I wanted to perform command line access to a virtual firewall on my home ESXi server, (a Juniper Firefly vSRX) via a console session. To do that I needed to add a serial port to that VM.
Solution
1. From Within the VI client > Select the ESXi Host > Configuration > Security Profile > Firewall Section > Properties.
2. Locate and enable ‘VM serial port connected over network’ > OK.
3. From the actual VM‘s properties, (right click > Edit settings) > Add > Serial Port > Next.
4. Connect via Network > Next.
5. Select ‘Server (VM listens for connection)’ > In Port URI enter telnet://{IP-of the ESX-Server}:2001 > Next.
Note: That’s the IP of the ESX server NOT the VM, here I’m using port 2001, but you can use 23 (standard telnet), or a random port above 1024.
6. Review the settings > Finish.
7. Now on a machine that has network connectivity to the ESX server > launch a telnet session to the VM (remember to use port 2001 as telnet defaults to 23!).
Here I’m using PuTTY but you can run ‘telnet {ip-address} {port}’ from a Windows client, (providing you have telnet enabled).
8. I’m in and working.
Related Articles, References, Credits, or External Links
I was working on an SRX100B Firewall yesterday, and needed to be able to ping the outside interface.
Solution
Note: You can quickly enable ping on a physical interface from CLI like so;
[box] set security zone security-zone trust interface ge-0/0/0 host-inbound-traffic system services ping
[/box]
1. Log into the web console of the Juniper.
2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone > Edit > Host inbound traffic – Interface > Under Interface services add in ‘ping’ > OK.
Note: To allow pinging of the inside interface select the trusted zone.
3. Then to save the change click Action > Commit.
Related Articles, References, Credits, or External Links
2. The more observant of you will have noticed that it has already shown you the OS version above, but in case there is any doubt.
[box] root@FW-02# show version
## Last changed: 2014-08-26 21:15:09 GMT version 12.1X44-D30.4;
[edit]
root@FW-02# exit[/box]
3. I’ve always got 3CDeamon on my laptop so I’ll copy the update file over via FTP to the /var/tmp folder. (Note: We’re not at CLI or configure mode!)
[box]root@FW-02% ftp 10.5.0.2
Connected to 10.5.0.2.
220 3Com 3CDaemon FTP Server Version 2.0
Name (10.5.0.2:root): PeteLong
331 User name ok, need password
Password:********
230 User logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> lcd /var/tmp
Local directory now /cf/var/tmp
ftp> bin
200 Type set to I.
ftp> get junos-srxsme-12.1X47-D10.4-domestic.tgz
local: junos-srxsme-12.1X47-D10.4-domestic.tgz remote: junos-srxsme-12.1X47-D10.
4-domestic.tgz
200 PORT command successful.
150 File status OK ; about to open data connection
100% |**************************************************| 158 MB 00:00 ETA
226 Closing data connection; File transfer successful.
166060642 bytes
received in 64.50 seconds (2.46 MB/s)
ftp> bye
221 Service closing control connection
root@FW-02%[/box]
4. Now perform the upgrade.
[box] root@FW-02% cli
root@FW-02> request system software add no-copy /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz
NOTICE: Validating configuration against junos-srxsme-12.1X47-D10.4-domestic.tgz
.
NOTICE: Use the ‘no-validate’ option to skip this if desired.
Formatting alternate root (/dev/da0s2a)…
/dev/da0s2a: 627.4MB (1284940 sectors) block size 16384, fragment size 2048
using 4 cylinder groups of 156.86MB, 10039 blks, 20096 inodes.
super-block backups (for fsck -b #) at:
32, 321280, 642528, 963776
Extracting /var/tmp/junos-srxsme-12.1X47-D10.4-domestic.tgz …
Checking compatibility with configuration
Initializing…
Verified manifest signed by PackageProduction_12_1_0
Verified junos-12.1X44-D30.4-domestic signed by PackageProduction_12_1_0
Using junos-12.1X47-D10.4-domestic from /altroot/cf/packages/install-tmp/junos-1
2.1X47-D10.4-domestic
Copying package …
Verified manifest signed by PackageProduction_12_1_0
Hardware Database regeneration succeeded
Validating against /config/juniper.conf.gz
Usage: license-check -f “<features>” -m -p -q -M -u -U -V
Validation succeeded
Installing package ‘/altroot/cf/packages/install-tmp/junos-12.1X47-D10.4-domesti
c’ …
Verified junos-boot-srxsme-12.1X47-D10.4.tgz signed by PackageProduction_12_1_0
Verified junos-srxsme-12.1X47-D10.4-domestic signed by PackageProduction_12_1_0
JUNOS 12.1X47-D10.4 will become active at next reboot
WARNING: A reboot is required to load this software correctly
WARNING: Use the ‘request system reboot’ command
WARNING: when software installation is complete
Saving state for rollback …
root@FW-02> [/box]
5. Then reboot the firewall.
[box]
root@FW-02> request system reboot
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 2749]
root@FW-02>
*** FINAL System shutdown message from root@FW-02 ***
System going down IMMEDIATELY
[/box]
6. Post reboot, check the version again.
[box]
login: root
Password: ********
— JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC