08-17-2011 04:00 AM - edited 08-17-2011 04:02 AM
We're looking for a multitenant firewall to fit in to our Cloud offering.
We’re familiar with the SRX and so are looking into the possibility of using Logical-System / LSYS in 11.2.
However what I would like to know is - Does LSYS result in the loss of any features which would normally be available on the SRX?
Specifically does LSYS support; Clustering, IDP, AppSecure, Antivirus, Antispam, web filtering, content filtering, Dynamic VPN, Site to Site VPN
Thanks in advance,
08-17-2011 06:07 AM
Clustering < yep, A/P and A/A are supported
IDP, AppSecure < not supported in 11.2, but coming
Antivirus, Antispam, web filtering, content filtering, Dynamic VPN < LSYS is only supported on high-end (SRX3k/5k, with 1400 support coming soon), and the UTM suite and Dynamic VPN are only supported on Branch (650 and below)
Site to Site VPN < not supported in 11.2, but coming; initial release will have some caveats (since it's not released yet, that's an NDA discussion that you can have with your partner or Juniper SE)
09-03-2011 04:52 PM
My understanding of the restrictions is:
- Can only terminate VPN's within the ROOT LSYS
- ALG and IDP only on ROOT LSYS
- restrictions with the use of RADIUS and TACACS per LSYS
- restrictions with common usernames across LSYS'
- LSYS-enabled SRX's cannot be managed by NSM or SPACE (massive issue)
- AppSec not supported per LSYS
- Can only support up to 30 or 32 LSYS's currently
- LSYS0 (if you chose to use it) counts towards one of the LSYS license units
There are more I believe, however I'd have to check notes
11-02-2011 03:00 AM
What is the max. number of users in 1 LSYS?
Is there a actual no. of max session in 1 LSYS?
11-02-2011 09:04 AM
Can we do mixed-mode deployment (one LSYS in L2/transparent and one in L3/route)?
What's the max # of users per LSYS?
> You mean admin users configured in Junos, or # of sessions running through the box? I believe we currently only support a total of 32 SSH sessions, but that's not limited per LSYS (at least not yet). Max and reserved number of sessions per LSYS can be set as part of your resource allocation.
What's the actual no. of max sessions in 1 LSYS?
> If you don't set a max, then it's based on the capacity of the chassis. With no max set, one LSYS could fill up your session table and no new sessions would be available for other LSYS (unless they had reserved sessions set up in their resource reservation).
11-09-2011 08:19 PM
12-28-2011 12:01 AM