09-12-2008 12:53 PM
JUNOS provides amazing capabilities for any platform that runs it. Managing the platform is the same as any other JUNOS-based. Those familiar to the JUNOS platform can use their existing skill set on the newest platform. Those not familiar with JUNOS can get started with the book "JUNOS Enterprise Routing".
The SRX provides a new configuration section “security”. In this section services such as firewall policies, NAT, and IPS services. This uses familiar ideas such as zones, screens and virtual routers from ScreenOS. For those familiar with ScreenOS can simplify the transition to JUNOS.
Solved! Go to Solution.
09-17-2008 12:56 PM
It supports IPS, see this thread
Virtual Systems aren't supported in the first release of code, dont know if this is on the roadmap.
Dont know if MPLS is supported.
09-17-2008 01:12 PM - edited 09-17-2008 01:14 PM
Not yet. Although SRX shares the common JUNOS code base, the traditional MPLS feature set requires hardware support in the PFE of a given platform. MPLS PFE support is not available for SRX. Even if the PFE were ready, we would need to figure out the implementation specifics that are required. Typically, M/T customers want to enable a stateful firewall for L3VPN customers that terminate IP traffic. Is this the functionality you are asking about?
The concept of VSYS is implemented differently in JUNOS. Logical Routers [edit logical-routers] has been in JUNOS for quite some time. It has even been enhanced with JCS to support hardware logical routers so that T-series routers can support dedicated Routing Engines for Logical Routers. However, at least for now, Logical Routers have not been adapted for the SRX platform. My guess is that changes will be required to provide equivalent VSYS functionality.
FYI - Your Juniper SE can get you all of the roadmap info. It will help better answer your question. :-)
09-17-2008 01:29 PM
Thanks for the responses! I'm interested in the ability to delegate different managment of firewalls to different department admins like I can in larger screenOS platforms.
On a side note, can the SRX support transparent mode at this point?
I'll definitely check with my SE for a roadmap.
09-17-2008 03:59 PM
You can take a look at the JUNOS with enhanced services documentation for the J-Series.
There are some differences for now (no next-gen NAT or IPS). However, you can take a look at how policies and screens are configured. My guess is that IPSEC will configure the same when supported on SRX with JUNOS 9.3.
Also, the ScreenOS to JUNOS for Security Platforms CBT is helpful. It is J-series centric but much will apply to SRX. Ultimately, we will see fewer and fewer differences.
09-17-2008 04:00 PM
Yeah, it sounds like LRs will be what you need. You just need to find out what JUNOS release will support them on the security platforms. They should be renamed to Logical Systems by the time it is supported on SRX.
No transparent mode right now. Also, L2 switching and L2 control plane is not supported right now, as it is on the MX, J, and EX-series. Beyond Transparent Mode, I expect the high GigE port density of the SRX may drive requests for logical numbered VLAN interfaces and bridge groups so that multiple GigE ports can be unnumbered and be part of the same bridge domain.
Although most of my responses today have been "roadmap", the roadmap is very strong and adds new features with a schedule that permits the aggressive testing that people come to expect from JUNOS. More important, security customers now get 4 releases per year. It's predictable and makes waiting easier when you can get new features every single quarter.