called as Firefly or VSRX 1.0). This release supports a broader set of features and is more performant than the earlier version. More details about the product can be obtained here

I had recently tried out instantiating VSRX 2.0 on Virtualbox. The process required a few minor tweaks and this blog will cover them.

  • Download VSRX KVM Applicance from Juniper Website (You need to take care of the legal formalities)
  • Virtualbox 4.3 and above
  • Download qemu-img converter for Windows 
The image provided by Juniper is in QCOW2 format. In order to use it in Virtual box you need to convert it to VDI format. To do this you can use the tool qemu-img converter as follows:
#qemu-img.exe convert media-srx-ffp-vsrx-vmdisk-15.1X49-D15.4.qcow2 -O vdi vsrx2.0-1.vdi

The conversion will take a few seconds and you should have the VDI created in the directory. At this piont, you can proceed to create a VM by following these steps:

Open VirtualBox and Create a new VM and set Type: Linux & Version: Red Hat (64 bit):

  In the next screen, set the memory to 4096 MB:

In the next screen, browse and select the VDI file created earlier as the harddisk:

Click Create. The UI will show the VM on the left hand tree. Click on it and select its settings:

In the settings go to System => Processor and set the no. of CPUs to 2, Enable PAE/NX:

Disable the Audio:

In the Network, I want the port fxp0 to be on mgmt-net and ge-0/0/0 can be on the data-net. I will most probably set my data port to Trunk mode. In order to create the mgmt-net, I have gone to File => Preferences => Networks => Host only networks and created one networks:
Virtual box Host Only Ethernet Adapter (mgmt-net )   :

Now, In the VM settings, click on network and set the Adapter 1 : Host Only Adapter --> Virtual box Host Only Ethernet Adapter (

Enable Serial Ports

Now Click Ok and Start the VM. The VSRX should start up and you should be presented with the console. By default the system comes up with the "root" user enabled without a password.

Lets say you want to SSH to your VSRX from your host. You can do the following configuration:
#Set the root password
set system root-authentication plain-text-password -- set your password

#Set management ip on fxp0
set interfaces fxp0 unit 0 family inet address

fxp0 is a special interface which provides out-of-band access to your SRX over the management plane.

Now from the host you can open putty and SSH to and proceed with further configuration.

You can also open the Web UI and configure the SRX by typing in the browser. You will be presented with the below window. The creds will be root/yourpassword to login.


Kai Krebber said…
I followed your instructions. vSRX is coming up & I can access the VM thru the fxp0-IP. However - no ge-interfaces showing up:

root> show interfaces terse ge-0/0/0
error: device ge-0/0/0 not found

Can you please share the network-section of your .vbox-file? Or do you have a suspicion, why no ge-interface is showing up?


Popular posts from this blog

QuickBite: Tap Vs Veth

Linux supports virtual networking via various artifacts such as:
Soft Switches (Linux Bridge, OpenVSwitch)Virtual Network Adapters (tun, tap, veth and a few more) In this blog, we will look at the virtual network adapters tap and veth. From a practical view point, both seem to be having the same functionality and its a bit confusing as to where to use what.

A quick definition of tap/veth is as follows:


A TAP is a simulated interface which exists only in the kernel and has no physical component associated with it. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program.

When a user space program (in our case the VM) gets attached to the tap interface it gets hold of a file descriptor, reading from which gives it the data being sent on the tap interface. Writing to the file descriptor will send …

Solved: Fix for Git clone failure due to GnuTLS recv error (-9)

My devstack installation was failing with an error reported by the GnuTLS module as shown below:

$ git clone /opt/stack/horizon --branch master
Cloning into '/opt/stack/horizon'...
remote: Counting objects: 154213, done.
remote: Compressing objects: 100% (11/11), done.
error: RPC failed; curl 56 GnuTLS recv error (-9): A TLS packet with unexpected length was received.
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed

The following Git config changes fixed the issue for me. Am hoping it will be useful for someone out there:

$ git config http.sslVerify false
$ git config --global http.postBuffer 1048576000