SRX Services Gateway
Reply
Contributor
mulhollandm
Posts: 66
Registered: ‎01-14-2008
0
Accepted Solution

JUNOS beginners guide and SRX1400

folks

 

my company is buying a couple of srx1400s to act as application firewalls, something like the citrix netscaler

 

i'm new to junos so i'm looking to start from the beginning and need some advice on the best way forward so i have a few questions

 

- can someone recommend a juniper guide for junos (cli and gui)

 

- can i run the same version of junos used on the srx1400 in gns3?

 

- what version of junos should i be looking at

 

thanks to anyone taking the time to reply

Distinguished Expert
spuluka
Posts: 2,562
Registered: ‎03-30-2009
0

Re: JUNOS beginners guide and SRX1400

- can someone recommend a juniper guide for junos (cli and gui)


A good place are the "Day One" books.

http://forums.juniper.net/t5/Day-One-Books/Day-One-Book-Deploying-SRX-Series-Services-Gateways/ba-p/...

http://forums.juniper.net/t5/Day-One-Books/Day-One-Book-Configuring-SRX-Series-with-J-Web-NEW-EDITIO...

There are training materials, lessons and labs posted on the "Fast Track" portal.  The Security "SEC" series is what applies to the SRX.
https://learningportal.juniper.net/juniper/user_fasttrack_home.aspx

- can i run the same version of junos used on the srx1400 in gns3?


Not exactly, there are a number of basic functions that work fine in gns3 but a number also do not work.  Essentially anything that relies on hardware for implementation does not function in this virtual environment.


- what version of junos should i be looking at


JTAC maintains a recommendation kb for versions by platform.  These are considered the most stable version for production.  But any release will be supported for calls if you need features in the newer releases.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21476

Steve Puluka BSEET
Juniper Ambassador
Senior Network Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Distinguished Expert
muttbarker
Posts: 2,363
Registered: ‎01-29-2008
0

Re: JUNOS beginners guide and SRX1400

Well I would recommend starting with the Juniper Day One guides.

 

http://forums.juniper.net/t5/Day-One-Books/bg-p/Day1Books

 

Exploring the Junos CLI

ConfiguringJunos Basics

Junos Monitoring & Troubleshooting

Configuring SRX wtih JWeb

Deploying SRX Gateways

 

To go deeper I would also recommend the O'Reilly book Junos Security which is a great reference manual.

 

As for the OS I always like to look at the Juniper recommend release page:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21476&smlogin=true

 

From there Icheck the release notes and decide if I need to go above the recommended release for a particular customer issue.

 

Can't comment on running on gns3 but I would think so.

 

Hope this is helpful.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: JUNOS beginners guide and SRX1400


mulhollandm wrote:

 

my company is buying a couple of srx1400s to act as application firewalls, something like the citrix netscaler


At the risk of sounding a bit... negative... let me just start by saying, "I hope not..."

 

Comparing the SRX1400 to the Citrix NetScaler is kind of like comparing a bicycle to a golf club -- they really have little to no similiarity between them.  An "Application Firewall" and an "Application Delivery Appliance" are very different animals.

 

The NetScaler is an application delivery appliance, that means it's built for application acceleration, content switching, SSL acceleration, and load balancing.  You won't find that functionality in a SRX appliance, the SRX is a security gateway -- it's a firewall, IPS/UTM, and optionally application-aware firewall (but that does not mean it's an application delivery platform.)  The NetScaler can be more appropriately compared to F5 BigIP, Brocade ServerIron ADX, Radware, Cisco ACE or ADC (yikes!), Barracuda Load Balancer, and others that are out there.

 

If you're looking to do what you can do with a NetScaler with an SRX, you're probably not going to be too happy with the results.

 

Now, if you're buying the SRX1400 as a security applicance, then great... on to your other questions.

 


- can someone recommend a juniper guide for junos (cli and gui)


Your best bet is to start with the Fast Track program.  It's free, and is a very good way to start learning the basics of Junos and the SRX platform.  I actually started there when I got my first SRX devices, and just look at me now!  LOL, Ok.. maybe not the best example.

 


- can i run the same version of junos used on the srx1400 in gns3?


I have no idea on this one... the stuff I've seen for gns3 was all based around rather old versions of Junos, and I think they were router versions so you won't have any of the security features available, which would make it kind of pointless.  Perhaps with an adequate level of hacking and perseverance you can get a more modern Junos to work, but I've never tried.  An SRX100 is pretty affordable, and is a great testbed for learning Junos.  Probably save you a lot of headaches trying to get Junos to run in an emulated mode.  The SRX100 isn't exactly like the 1400, as the 1400 has a different hardware architecture and there are some differences, but for the most part, the SRX100 will give you 90% or 95% the same experience as far as how Junos works, how to build out and configure your systems, and even features.

 


- what version of junos should i be looking at

This question gets asked a lot here, you can find plenty of other threads that discuss this and make your decision based on information you find, but, as a basic starting point, you've got a few choices:

Junos 10.4R8.5 -- the current recommended version by JTAC.  Note that 10.4 does not support clustering on the SRX1400, so if you plan to run your SRX1400s as a cluster, then you will need 11.1 or higher.  Various improvements were made in 11.2 and 11.4, and there have also been some reports around the forums about problems with 11.2.  I would recommend you go through the release notes for the major versions and find what features are most important to you.  11.4 has some great features, and reports seem to be that it's pretty stable, but everything is going to depend on your particular environment.  11.4 is still at the R1 stage, which historically has been only for the brave of heart and strong of patience, but Juniper tends to play the "but REALLY, we know we've said this 14 times before, but REALLY, this time, this one really is BETTER!" card...

 

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Contributor
mulhollandm
Posts: 66
Registered: ‎01-14-2008
0

Re: JUNOS beginners guide and SRX1400

folks

 

many thanks for your replies, they are all greatly appreciated and all exactly what i wanted

 

i've downloaded the recommended workbooks and will have a look at them asap

 

gns3 looks unlikely so i'll wait for the hardware

 

i have a jncia-fwv but i suspect i'll look at the fast track and try to move onto jno-101 as a starter

 

i've tried to logon with my credentials but its not working nor is it responding to my password request but i'll perservere

 

re: the netscaler, the srx is being bought to act as a layer 7 gateway to inspect sql and http traffic passing through - hopefully its up to the job

 

i'm also hoping it will replace my existing ISG2000s as our core firewalls

 

thanks to you all again

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.