SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX240 Throughput question

    Posted 01-09-2012 12:23

    Hi:

     

    We're thinking of upgrading from our NS500 to a SRX240, however I have a performance question that relates to our current setup.

     

    We have a FTP server in a DMZ zone and when we transfer data to or from the FTP server into our trusted zone we do not get great throughput. As we disable policies on the NS500 the throughput goes up each time we disable a policy. That combined with throughput achieved when connected directly to the DMZ network, I know that the NS500 is the bottleneck.

     

    The question is: with a handful of policies enabled will I be able to achieve 500mbit/s between the trusted and DMZ zones? 750mbit/s? 1G?

     

    The SRX240 is at such a great price point compared to the next step up (SRX650) I'm really hoping it will do what we need.

     

    thanks,

    Andrew

     



  • 2.  RE: SRX240 Throughput question
    Best Answer

    Posted 01-10-2012 01:23

    Hi

    The maximum firewall performance of SRX240 is 1.5 Gbps

    http://www.juniper.net/uk/en/products-services/security/srx-series/srx240/#specs

    so I think it should be able to reach close to your expectations.

    And if you do not need any stateful security and services (such as NAT, ALG)
    for your FTP traffic, you can enable selective packet services for it,
    see

    http://www.juniper.net/us/en/local/pdf/app-notes/3500192-en.pdf

    This will improve performance and at the same time you will be able
    to use all security features for other traffic.

    That being said, Netscreen and SRX are rather different platforms and
    I would recommend you to take SRX for production testing before purchasing it,
    just to be on the safe side.



  • 3.  RE: SRX240 Throughput question

    Posted 01-11-2012 11:24

    Peter, thanks for your thoughts.

     

    How does one arrange for a loaner SRX so that we can do production testing? Local sales rep or through Juniper directly?

     

    thanks,

    Andrew

     



  • 4.  RE: SRX240 Throughput question

    Posted 01-11-2012 13:18

    Hi Andrew,

     

    I think it is better to contact you preferred J-partner (if you have one).

     

    Otherwise you can use partner locator here

     

    http://www.juniper.net/uk/en/partners/locator/

     

    or contact Juniper reps in your country so they can direct you. But
    whether a particular partner will be ready to give you the box for testing or not,
    depends on too many circumstances, so I can't predict on the chances...