SRX Services Gateway
Reply
Juniper Employee
JUNOSRob
Posts: 50
Registered: ‎09-10-2008
0
Accepted Solution

JUNOS on SRX

JUNOS provides amazing capabilities for any platform that runs it. Managing the platform is the same as any other JUNOS-based. Those familiar to the JUNOS platform can use their existing skill set on the newest platform. Those not familiar with JUNOS can get started with the book "JUNOS Enterprise Routing".


The SRX provides a new configuration section “security”. In this section services such as firewall policies, NAT, and IPS services. This uses familiar ideas such as zones, screens and virtual routers from ScreenOS. For those familiar with ScreenOS can simplify the transition to JUNOS.

Visitor
SR-71
Posts: 2
Registered: ‎09-16-2008
0

Re: JUNOS on SRX

Can you give me a pointer to configuration security section manual ?

 

Thanks in advance

 

*am*

Juniper Employee
JUNOSRob
Posts: 50
Registered: ‎09-10-2008
0

Re: JUNOS on SRX

The official documentation has not been posted yet. As soon as it is I will add the link here.
New User
Bradmatic
Posts: 2
Registered: ‎09-17-2008
0

Re: JUNOS on SRX

Is this going to support Virtual Systems and MPLS for firewall and IPS features?
Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008
0

Re: JUNOS on SRX

Hi,

 

It supports IPS, see this thread 

 

http://forums.juniper.net/jnet/board/message?board.id=srx&thread.id=3

 

Virtual Systems aren't supported in the first release of code, dont know if this is on the roadmap.

 

Dont know if MPLS is supported.

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Juniper Employee
Billgraham
Posts: 5
Registered: ‎07-23-2008

Re: JUNOS on SRX

[ Edited ]

Not yet.  Although SRX shares the common JUNOS code base, the traditional MPLS feature set requires hardware support in the PFE of a given platform.  MPLS PFE support is not available for SRX.  Even if the PFE were ready, we would need to figure out the implementation specifics that are required.  Typically, M/T customers want to enable a stateful firewall for L3VPN customers that terminate IP traffic.  Is this the functionality you are asking about?  

 

The concept of VSYS is implemented differently in JUNOS.  Logical Routers [edit logical-routers] has been in JUNOS for quite some time.  It has even been enhanced with JCS to support hardware logical routers so that T-series routers can support dedicated Routing Engines for Logical Routers.  However, at least for now, Logical Routers have not been adapted for the SRX platform.  My guess is that changes will be required to provide equivalent VSYS functionality.

 

FYI - Your Juniper SE can get you all of the roadmap info.  It will help better answer your question. :-) 

  

Message Edited by jnprbill on 09-17-2008 01:14 PM
New User
Bradmatic
Posts: 2
Registered: ‎09-17-2008

Re: JUNOS on SRX

Thanks for the responses!  I'm interested in the ability to delegate different managment of firewalls to different department admins like I can in larger screenOS platforms.

 

On a side note, can the SRX support transparent mode at this point?  

 

I'll definitely check with my SE for a roadmap.

 

Thanks much! 

Juniper Employee
Billgraham
Posts: 5
Registered: ‎07-23-2008

Re: JUNOS on SRX

You can take a look at the JUNOS with enhanced services documentation for the J-Series.  

 

http://www.juniper.net/techpubs/software/junos-es/junos-es92/index.html

 

There are some differences for now (no next-gen NAT or IPS).  However, you can take a look at how policies and screens are configured.  My guess is that IPSEC will configure the same when supported on SRX with JUNOS 9.3.

 

Also, the ScreenOS to JUNOS for Security Platforms CBT is helpful.  It is J-series centric but much will apply to SRX.  Ultimately, we will see fewer and fewer differences.

 

http://www.juniper.net/training/elearning/junos_security.html 

Juniper Employee
Billgraham
Posts: 5
Registered: ‎07-23-2008

Re: JUNOS on SRX

Yeah, it sounds like LRs will be what you need.  You just need to find out what JUNOS release will support them on the security platforms.  They should be renamed to Logical Systems by the time it is supported on SRX.

 

No transparent mode right now.  Also, L2 switching and L2 control plane is not supported right now, as it is on the MX, J, and EX-series.  Beyond Transparent Mode, I expect the high GigE port density of the SRX may drive requests for logical numbered VLAN interfaces and bridge groups so that multiple GigE ports can be unnumbered and be part of the same bridge domain.

 

Although most of my responses today have been "roadmap", the roadmap is very strong and adds new features with a schedule that permits the aggressive testing that people come to expect from JUNOS.   More important, security customers now get 4 releases per year.  It's predictable and makes waiting easier when you can get new features every single quarter.  

Regular Visitor
nahrux
Posts: 6
Registered: ‎03-09-2008
0

Re: JUNOS on SRX

Hi

 

Does SRX supports content filtering, L4 load balancing.

 

Regards

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.