Hello,
Perimeter router replacement could be a bit tricky.
Option1 - Transparent mode
> You could setup the Juniper SRX in transparent mode and then convert to L3 once you are comfortable.
> You can deploy all the policies and be comfortable with JUNOS
> Later you would need to convert to L3, configure routing and NAT once you decide to fully migrate
Option2 - L3 Routed mode
> If you wish to go for L3 mode deployment it can be done in parallel to the existing router. Again depends on factors like availability of public IPs.
> If above is possible you can keep the existing setup with some subnets routed through the Juniper. Some device before the Juniper would need to take care of this conditional routing provided it is supported.
> Else you could consider having a group of user subnets having their gateway directly on the Juniper firewall with this traffic completely segregated by VLANs till the perimeter
(Option 1) (Option 2)
Internet Internet Internet
+ + +
| | |
| | |
+------+-------+ +------+-------+ +-----+------+
| | | | | |
| Ubiquiti | | Ubiquiti | | SRX |
| | | | | L3- Mode |
| | | | | |
+------+-------+ +------+-------+ +----+-------+
| | |
| | |
| | |
+------+-------+ | |
| SRX | | |
| Transparent| | |
| Mode | | |
+------+-------+ | |
| | |
| | |
| | |
+-------+-------+ +-------+-------+ |
| | | +--------------------+
| Switch | | Switch | Selectively
| | | | Route some traffic
+---------------+ +---------------+ through SRX
I hope this helps. Regards,
Vikas