11.1.1. Firewall Instance Application

First, on the Control Panel, select “Network”, “Firewall”, “vSRX” in the order and execute Firewall creation.

ファイアウォールの作成

On the details tab, specify detail information for the Firewall to be created.

作成するファイアウォールの設定

Name

Name of the Firewall

Description

Use the Firewall

Firewall Plans

From the list, select the plan of the Firewall to be created. The following items are shown for the plan: product type, product version, number of CPUs, memory, number of interfaces, and license type.

Zone / Group

Select a zone and group for firewall creation. For firewall group creation, specifying a zone and group is recommended. If not specified, the firewall is created in terms of either zone/group “a” or “b”.

Next, on the interface tab, specify interface-relating information for the Firewall to be created.
ファイアウォールのインターフェイス設定

Name of interface

Name of the interface of the Firewall

Logical Network

Logical network of the connection destination

IP Address

IP address to be assigned to the interface

Default Gateways

Default gateway of the Firewall

Note

  • Firewall creation takes 20 to 30 minutes to complete. Keep the time in mind when estimating the workload.

  • The default gateway needs to be set only at the time of the initial settings and is to be set with “Firewall (vSRX) creation” on customer portal/API. Change and deletion of the default gateway are to be executed through vSRX portal/API/CLI.

  • When the Firewall is created, the interface (ge-0/0/0.0) has been set to a trust zone. After the creation, the customer is expected to change the setting through vSRX portal/API/CLI, in accordance with their design.

  • Except when the Firewall is created, IP address setting to the Firewall (vSRX) through the customer portal/API is not made. Therefore, change the setting through vSRX portal/API/CLI, based on the design of the customer.

  • The IP address specified with this parameter serves for the access point to the portal/API/CLI of vSRX.

  • The logical network and subnet for Firewall (vSRX) connections must have been created beforehand.

  • No connections are made with logical network “storage plane”. Connections are made only with logical network “data plane”.

Execution of Firewall creation causes the password as below to be shown. This password is needed to log into vSRX when making various settings for Firewall, so keep it very carefully.

ファイアウォールのパスワード設定

Note

  • The created vSRX user is only root.