Clustering < yep, A/P and A/A are supported

IDP, AppSecure < not supported in 11.2, but coming

Antivirus, Antispam, web filtering, content filtering, Dynamic VPN < LSYS is only supported on high-end (SRX3k/5k, with 1400 support coming soon), and the UTM suite and Dynamic VPN are only supported on Branch (650 and below)

Site to Site VPN < not supported in 11.2, but coming; initial release will have some caveats (since it's not released yet, that's an NDA discussion that you can have with your partner or Juniper SE)

Hi bilip ,

But the only limitation mentioned at the relese notes is  "cannot eneble/disbale ALG per LSYS "

Nothing mentioned about other limitations

Hi,

My understanding of the restrictions is:

 - Can only terminate VPN's within the ROOT LSYS

 - ALG and IDP only on ROOT LSYS

 - restrictions with the use of RADIUS and TACACS per LSYS

 - restrictions with common usernames across LSYS'

 - LSYS-enabled SRX's cannot be managed by NSM or SPACE (massive issue)

 - AppSec not supported per LSYS

 - Can only support up to 30 or 32 LSYS's currently

 - LSYS0 (if you chose to use it) counts towards one of the LSYS license units

There are more I believe, however I'd have to check notes

G

Hi,

Can we do multiple deployment mode (route/transparent) in each Lsys?

Thanks,

Yohanes

What is the max. number of users in 1 LSYS?

Is there a actual no. of max session in 1 LSYS?

Can we do mixed-mode deployment (one LSYS in L2/transparent and one in L3/route)?

> Nope.

What's the max # of users per LSYS?

> You mean admin users configured in Junos, or # of sessions running through the box? I believe we currently only support a total of 32 SSH sessions, but that's not limited per LSYS (at least not yet). Max and reserved number of sessions per LSYS can be set as part of your resource allocation.

What's the actual no. of max sessions in 1 LSYS?

> If you don't set a max, then it's based on the capacity of the chassis. With no max set, one LSYS could fill up your session table and no new sessions would be available for other LSYS (unless they had reserved sessions set up in their resource reservation).