05-22-2012 02:47 AM
Kindly help me with the difference between the SRX IPS and the Standalone IDP.
Does the SRX IPS perform all that the Standalone IDP can?
With an AppSecure (SRX650-APPSEC-A-1), do i still need to buy an SRX650-IDP?
Solved! Go to Solution.
05-22-2012 05:06 AM
The SRX IPS is supposedly a one-for-one replacement for the standalone IDP, however it is missing some features to be sure (fail to wire bypass for example). The IPS engine is also not quite as proven in my opinion, although the Juniper IDP was never my favorite IDP either (mostly due to the requirement to run NSM). The SRX650-APPSEC-A-1 license you asked about includes the application security and the IPS licenses. My overall feeling is that if you need a combined firewall with IPS, the SRX is a decent choice (although it still wouldn't be my favorite for that role either), but as a standalone IPS box, it still isn't there.
05-22-2012 11:31 AM
Fail to wire is now available with SRX550. Ports 0/4 and 0/5 go into bypass mode on power failure. From the hardware guide:
Ports 0/4 and 0/5 are automatically connected together when the services gateway is powered off. This feature can be used to bypass the device in the event of a power failure.
05-23-2012 04:40 AM
I appreciate.Your answer settles it.
However, can i still use the IDP box that i have presently with the SRX instead of having to make use of the IPS that comes with the AppSecure?
05-23-2012 06:17 AM
If you mean can you use another IDP product in front of an SRX, then certainly you can. Just use the SRX as a firewall, and set the policy on the SRX to not do IDP.