11.1.2. Firewall Instance Operation

The Firewall instance operation items executable on the control panel are outlined in this section. As shown below, a desired instance operation can be selected form the pull-down menu.

ファイアウォールインスタンスリスト

Edit Your Firewall

A customer can edit names and descriptions of Firewall and Firewall interface.

Editing Firewall interface

A customer can edit the connection-destination logical network and static IP address of Firewall.

Setting an allowed address pair

A customer can edit an address pair which is assigned to the interface of Firewall.

Reset the Password

A customer can reset the password of root which is used for access to Firewall.

Starting Firewall

A customer can start a Firewall instance.

Stopping Firewall

A customer can stop a Firewall instance.

Restarting Firewall

A customer can restart a Firewall instance.

Console

A customer can connect a console to Firewall.

Delete Your Firewall

A customer can delete a Firewall instance.

Note

  • The vSRX user whose password is to be reset is only root.

  • Firewall start or restart takes 20 to 30 minutes to complete. Keep the time in mind when estimating the workload.

Detail descriptions are provided below about Firewall edit, Firewall interface edit, setting of an allowed address par, and console.

11.1.2.1. Edit Your Firewall

Open the edit screen of the Firewall to be edited, and specify the name and description of the Firewall on the details tab.

ファイアウォールメタデータ編集

Name

Specify the name of the Firewall.

Description

Specify the description of the Firewall.

Next, on the interface tab, specify the name of the Firewall interface.

ファイアウォールメタデータ編集(インターフェイス)

11.1.2.2. Editing Firewall interface

Open the interface tab to be edited, check the checkbox for “Edit this interface”, and then specify a connection-destination logical network and static IP address.

ファイアウォールインターフェイス編集(インターフェイス)

Edit this interface

Check the checkbox to edit.

Logical Network

Specify a connection-destination logical network.

Static IP address

Specify a static IP address to be assigned to the interface.

Note

  • To edit the interface, be sure to check the checkbox for “Edit this interface”. If the checkbox is not checked, the changes are not reflected.

  • Firewall interface edit takes 15 to 20 minutes to complete. Keep the time in mind when estimating the workload.

  • If connections with the same logical network have already been made or duplication occurs on the network address of the logical network, execution of the edit results in an error. Be careful not to enter a duplicate address.

  • When editing Firewall interface, be sure to enter a static IP address.

11.1.2.3. Editing an allowed address pair

Open the interface tab to be edited, and then specify an allowed address pair.

許可されたアドレスペア編集(インターフェイス)

IP Address

It is possible to specify the IP address of an allowed address pair to be assigned to the interface.

Type

As the type of an allowed address pair to be assigned to the interface, select “VRRP” or “No specification (指定しない)”.

MAC Address

It is possible to specify the MAC address of an allowed address pair to be assigned to the interface.

VRID

If “VRRP” has been specified as the type, VRID can be specified.

Note

  • Regarding the address pair allowed, the upper limit number per interface is 1.

  • VRRP settings must be made for each Firewall (vSRX) which is a VRRP constituent.

  • To actually perform communications using VRRP, this setting must be followed by VRRP settings through vSRX portal/API/CLI.

  • vSRX needs to be restarted if having logged in vSRX and made VRRP settings before registering communication settings for VRRP from the customer portal.

  • For the vSRX settings, refer to ‘vSRX guide <https://www.juniper.net/documentation/en_US/release-independent/vsrx/information-products/pathway-pages/index.html>’_. `

11.1.2.4. Console

Opening the console makes the screen below appear.

コンソール

Note

  • “Send Ctrl + Alt + Del” shown at the top right of the screen does not function. To restart, use “Reboot Firewall (vSRX)”.