Firefly Perimeter Installation on KVM

In this post, you will find a quick introduction on how you can install Firefly perimeter on KVM. I always liked CLI way of doing things and KVM is pretty nice on this.Let’s install firefly

Deploy firefly image

#bash /mnt/OS/junos-vsrx-12.1X46-D10.2-domestic.jva FF2 -i 2::host-bridge,default -s virtimages

With one line you can install the image. Below is what these options mean.

FF2:                   =  This is the name of the firefly VM. You will access the device with this name after the installation
2::host-bridge,default = This means create 2 ethernet interfaces and assign to host-bridge and default networks on KVM
virtimages:            =  This is the storage pool you have on your KVM host

After accepting the long license agreement you will have an output like below;

Extracting ...
Checking existence of VM FF2 ...
HOST = , storage = virtimages, vm_name = FF2, img = junos-vsrx-12.1X46-D10.2-domestic-1387348130/junos-vsrx-12.1X46-D10.2-domestic.img
Checking existence of storage pool virtimages ...
virtimages           active     no        
Getting storage path ...
Storage path: /mnt/volume01
SHA1(junos-vsrx-12.1X46-D10.2-domestic.img)= 9dd2390cc79b554360ec7c12e7ca63e9b781e783
-rw-r--r-- 1 17105 950 260M Dec 18 07:29 junos-vsrx-12.1X46-D10.2-domestic-1387348130/junos-vsrx-12.1X46-D10.2-domestic.img
cp junos-vsrx-12.1X46-D10.2-domestic-1387348130/junos-vsrx-12.1X46-D10.2-domestic.img /mnt/volume01/FF2.img
Checking host CPU features ...
Creating VM on the host ...
Domain FF2 defined from FF2.xml

Checking the VM ...
 -     FF2                            shut off

As you can see in the output our storage path for virtimages pool is /mnt/volume01.

[root@kvm ~]# ls /mnt/volume01/FF2.img 

and we can see that firefly image file is stored in there. Let’s start the firewall:

Start Firefly

[root@kvm ~]# virsh
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # start FF2
error: Failed to start domain FF2
error: unsupported configuration: Unable to find security driver for label selinux

If VM doesn’t start and you receive this error like I got, edit the firefly instance

virsh # edit FF2

and remove the following lines from the XML file and save it.

<seclabel type='dynamic' model='selinux' relabel='yes'/>

try once again

virsh # start FF2
Domain FF2 started

virsh # list 
 Id    Name                           State
 1     FF2                         running

and final touch by logging into console

virsh # console FF2
Connected to domain FF2
Escape character is ^]

Amnesiac (ttyd0)

login: root

--- JUNOS 12.1X46-D10.2 built 2013-12-18 02:43:42 UTC


The rest is the same like any SRX setup. Enjoy fireflying!

About: rtoodtoo

Genco has worked for more than 10 years as a Network/Support Engineer. He is also interested in Python, Linux, Security and SD-WAN, currently lives in the Netherlands and works as a Network Support Engineer at Tesla Inc. // JNCIE-SEC #223 / RHCE / PCNSE

3 thoughts on “Firefly Perimeter Installation on KVM”

  1. Hi, I am facing the below error when i execute the CLI Command to deploy firefly image
    error: Failed to define domain from FF2.xml
    error: Cannot check QEMU binary /usr/libexec/qemu-kvm: No such file or directory

You have a feedback?

This site uses Akismet to reduce spam. Learn how your comment data is processed.