Convert Juniper zone-based firewall objects to global objects

2018/10/24 vSRX, µpdate

show configuration | display set | save /var/tmp/config.set
start shell user root
grep address-book /var/tmp/config.set | awk '{ $4=$5=$6=""; $3="address-book global"; print $0 }' >> /var/tmp/loadme
grep address-book /var/tmp/config.set | grep -v address-set | awk '{ $1 = "delete"; $NF=""; print $0; }' | uniq >> /var/tmp/loadme
grep address-book /var/tmp/config.set | grep address-set | awk '{ $1 = "delete"; $NF=$(NF-1)=""; print $0; }' | uniq >> /var/tmp/loadme
load set /var/tmp/loadme
show | compare
commit check

µpdate: Juniper vSRX 18.1R1 on Opteron 4228 HE and ESXi 6.0.0

2018/07/12 vSRX

Tonight I wasted much time on ovftool because it’s parameters are order-sensitive. FYI I think it’s alphabetic or do –help and follow that list in that order on the CLI. My final one-liner:

ovftool version 4.0.0
 /vmfs/volumes/WD_2TB_RAID5/vmware-ovftool/ovftool --acceptAllEulas -ds=WD_2TB_RAID5 --name="Ewald - vSRX01 - Olivia" --net:"VM Network"="Ewald-WAN" "https://dump.abcdef.be/work/junos-media-vsrx-x86-64-vmdisk-18.1R1.9.scsi.ova" "vi://ewald:mypass@localhost"

Then I ran into a problem where the KVM guest got into a boot-loop. I turns out Juniper rigged the KVM host with a watchdog to restart the KVM guest instances upon failure. We can suppress these ‘notifications’ however.

Use Ctrl+ALT+F2 to get a console and login using root (no password), then vi /etc/rc.local and add before the last exit line

echo 1 > /sys/module/kvm/parameters/ignore_msrs

and reboot!