12-16-2011 12:36 PM
My 2 cents as a Juniper Reseller.
At the end of the day I have seen that properly configuring the units will go a long way. Dont trust JTAC to setup your config for you. Many times I go in a site only to clean up a mess that JTAC has made. Keep in mind its hard to configure something remotely when you dont see the big picture of the setup.
for example if sysloging on the box is filling up the memory......stream your syslog out to a syslog server via the data plane.
As for stability.
Branch SRX (10.4R7 or 11.2)
All deployments running without Issues. Many use IDP and UTM features, some in cluster.
The only outstanding issue I can see is Cluster IDP update management which I heard will get fixed but this is not a show stopper by any means.
High End SRX (10.4R7)
Rockstar product. Never had an issue with over 9x 3600 and 4x 1400 deployments.
NSM integration with Either
Don't waste your time, its not ready and it wont do what you expect. Wait for Security Design from Space to get launched, its the right product for the job.
I really enjoy the SRX product and I really did enjoy the SSG product. If you hate SRX go to SSG and wait for the SRX to have its GUI blessed by Unicorn tears, maybe its just not the product for you yet.
12-16-2011 05:00 PM
I also have had very bad luck with the SRX 240h, like other posters my SRX's (4 in total 2 clusters) have been RMA'd at least twice each in 2 years... I've had major issues with UTM/IDP and as for the JTAC support... well put it this way, I have to plan for at least 4 hrs on the phone with JTAC! and I usually don't get all of my issues resolved... On one occasion the call was over 8 hours and 2 shifts - just to fix a cluster issue...
I dread calling Juniper support so much that I have had one node powered down for about 2 months now for fear of another 8 hour support call...
I'm at the point now where I'm leaning toward splitting my 2 clusters up and using the spare 240's for testing and replacement units...
I also miss my Checkpoints... I just wish I could get what I paid for...
01-13-2012 03:04 PM
Last year I implemented a new pair of SRX240's I inherited with my job. Before getting out of the gate, I had to RMA one unit for bad USB ports. 12 days later (despite contract support) the second unit arrive, with a bad CF card. I finnaly got a unit that worked and got our cluster online with our configuration.
Unfortunately, we have 2 ISPs, for redundancy. I implemented the only known method of configuring for two ISPs without a dynamic routing protocol, and suddenly, no DNS. That's right; when you use virtual routing tables (we're running v10.4R3.4) it breaks DNS. Great.
I also found that virtual rounting tables slow down throughput horribly.
Now, we have to RMA the unit replaced last spring, another bad CF card.
I find the exact same problems in dealing with JTAC as listed in previous comments; they are really unhelpful, seem to have no access to prior tickets, and don't have knowledge of basic services that get broken when implementing posted solutions (JTAC refused to believe that DNS didn't work after we implemented virtual routing tables, it took this rep almost weeks to verify it, and then his solution was for me to completely reconfigure my router without any garuntee his soution would resolve the issue and maintain functionality.)
My solution? We're moving to all Cisco equipment when we move offices. What a complete waste of time these things have been.
03-12-2012 04:27 AM
I have a serious problem with my SRX240 and im really hoping someone can help me out.
The basic problem is that the **bleep** thing keeps getting stuck at db> , it gives error message
"ignoring watchdog timeout during boo/rebootar" during boot and then gets stuck at db>
ive tried almost everything, disabling the watchdog, installing new os through loader... and when i run command
loader> install --format file:///<path>
it says invalid URL
U must also know that the firewall is behaving really weird, as in, the letters i type in are incorrectly typed, for example if i type install it will sometimes type as in@ta}l .... has this happened with anyone???
does anyone know what the problem could be????
Please help as i need to have this device up and running ASAP
04-02-2012 03:59 PM
My experience with the Juniper SRX has been a nightmare as well.
I had really good experiences with the SSG line, and was happy to take my sales rep recommendation for the SRX
This was the worst mistake ever.
I will be staying far far away from this platform