Junos
Highlighted
Junos

jseries and non enhanced services junos version

09.13.10   |  
‎09-13-2010 01:19 AM

Hi all,

 

As the last non ES is 9.3, what wil lhappen when the support will expire on this release ?

 

I can't find any replacement device that can be used as a regular router like a JSeries.

 

Is there anything planned about this ?

5 REPLIES
Junos

Re: jseries and non enhanced services junos version

09.13.10   |  
‎09-13-2010 02:29 AM

Hello,

You can use any branch SRX or J-series box with JUNOS 9.6 onwards as a "router" if you put it into packet-mode (either global or selective).

However, if You are looking to do "classic JUNOS-style" services on such box (where SFW/NAT is configured under [edit services])  then I am afraid there is no equivalent software-based router substitute.

HTH

Regards

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Junos

Re: jseries and non enhanced services junos version

09.13.10   |  
‎09-13-2010 02:38 AM

I asked for confirmation to the TAC and they confirmed that NAT is not supported

in this mode.

 

Can you confirm if NAT doesn't work at all or if you have to use firewall filters for NAT ?

 

I don't see much interest to use an SRX in packet mode, but for a J series it can be interesting.

 

Also packet mode on a jseries seems to be a default permit all policy.

Do you know another way of configuring packet mode for inet (ipv4) on a j series or srx ?

Junos

Re: jseries and non enhanced services junos version

09.13.10   |  
‎09-13-2010 03:58 AM

In packet mode you can still add the old style "firewall filter" at the interface level which is more like the traditional ACL type filtering.

Junos

Re: jseries and non enhanced services junos version

09.13.10   |  
‎09-13-2010 04:03 AM

so you can also have some NAT conbfig with firewall filters, but the syntax

is IMHO more complex than the NAT on enhanced services/srx versions.

Junos

Re: jseries and non enhanced services junos version

09.13.10   |  
‎09-13-2010 11:06 AM

Hello,

Using "firewall filters for NAT" has never been possible on any JUNOS.

What You can use on J-series legacy JUNOS up to 9.3R4.4 is the combination of service-filters, interface-style service-sets and NAT rules configured under [edit services nat]

These constructs (service-filters+ interface-style service-sets+NAT rules under [edit services nat]) are no longer available in JUNOS after 9.3.

You have to use JUNOS-ES-style of configuring SFW policies+NAT for subset of packets and allow the rest of it to pass in packet-mode. This is possible with JUNOS 9.6 and above where "selective packet-mode" was introduced.

HTH

Rgds

Alex

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !