SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX IPS vs IDP

    Posted 05-22-2012 02:48

    Hello All,

    Kindly help me with the difference between the SRX IPS and the Standalone IDP.

    Does the SRX IPS perform all that the Standalone IDP can?

    With an AppSecure (SRX650-APPSEC-A-1), do i still need to buy an SRX650-IDP?

     

    ,



  • 2.  RE: SRX IPS vs IDP
    Best Answer

    Posted 05-22-2012 05:06

    The SRX IPS is supposedly a one-for-one replacement for the standalone IDP, however it is missing some features to be sure (fail to wire bypass for example).  The IPS engine is also not quite as proven in my opinion, although the Juniper IDP was never my favorite IDP either (mostly due to the requirement to run NSM).  The SRX650-APPSEC-A-1 license you asked about includes the application security and the IPS licenses.  My overall feeling is that if you need a combined firewall with IPS, the SRX is a decent choice (although it still wouldn't be my favorite for that role either), but as a standalone IPS box, it still isn't there.

     

    Ron



  • 3.  RE: SRX IPS vs IDP

    Posted 05-22-2012 11:31

    Fail to wire is now available with SRX550. Ports 0/4 and 0/5 go into bypass mode on power failure. From the hardware guide:

     

    Bypass

     

    Ports 0/4 and 0/5 are automatically connected together when the services gateway is powered off. This feature can be used to bypass the device in the event of a power failure.



  • 4.  RE: SRX IPS vs IDP

    Posted 05-22-2012 12:59

    Thanks for the information on the SRX-550.  Do you know if that is slated to be included in any other platforms?

     

    Ron



  • 5.  RE: SRX IPS vs IDP

    Posted 05-23-2012 04:40

    Thanks Ron,

    I appreciate.Your answer settles it.

    However, can i still use the IDP box that  i have presently with the SRX instead of having to make use of the IPS that comes with the AppSecure? 



  • 6.  RE: SRX IPS vs IDP

    Posted 05-23-2012 06:17

    If you mean can you use another IDP product in front of an SRX, then certainly you can.  Just use the SRX as a firewall, and set the policy on the SRX to not do IDP.

     

    Ron