Screen OS

Hi, we are currently using Juniper SSG 140 and i would like to seek help if port aggregation is possible here. i have 2 Gigabit ports that i will be using for my server and CS vlan. i need to combine these ports (eth0/8 & eth0/9) to make 2GB of bandwidth because this is be used for inter VLAN routing between CS (50 users) and Server VLAN. I dont know if SSG 140 can handle inter-VLAN routing  for 50 users but i was hoping that its possible without bottlenecks. I dont know if BGgroup is Redundant IF suitable for my setup:

My proposed setup:

Currently our setup is GW-EX42100 switch running OSPF and broadcast all VLANs. thats not good because all vlan doamins can access each other and since it is going to Juniper SSg140 on a single interface inter-vlan pollicy is not applicable on the FW. My plan is to make the EX4200 a core switch (layer 2) and create sub-interfaces on SSG140.

There are 2 Gigabit ports on SSG and others are 100Mb.

eth0/0 & eth 0/1 : ITVLAN, HR VLAN, ADMINVLAN & ExecutiveVLAN

eth0/2 & ethe0/3: DMZVLAN, WifiVLAN and GUESTVLAN

eth0/4 & eth0/5: ISP01 and ISP02

eth0/8 & eth0/9 (Gb): SERVERVLAN & CSVLAN

I would like to aggregate those ports especially on the server & CS VLANs. i only have max 60 users and i think this setup can handly it. I need your support and suggestions on this. Please help me. THanks!

Link aggregation isn't supported on SSG.

Not sure If I understand your requirement correctly but if CS-VLAN and Server-VLAN have different VLAN-ID's and IP-subnets the SSG can route between them. A "permit" policy must be in Place if they are in different zones or intra-zone block is enabled.

The limitation is still the physical interface bandwidth.

best regards

Thorsten

If this worked for you please flag my post as an "Accepted Solution" so others can benefit.
A kudo would be cool if you think I earned it.

Hi, Thank you for the reply. Yes you are correct that limitation is the physical interface. thats what i was trying to achieve. I want to aggregate the 2 gigabit ports on my firewall eth0/8 & eth0/9. But i cant find any docs that can help me to aggregate those interfaces. Bggroup and redundant grouping is not port aggregation. Is this possible for SSG 140? from my EX4200 switch i dont have any issue on aggregating those links but going to the Firewall its a different issue. hope you could help me verify things. Thanks!

as I mentioned before Port or Link aggregation isn't supported on SSG.

It would even not make any sence because the Firewall throughput of SSG140 is only 300Mbps.

JUNOS based SRX Series support Link aggregation.

Best Regards

Thorsten

okay that was noted.. Thank you very much for your time.. Need to find an alternative solution..

Regards, 

Is possible to guide how to solve the problem for the throughput requirement?

thanks

weird with the SSG140, there is one guide, which mentioned that SSG140 has the bgroup0/0 - bgroup0/2 integrated with the module.why cannot using that feature to aggregate the ports ? would you mind give me some hints?