SRX Services Gateway
Highlighted
SRX Services Gateway

SRX 210 - 340

‎01-21-2020 07:03 AM

It has been decided that we should be moving from our old srx 210 (sw 12.1x44-D30.4)  to our new SRX 340 (sw 19.4R1.10)

 

Being new to Juniper myself, previous experience mainly on Sonicwalls.   I'm looking to see if there is a simpler way to transfer the config.  We have a lot of VPN tunnels set up and comparing the 2 firewalls side by side the settings are not that obvious to be able to compare.

 

Any advice would be really appreciated.

 

E.

5 REPLIES 5
Highlighted
SRX Services Gateway

Re: SRX 210 - 340

‎01-21-2020 12:32 PM

I would go with the JTAC recommended version for SRX340 instead of the newest release. Currently for SRX340 that is 18.2R3-S2.

 

JTAC recommended releases are found in this KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476

 

Regarding migration from SRX210 to SRX340 it's overall very simply done via cli in a few hours. Doing it via web UI will take you days.

 

Basically what you need to be aware of for conversion of the SRX210 configuration:

* new interface naming (fe-0/0/x -> ge-0/0/x)

* vlan-interfaces are now named "irb.x" instead of "vlan.x"

* dhcp server configuration is done differently

 

All your firewall policies, nat and vpn configuration and basic system configuration should be transferable one to one.

 

To get some basic knowledge about Junos and SRX, I will suggest that you look in the Day One book library where a lot of subjects are covered in a intutive manner.

https://www.juniper.net/documentation/jnbooks/en_US/day-one-books#cat=all_books

 

In your case i would look at "Exploring the Junos CLI" and "SRX SERIES UP AND RUNNING WITH ADVANCED SECURITY SERVICES".

 

Let us know if any specific issues shows up during the migration/conversion.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: SRX 210 - 340

‎01-22-2020 02:34 AM

thank you for your swift reply.  I am now currently downgrading to the recommended software 🙂

Highlighted
SRX Services Gateway

Re: SRX 210 - 340

‎01-22-2020 03:27 AM

i have downloaded the config files from the 210 and attempted to copy them over doing a find/replace in notepad++ for vlan to irb , however there are so many references to vlan in the config file that if i copy them all I get a syntax error.

i suppose it suggest i have replaced too many but we have looked over it and are getting really confused as to which instances of "vlan" actually need replacing!

 

anyway reading those pdf's so hopefully that will help a bit more. 🙂

Highlighted
SRX Services Gateway

Re: SRX 210 - 340

‎01-22-2020 04:44 PM

The change is needed from vlan to irb in the configuration section under interfaces.

old style interfaces vlan 

new style interfaces irb

 

In the main vlan section that stays the same.

But the interfaces listed under vlans

old style is vlan.0

new style irb.0

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX 210 - 340

‎01-22-2020 10:53 PM
The vlan interfaces defined under ‘Security zones’ also needs to be changed from vlan.x to irb.x

--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Feedback