SRX Services Gateway
Reply
Contributor
hadywahl
Posts: 45
Registered: ‎05-23-2008
0
Accepted Solution

SRX IPS vs IDP

Hello All,

Kindly help me with the difference between the SRX IPS and the Standalone IDP.

Does the SRX IPS perform all that the Standalone IDP can?

With an AppSecure (SRX650-APPSEC-A-1), do i still need to buy an SRX650-IDP?

 

,

Recognized Expert
ronf
Posts: 242
Registered: ‎04-04-2011
0

Re: SRX IPS vs IDP

The SRX IPS is supposedly a one-for-one replacement for the standalone IDP, however it is missing some features to be sure (fail to wire bypass for example).  The IPS engine is also not quite as proven in my opinion, although the Juniper IDP was never my favorite IDP either (mostly due to the requirement to run NSM).  The SRX650-APPSEC-A-1 license you asked about includes the application security and the IPS licenses.  My overall feeling is that if you need a combined firewall with IPS, the SRX is a decent choice (although it still wouldn't be my favorite for that role either), but as a standalone IPS box, it still isn't there.

 

Ron

JNCIE-SEC #127
Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: SRX IPS vs IDP

Fail to wire is now available with SRX550. Ports 0/4 and 0/5 go into bypass mode on power failure. From the hardware guide:

 

Bypass

 

Ports 0/4 and 0/5 are automatically connected together when the services gateway is powered off. This feature can be used to bypass the device in the event of a power failure.

Recognized Expert
ronf
Posts: 242
Registered: ‎04-04-2011
0

Re: SRX IPS vs IDP

Thanks for the information on the SRX-550.  Do you know if that is slated to be included in any other platforms?

 

Ron

JNCIE-SEC #127
Contributor
hadywahl
Posts: 45
Registered: ‎05-23-2008
0

Re: SRX IPS vs IDP

Thanks Ron,

I appreciate.Your answer settles it.

However, can i still use the IDP box that  i have presently with the SRX instead of having to make use of the IPS that comes with the AppSecure? 

Recognized Expert
ronf
Posts: 242
Registered: ‎04-04-2011
0

Re: SRX IPS vs IDP

If you mean can you use another IDP product in front of an SRX, then certainly you can.  Just use the SRX as a firewall, and set the policy on the SRX to not do IDP.

 

Ron

JNCIE-SEC #127
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.