Switching

Thanks for the help that I have received regarding the switch to firewall to modem setup. Can't ping Internet from R6 can ping Big I on R6

 

I wonder if anyone can tell me what to use for a Juniper firewall instead of my J2350 in this same senario? Instead of using the J2350 in my lab, I would like to get something that would go in-between my cable modem and my EX2200-c switch doing the Router-on-a-Stick just like in my other question, but offer firewall services as well.  So the Juniper firewall (maybe an SRX or a SSG?????) would have to be capable of the Router part of the Router-on-a-stick (the subinterfaces or logical units with individual gateways corresponding to each VLAN on the switch), also it might have to be capable of serving the WAN part of the Cable Modem as the Cable Modem might have to be put in bridged mode, and capable of doing the protection stuff like firewall and viruses, etc. 

 

So, as you can see, this might be a lot for one device, or maybe not.

 

Does the SRX or the SSG do these things?  What is the difference between the SRX and the SSG series?  Is there another model of Juniper that would be better in this spot?

 

THANKS VERY MUCH

 

robin hood

Hi

I would suggest going for an SRX series device. If it is for home use a 220 or an 210 will be fine!
Srx is running junos Just like the J series.

Ssg is more of a firewall then a router.... It runs screenos cli is different then the cli of a Junos device.
If you are familiair with Junos already Stick with it 🙂 ssg is not Juniper developed it has been bought 🙂


Hope this helps a bit

Sorry to ask another question, I really appreciate your response. That really helps.

 

I just want to verify. The SRX will do the Router-on-a-stick just like I did on my J2350?

 

Also, if I do this for a small business which model of the SRX would you recommend.  They have two departments which need to be separated but both have Internet Access. I want to do it in my lab first, but then I may do it at this business also.  I have done other work for them and I think they sorely need to upgrade past their cheap network equipment.

 

THANKS

 

robin hood

 

 

These are really questions you should be asking either the Juniper partner you (or your client) would purchase Juniper equipment through, or else your local Juniper sales team.  SRX is really a replacement for J, with added ability to be a full stateful FW with UTM (anti-virus, anti-spam, etc.), IDP, etc. capability.  Since SRX runs Junos, it can be a Router like any other Juniper product, and can actually be configured to run in packet mode, that is by-passing FW engine.

 

One thing to note is that there will be a large number of product changes coming before or at least by the end of 2015.  Much of this is being driven by the EU/EC due to their new RoHS2 (google it) requirements.  Your Juniper partner or rep can discuss these changes which could very well affect any buying decisions for certain models, etc.

 

Nice information, thanks rccpgm and MarkTB!

 

I am now excited to get my own SRX for my lab.

 

It sounds like I can really do a lot with it!

 

VERY MUCH APPRECIATED.

 

Also, I think for this small business that really has no security requirements legally, an current SRX is probably going to be way beyond with the UTM. 

There is a yearly subscription cost to the UTM, right? If I buy one from Amazon I can still sign up my client for that, right?

 

THANKS,

robin hood

Yes UTM is a yearly subscription based license.  Amazon sells Juniper SRXs?

Yes.

 

What are the advantages to me and a client of going through a reseller?  Aren't they just more expensive? This is what I have kind of picked up. I could be wrong.

 

 

SRX210HE

 

SRX240H2

 

Thanks very much, I appreciate you staying with me on this, I really like Juniper junos (I am a linux guy and have done open source projects) so FreeBSD is nice to work on.  I would like to get deeper into supporting Juniper for clients.

 

robin hood

Actualy Juniper does not sell any equipment direct; everything goes through some for of reseller.  Be it a Value Add (VAR) Reseller or someone like Amazon or CDW.  Juniper partner information can be found here:

 

http://www.juniper.net/us/en/partners/

 

Amazon is really not a certfied Juniper partner, I believe; they are just a warehouse.  Looking at their site, I see this equipment is sold through some comapny called Beccela's?

 

One advantage of using a certfied Juniper partner is that you would always get new and latest and greatest product.  For example the SRXHE, has been replaced by SRXHE2 some time ago.  There appears to be 2 of the SRXHE2 available on Amazon, again through Beccela's, at basically same cost. As for the SRXHE no idea if this is new unused product that has just been sitting someplace for a long time.

 

Another is if, just for example, the SRXHE2 was being replaced in say 3 or 6 months with a new Juniper product, you will not find that info from anyone just selling hardware via the web.  These web item could [maybe?] in some cases not be Juniper certified, called Gray market, and for which anyone who purcheses such items can then not be able to purchase a Juniper support contract for the item.

 

It is sort of like buying a car.  You can purchase them from a dealer (new or used) with some of warrenty or you can purchase something potentially cheaper via the web and then hope and pray.   Big question is how much worth is there in saving a $100 or even $200 on something that if it breaks, could take down your entire network for hours/days.  It is all about risk mitigation.  Networks are now so critical to every type of business, it is worth it to go cheaper?  I'd say not allows!

Thanks for the reply rccpgm. So are you saying that when you buy through an authorized reseller you are getting a warrantee. How long is this warrantee?  Is it more than a one year standard manufacturer's warrantee?

 

Do you actually get a longer warrantee because you pay that extra 1 or 2 hundred dollars?

 

I have seen that some of the ads on both amazon and ebay say that 'this is a brand new item that still has the warrantee'.  So it seems to me that if it is actually new, you get the standard warrantee.  Then the quesion becomes, can you get a support contract (like you already said above). So I bought a Switch (EX2200-c) through Amazon and then called Juniper and registered it and then was able to get the updated junos versions (for any device) and I wonder if I could get a support contract as well?  And I wonder if I could afford it if I could get it.  I did have one government client who had full Juniper support contracts and my feeling was that it was quite expensive.  Are there tiers of support?  Does it depend on how many items you have. Do they make it attractive by giving you a break the more you get?  Or is it just a flat rate for each device?  Like I said in another post. I called a reseller for Juniper to buy some J2350 bracket ears and they never emailed me or called me back, probably because my order would be too small for them to worry about. I don't know I could be wrong, but it definately did not give me the feeling of wanting to ever call them back. They were called DATEC or something like that and they were one of only a few resellers in the Seattle area.

 

For the small business owner, many times they feel that it is most cost effective to only pay for things when they actuall break.  This is extreamly common in small business. Small business owners almost never want to pay for yearly support just in case something goes wrong. There are many examples of this all around, but one such example is how they don't want to pay me to maintain things, but only call me when they have been cornered and they have to be rescued.

 

It is a economy of scale situation. The bigger corporations and large businesses have some much more scale they can and need to carry 'just in case' insurance. It would be nice if we all could work on that level, but many of us do not. I think Juniper wants to get more of the small business market, is that right?  I think I have seen and heard many signs and mentions of this shift in Juniper's focus. 

 

Just as in the car example above (thanks for making it very clear and more enjoyable with a good example!) the car companies know that it costs lots of money doing research and development for Racing, for instance at the Formula 1 level, but when they have a break through in technology by testing and using it in racing, and then they can sell more cars to the millions of individual buyers because they are the first to put this technology on their street-consumer level cars (or to appear to put the technology on the car in a better way) they do it because this is the real reason they support racing in the first place. This reason is more primary than the excitement of having the best technology in the world. They know this is where the money really is, it is nice to have the big boy contracts, but when you have a product bought by many more thousands or millions of people, then its much more profitiable. I have read that Cisco has made things more affordable and scalable to the smaller concerns, and that in part was due to the compitition created by Juniper. I think this sort of shift goes back and forth.

 

Can you share any further thoughts on this, and what it means for me, a very small business supporting very small businesses?

 

THANKS,

robin hood

So are you saying that when you buy through an authorized reseller you are getting a warrantee. How long is this warrantee?  Is it more than a one year standard manufacturer's warrantee?

 

=> If you purchase new, then and only then, would you get standard Juniper warranty, which varies by product, but I believe is generally 1 year.  Plus you then have option to purchase service contact on top of warranty as well as for future years of service support.  It should be noted that all warranty is factory-return, repair and then customer return (could take up tp 20 days I believe), NOT advanced replacement.  Also Juniper offers Limited Lifetime Warrenty (factory repair) on most EX switches, so maybe you end user does not need a support contract, if they can live with the potential situation of an equipment return.  See:

 

https://www.juniper.net/support/warranty/990235.pdf

 

Do you actually get a longer warrantee because you pay that extra 1 or 2 hundred dollars?

 

=> No, but warranty you would get from Amazon purchase you'd have to check if any.  If you provide me S/N of device I could tell you warranty status.  Juniper tracks everything by S/N, so knowing S/N is very important.

 

Sorry to hear about your experience, but if you want me to find you a reseller in Seatle area I will.  I also "guess" you are not the end user purchaser, but instead are working as a consultant for some [number] of end users?  I would suggest you have the end-user contact Juniper or you do so on their behalf.  I would agree that for a partner to concerned about a single switch support contract is now really worthwhile to them, especially if there is litte opportunity for additional future business.  They are in business to make money as well.  Yes Juniper offers discounts on support for larger numbers and long years.  Only a certified Juniper partner can provide you end user pricing.

 

I found it funny you spoke about Cisco in your reply.  I have never heard Cisco and "price competive" generally used together -;)

 

If you want to consider network gear, like you would a home-office printer, then I would suggest yes that maybe someone like HP is potentially a better option.  I believe HP warranty is same as Juniper Limited Lifetime Warranty.

 

Hope this helps.  BTW, depending on quantity and years of support, yearly support for EX2200 should generally be somewhere less than $100 per switch and even much lower.