Hello RAM - I just finished reading your post. I am sorry to hear that you have had so many problems with the Juniper SRX240 firewall. It does sound like you got a bad device and had some issues with getting your problems resolved.

You are of course entitled to your opinion. However, I must say that as a Juniper reseller I find that your problems are not at all typical. My firm has sold a ton of SRX boxes of various sizes. Yes, there have been issues with the code and there are still problems that exist with certain features and there is also still a lack of some functionality that can drive me crazy.

Perhaps the box you purchased was not sized correctly for your environment? I don't know, however, I have one customer with several hundred SRX240 units running nationwide that has never had the problems you describe.

Again, sorry to hear  you had these issues - But you are completely wrong when you state that this what a customer should expect if they purchase this (or any other SRX) device.

Anyone looking to buy an SRX should certainly feel free to contact you and hear about your very bad experiences with the single unit. I will also state that anyone looking to hear a different point of view about these boxes is welcome to contact me anytime and I will tell them both the positive and negative in regards to the SRX product line.

I am very glad to both sell, install and support this solution, regardless of the growing pains that have occured as Juniper worked through the various issues.

Dear Kevin,

Thanks for the reply

The Box which i purchsed is more then and perfectly sized for my organization

Can u asked that 100 sold guys is the customer are happy i can guarantee that they are all unhappy

i didnt bought 1 no kevin i had one head office and 32 branch offices my head office is in HA and

branch office is single units.All the boxes are like hell its dam hell and i will never ever suggest to any one

Its purely killing the time with soo many problems.Pls never suggest to any one.

for me selling a box is like a cake but  the guy who taken that cake is asking me y u had given this worst cake to me

RAM

RAM - We obviously disagree. I would recommend e-bay to sell off your boxes. Send me a private message so I can bid on them.

Thanks,

SRX supports the track IP feature.

http://www.juniper.net/us/en/community/junos/script-automation/library/event/track-ip/

I am also victim of Track IP on SRX ...

Though, JunOS Automation can handle this Track IP issue ..

But this is the longest / hardesst way of implementing it, compared to SSG

Regards

Hii Doug,

Did u ever used this script ,pls let me know if u used it in the production box.

basically the JTAC r else the ATAC will not recommend to run scripts in the JUNOS

i had 3 ISP lines in which i had 3 different group of people will use specific ISP

All this ISP lines are in failover.lets say if isp one goes down immediately the clients in that

ISP will be shifted to the other ISP.i am using the firewall filter for the interfaces and preference

options at the routing options.My ISP setup is like from ISP MUX it will come to the ISP router from

the ISP router i will connect to the SRX so till ISP router i do not have any control.

IF i am using the script which u given its working fine till the LAN interface for the ISP router

But actual failover will be behind the MUX r else from MUX to the router.the LAN interface will always be UP

as its in my side but the WAN link goes down the script  r else what u say the trackip in SRX is not working

Its working very fine with SSG coz we will mention the particlar IP lets say 4.2.2.2 in the Trackip and we are

not having like that in the script and ATAC is not recommending that so if u tried all this and if u have a

perfect solution then let me know i am glad to hear from u

RAM

I'm very aware of the use cases around track IP and how it works.  I wouldn't have made the recommendation if it didn't work.  We have major carriers and financial firms that use this in production without issue.

The only drawback is that you have to use an automation script versus a "track-ip" knob in the actual Junos configuration.  Please note this only applies to the branch SRX devices.  The high-end SRXs support this feature natively through the "ip-monitoring" knob.

http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-s...

The purpose of the automation architecture is to offer additional services and scalability that goes beyond the native features.

Pls find the attached script which i am telling u and didnt work out for me

pls let me know if any other alternate script i will try and let u know its works

RAM