09-13-2010 01:19 AM
As the last non ES is 9.3, what wil lhappen when the support will expire on this release ?
I can't find any replacement device that can be used as a regular router like a JSeries.
Is there anything planned about this ?
09-13-2010 02:29 AM
You can use any branch SRX or J-series box with JUNOS 9.6 onwards as a "router" if you put it into packet-mode (either global or selective).
However, if You are looking to do "classic JUNOS-style" services on such box (where SFW/NAT is configured under [edit services]) then I am afraid there is no equivalent software-based router substitute.
09-13-2010 02:38 AM
I asked for confirmation to the TAC and they confirmed that NAT is not supported
in this mode.
Can you confirm if NAT doesn't work at all or if you have to use firewall filters for NAT ?
I don't see much interest to use an SRX in packet mode, but for a J series it can be interesting.
Also packet mode on a jseries seems to be a default permit all policy.
Do you know another way of configuring packet mode for inet (ipv4) on a j series or srx ?
09-13-2010 11:06 AM
Using "firewall filters for NAT" has never been possible on any JUNOS.
What You can use on J-series legacy JUNOS up to 9.3R4.4 is the combination of service-filters, interface-style service-sets and NAT rules configured under [edit services nat]
These constructs (service-filters+ interface-style service-sets+NAT rules under [edit services nat]) are no longer available in JUNOS after 9.3.
You have to use JUNOS-ES-style of configuring SFW policies+NAT for subset of packets and allow the rest of it to pass in packet-mode. This is possible with JUNOS 9.6 and above where "selective packet-mode" was introduced.