Junos
Reply
pkc
Contributor
pkc
Posts: 111
Registered: ‎09-24-2008
0

jseries and non enhanced services junos version

Hi all,

 

As the last non ES is 9.3, what wil lhappen when the support will expire on this release ?

 

I can't find any replacement device that can be used as a regular router like a JSeries.

 

Is there anything planned about this ?

Distinguished Expert
aarseniev
Posts: 1,701
Registered: ‎08-21-2009
0

Re: jseries and non enhanced services junos version

Hello,

You can use any branch SRX or J-series box with JUNOS 9.6 onwards as a "router" if you put it into packet-mode (either global or selective).

However, if You are looking to do "classic JUNOS-style" services on such box (where SFW/NAT is configured under [edit services])  then I am afraid there is no equivalent software-based router substitute.

HTH

Regards

Alex

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
pkc
Contributor
pkc
Posts: 111
Registered: ‎09-24-2008
0

Re: jseries and non enhanced services junos version

I asked for confirmation to the TAC and they confirmed that NAT is not supported

in this mode.

 

Can you confirm if NAT doesn't work at all or if you have to use firewall filters for NAT ?

 

I don't see much interest to use an SRX in packet mode, but for a J series it can be interesting.

 

Also packet mode on a jseries seems to be a default permit all policy.

Do you know another way of configuring packet mode for inet (ipv4) on a j series or srx ?

Juniper Employee
justinh
Posts: 1
Registered: ‎02-11-2008
0

Re: jseries and non enhanced services junos version

In packet mode you can still add the old style "firewall filter" at the interface level which is more like the traditional ACL type filtering.

pkc
Contributor
pkc
Posts: 111
Registered: ‎09-24-2008
0

Re: jseries and non enhanced services junos version

so you can also have some NAT conbfig with firewall filters, but the syntax

is IMHO more complex than the NAT on enhanced services/srx versions.

Distinguished Expert
aarseniev
Posts: 1,701
Registered: ‎08-21-2009

Re: jseries and non enhanced services junos version

Hello,

Using "firewall filters for NAT" has never been possible on any JUNOS.

What You can use on J-series legacy JUNOS up to 9.3R4.4 is the combination of service-filters, interface-style service-sets and NAT rules configured under [edit services nat]

These constructs (service-filters+ interface-style service-sets+NAT rules under [edit services nat]) are no longer available in JUNOS after 9.3.

You have to use JUNOS-ES-style of configuring SFW policies+NAT for subset of packets and allow the rest of it to pass in packet-mode. This is possible with JUNOS 9.6 and above where "selective packet-mode" was introduced.

HTH

Rgds

Alex

 

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.