Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Vlan vs bgroup in Screen OS

    Posted 01-06-2012 09:47

    HI experts;;;Difference between vlan and broup in screen OS is as under:-

    Placing an interface in a vlan mean placing firewall in transparent bridge mode , the firewall will act as transparent bridge and can not support dynamic routing protocol. All interfaces other than vlan member must be placed in null zone
    Bgroup mean integrated routing and bridging , mean firewall support bridge domain and also routing


  • 2.  RE: Vlan vs bgroup in Screen OS

    Posted 01-06-2012 15:13

    No, placing an interface in a vlan means that you place the interface in Layer 2. All layer 3 you configure on the vlan interface. Just like you configure L3 on the bridgegroup interface in Screenos. You can compare a vlan with a vlan interface and ports in accessmode with a bridegroup with member interfaces. Bigest difference is you can do a lot more layer 2 stuff on the srx than on a ssg/isg. 



  • 3.  RE: Vlan vs bgroup in Screen OS
    Best Answer

    Posted 01-06-2012 21:36

    Thanks for replying.. As per Screen OS Cook Book (Chapter 5) placing firewall mean in transparent mode mean enabling transparent bridge mode in firewall. to achieve the task an interface must be placed in v1-trust or v1-untrust vlan and all other interfaces in null zone. bgropup provide us capability to implement integrated routing and bridging Screen OS Cook Book (Chapter 6)

     

     

     

     



  • 4.  RE: Vlan vs bgroup in Screen OS

    Posted 01-07-2012 08:37

    Sure, you can place the ssg in transparant mode. Even mixed mode is possible. Srx on the other hand: can also operate in transparant mode (starting with junos 11 I think), but not mixed mode.  What is your question about this subject?