I currently have an SRX-210H-PoE deployed. I am wondering, can an EX2200-C-12P be substituted for it?
They both run Junos, but does that mean that I can configure firewall policies, etc, on the EX2200-C's interfaces as I have with the SRX-210? I understand the EX2200-C will not manage an AX-411 wireless access point, but that is not a concern in this case.
Basically, I am looking for a device with 8+ ge ports that can act as a switch, but also as a router to an untrusted zone (yes, the Internet). The EX2200-c looks like it might be a good candidate.
anything above static routes I believe requires an Enhanced Feature License, but it can support OSPF, PIM, etc (to lower scale than say an EX4200). Not sure about IPv6 routing support right now. For as small and as cheap as it is, it is very feature rich -- anything L2 you would need is there.
It has no capability for Stateful firewall, NAT, etc due to hardware limitations (it is a switch...not a firewall).
As the above said, its a great device to use in conjunction with an SRX.
The uplink ports can operate as switch ports, and should be able to operate at 10/100/1000 based on whatever optic you insert (or use the copper uplink ports)
Thanks for the info guys. As you can tell, I'm new to the Juniper stuff, and had heard that the monolithic OS meant that all functionality was available on all devices, but that their hardware was optimised for specific tasks. I wondered, therefore, if an EX2200-C could perform tasks such as NAT, but in the OS at a greater performance hit or something to that effect.
The concept of the monolithic OS is really focused around a single command set. Juniper has to optimize the code for each platform. Imagine the size of the image you would need to carry on every box if every bit of functionaltiy was enabled for every platform.
There is obviously a real difference between the switching world and the router / FW world. So you won't find NAT or security policies on a switch. Having said that, you will find a lot of this functionality in the router space.
If you boot up a factory default J series router you will find it comes up with security policies enabled and you can't login through any other I/F but the console port as there is no ssh turned on in system services.