vSphere – Adding a Serial Port to a VM

KB ID 0001039 

Problem

I wanted to perform command line access to a virtual firewall on my home ESXi server, (a Juniper Firefly vSRX) via a console session. To do that I needed to add a serial port to that VM.

Solution

1. From Within the VI client > Select the ESXi Host > Configuration > Security Profile > Firewall Section > Properties.

2. Locate and enable ‘VM serial port connected over network’ > OK.

3. From the actual VM‘s properties, (right click > Edit settings) > Add > Serial Port > Next.

4. Connect via Network > Next.

5. Select ‘Server (VM listens for connection)’ > In Port URI enter telnet://{IP-of the ESX-Server}:2001 > Next.

Note: That’s the IP of the ESX server NOT the VM, here I’m using port 2001, but you can use 23 (standard telnet), or a random port above 1024.

6. Review the settings > Finish.

7. Now on a machine that has network connectivity to the ESX server > launch a telnet session to the VM (remember to use port 2001 as telnet defaults to 23!).

Here I’m using PuTTY but you can run ‘telnet {ip-address} {port}’ from a Windows client, (providing you have telnet enabled).

8. I’m in and working.

 

Related Articles, References, Credits, or External Links

NA

Juniper SRX Firewall – Allow ‘Ping’

KB ID 0000706 

Problem

I was working on an SRX100B Firewall yesterday, and needed to be able to ping the outside interface.

Solution

Note: You can quickly enable ping on a physical interface from CLI like so;

[box] set security zone security-zone trust interface ge-0/0/0 host-inbound-traffic system services ping
[/box]

1. Log into the web console of the Juniper.

2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone > Edit > Host inbound traffic – Interface > Under Interface services add in ‘ping’ > OK.

Note: To allow pinging of the inside interface select the trusted zone.

3. Then to save the change click Action > Commit.

Related Articles, References, Credits, or External Links

Original Article Written 07/11/12

 

Juniper SRX – Update the Operating System / Firmware

KB ID 0000989 

Problem

With two brand new SRX240 firewalls on the bench my first task was to get them updated to the latest operating system.

Solution

Before you start get the updated Juniper software.

Option 1 Update the SRX firewall via Command Line

1. Connect to the firewall via either Console cable, telnet, or SSH.

2. Log on and then go to CLI mode, and then configuration mode.

[box] login: root
Password: *******

— JUNOS 12.1X44-D30.4 built 2014-01-11 03:56:31 UTC

root@FW-02% cli
root@FW-02> configure
Entering configuration mode

[edit]
root@FW-02# [/box]

2. The more observant of you will have noticed that it has already shown you the OS version above, but in case there is any doubt.

[box] root@FW-02# show version
## Last changed: 2014-08-26 21:15:09 GMT
version 12.1X44-D30.4;

[edit]
root@FW-02# exit[/box]

3. I’ve always got 3CDeamon on my laptop so I’ll copy the update file over via FTP to the /var/tmp folder. (Note: We’re not at CLI or configure mode!)

[box]root@FW-02% ftp 10.5.0.2
Connected to 10.5.0.2.
220 3Com 3CDaemon FTP Server Version 2.0
Name (10.5.0.2:root): PeteLong
331 User name ok, need password
Password:********
230 User logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /var/tmp
Local directory now /cf/var/tmp
ftp> bin
200 Type set to I.
ftp> get junos-srxsme-12.1X47-D10.4-domestic.tgz
local: junos-srxsme-12.1X47-D10.4-domestic.tgz remote: junos-srxsme-12.1X47-D10.
4-domestic.tgz
200 PORT command successful.
150 File status OK ; about to open data connection
100% |**************************************************| 158 MB 00:00 ETA
226 Closing data connection; File transfer successful.
166060642 bytes
received in 64.50 seconds (2.46 MB/s)
ftp> bye
221 Service closing control connection
root@FW-02%[/box]

4. Now perform the upgrade.

[box] root@FW-02% cli
root@FW-02> request system software add no-copy /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz
NOTICE: Validating configuration against junos-srxsme-12.1X47-D10.4-domestic.tgz
.
NOTICE: Use the ‘no-validate’ option to skip this if desired.
Formatting alternate root (/dev/da0s2a)…
/dev/da0s2a: 627.4MB (1284940 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 156.86MB, 10039 blks, 20096 inodes.
super-block backups (for fsck -b #) at:
32, 321280, 642528, 963776
Extracting /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz …
Checking compatibility with configuration
Initializing…
Verified manifest signed by PackageProduction_12_1_0
Verified junos-12.1X44-D30.4-domestic signed by PackageProduction_12_1_0
Using junos-12.1X47-D10.4-domestic from /altroot/cf/packages/install-tmp/junos-1
2.1X47-D10.4-domestic
Copying package …
Verified manifest signed by PackageProduction_12_1_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
Usage: license-check -f “<features>” -m -p -q -M -u -U -V
Validation succeeded
Installing package ‘/altroot/cf/packages/install-tmp/junos-12.1X47-D10.4-domesti
c’ …
Verified junos-boot-srxsme-12.1X47-D10.4.tgz signed by PackageProduction_12_1_0
Verified junos-srxsme-12.1X47-D10.4-domestic signed by PackageProduction_12_1_0
JUNOS 12.1X47-D10.4 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING: Use the ‘request system reboot’ command
WARNING: when software installation is complete
Saving state for rollback …

root@FW-02> [/box]

5. Then reboot the firewall.

[box]

root@FW-02> request system reboot
Reboot the system ? [yes,no] (no) yes

Shutdown NOW!
[pid 2749]

root@FW-02>

*** FINAL System shutdown message from root@FW-02 ***

System going down IMMEDIATELY

[/box]

6. Post reboot, check the version again.

[box]

login: root
Password: ********

— JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC

root@FW-02% cli
root@FW-02> configure
Entering configuration mode

[edit]
root@FW-02# show version
## Last changed: 2014-08-26 21:51:09 GMT
version 12.1X47-D10.4;

[edit]
root@FW-02#

[/box]

 

Option 2 Update the SRX firewall via J-Web

1. To check the current version > Connect to the web console > Dashboard > Software Version.

2. Maintain > Software > Upload Package > Choose File > Browse to the file you downloaded earlier > Upload and Install Package.

Note: Here I have selected ‘Reboot Firewall’, in production you may NOT want to do that until later.

3. It can take a little while, (and look like nothing is happening), time for a coffee.

4. Post reboot, check the version again to make sure it has incremented.

Related Articles, References, Credits, or External Links

NA