Management
Reply
Super Contributor
tbehrens
Posts: 349
Registered: ‎04-30-2010
0

SPACE 11.4, security design

SPACE 11.4 is out, and with it the new and revamped Security Design. First impression is favorable: This moves away from the too-abstract model that SD used before.

 

I had to uninstall and then reinstall SD, as an upgrade from SD 11.1 left me with a version mismatch error. This is not a great loss, as the old SD was so very much unlike the new SD that I do not expect that anything meaningful would have carried over, anyway. A clean slate suits me just as well.

 

That said, I haven't gone and tried to use it in anger, yet. That will come when I have lab time, likely early February. In the meantime, feel free to use this thread to share your experiences with the newly born SD.

 

Trusted Contributor
ttl_expired
Posts: 440
Registered: ‎11-11-2008
0

Re: SPACE 11.4, security design

Just launched the new SD in the lab.  Impressions so far:

 

- Importing a device is poor

    - The XML configlet does not work ( caused a crash loop on my SRX-100)

    - Had to manually add the lines that the configlet wanted to use ( The stanza's werent even right anyway.)

 

- Once i had my SRX in there it seems ok.  Creating security policies and Nat are made in a nice screen kinda of like NSM was.

 

- Making changes other then security rules or nat to the device via space has a LONG way to go.  Basicly they just list all the options in a list.  If you know the CLI you can hack you way through making changes to the parts you need but its unuasble to someone who is new to the platform.

 

Il update later as I play with it more

 

Thanks for starting the thread!

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: SPACE 11.4, security design

**bleep**. And I thought they would have learned something from the NSM disaster. How very disappoiting to read this.

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
ttl_expired
Posts: 440
Registered: ‎11-11-2008
0

Re: SPACE 11.4, security design

In Juniper's defense they do state it wont be ready for production until 12.1 but I dont see them making that big of a change in one version release.

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: SPACE 11.4, security design


Magraw wrote:

In Juniper's defense they do state it wont be ready for production until 12.1 but I dont see them making that big of a change in one version release.


Still.... After the disaster with NSM I really wonder why they release something that is obvisouly not even close to being finished. This doesn't even deserve a "beta" stamp. At best, this is pre-alpha. Not exactly what I would present to a broad audience.

 

This still seems VERY far away which means we need to live much longer with NSM.

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
ttl_expired
Posts: 440
Registered: ‎11-11-2008
0

Re: SPACE 11.4, security design

Haha.  I feel your pain there.

Contributor
ed_gpc
Posts: 196
Registered: ‎09-21-2010
0

Re: SPACE 11.4, security design

I'm not sure what your issue was with importing devices, it's working fine for me....

Trusted Contributor
ttl_expired
Posts: 440
Registered: ‎11-11-2008
0

Re: SPACE 11.4, security design

Did you use the configlet?

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: SPACE 11.4, security design

So what are your impressions so far guys? Is it worth the time to install and check it out? Is it ready to really do something with it yet?

 

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Regular Visitor
TiFFolkINline
Posts: 6
Registered: ‎12-08-2010
0

Re: SPACE 11.4, security design

We have installed it and trying to manage SRX device.

 

What Space managed to do (and what I liked :smileyvery-happy: ) is to configure 3 SRX in hub-n-spoke multipoint topology with nat/dynamic ip support. That was nice and I like it. It can help not well qualified customers in deployment of new VPN services.

 

Still we coulndn't determine if it is possible to manage SRX from the ground: create zones and manage ALG, also couldn't find anything about cluster management. 

 

Have seen that is can manage even QFX with port templates (FC too).

 

But anyway it is too childish, it would be better if Space has more striaght and serious interface. CIO and VIP's would not understand that the icon with "fireplace and a RJ45 jeck "  means NAT config or that the Spy icon is VPN config! Could that cost 1M$?)) Ha-ha --

No.

 

10-15K$ -- yes.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.