Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Upgrade path from SSG-140?

    Posted 09-14-2015 11:17

    Hello,

     

    I have a couple of SSG-140s that we want to upgrade to increase capacity.

     

    The SSG-550M seems like a good option as I can still get them used and I'm guessing I could copy our configs over from our SSG-140s with minimal tweaking (probably just updating some port assignments).  Am I right in that assumption?

     

    Or, is there a newer product available that would be just as easy to transition to?

     

    Thanks,

     

    Curtis



  • 2.  RE: Upgrade path from SSG-140?

    Posted 09-14-2015 15:24

    Did I post this to the wrong forum?



  • 3.  RE: Upgrade path from SSG-140?
    Best Answer

     
    Posted 09-14-2015 17:32

    Hi,

     

    If you are looking for the easiest transition option then staying with the SSG series is the way to go. However at some point you will need to migrate to the SRX series as SSG has been announced as EOL.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16772&smlogin=true

     

    Personally I would move to the SRX series now rather than later. There is a screenos to junos configuration converter available which will give you a good start but it is not perfect so you do need to apply some thought as well.

     

    See the tool here; 

    https://i2j.juniper.net/s2j/index.jsp

     

    Tim



  • 4.  RE: Upgrade path from SSG-140?

    Posted 09-15-2015 15:11

    I didn't know about the conversion tool.  I knew the SSG series was EOL as of 2020, but knowing that there's a conversion tool for the SRX series definitely might put me over the edge to go that way.  Thanks for the info! 🙂



  • 5.  RE: Upgrade path from SSG-140?

    Posted 09-15-2015 16:55

    The conversion tool is useless.  Use it to get the idea of what the syntax difference is and then do it manually.  You only have to do it once and it's a great opportunity to audit your existing firewall polices.

     

    I was amazed how many policies were not needed.

     

    Keep in mind the NAT works differently in the SRX.  You will have to setup the NATs seperate (more like in addition to) the security policies.



  • 6.  RE: Upgrade path from SSG-140?

    Posted 09-18-2015 11:20

    Yeah, I quickly discovered that the migration tool alone isn't going to do the trick.  Sad, since I don't think our configuration is very complicated.  But you're right, this is a good opportunity to clean our our configuration. 

     

    Thanks to both of you for the help and advice. 🙂



  • 7.  RE: Upgrade path from SSG-140?

    Posted 09-19-2015 09:51

    You also have the go half way option.

     

    Buy the SSG550M and move over the configuration as it is now in ScreenOS.

     

    when you are ready to make the move there is a conversion kit that replaces the flash in the SSG550 and turns the device into a Junos SRX one.

     

    You still need to convert the configuration but you can postpone the day and not have to change the hardware.