SRX Services Gateway
Highlighted
SRX Services Gateway

SRX packet-mode

[ Edited ]
‎03-11-2019 05:28 AM

I have a hard time finding any definitive information on what exact features work / exist in packet mode (set security forwarding-options family mpls mode packet-based).

Security policies / NAT are of course not working, but what about zones? Do they exist? What else is still there? Or better: what is NOT working with packet-based mode?

 

Regards,

Pawel Mazurkiewicz

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: SRX packet-mode

‎03-11-2019 06:36 AM

In packet mode, SRX processes the traffic as a traditional router on a per-packet basis. It supports only stateless firewall filter in this mode. Other firewall features like security zones, stateful firewall, NAT, IPSec, UTM services will not be supported in this mode.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461

https://www.youtube.com/watch?v=YYHxcT8ZYiE

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
The SRX Forwarding Modes Learning Byte explains and demonstrates the different types of data plane forwarding modes that can be performed on Juniper Networks...
Highlighted
SRX Services Gateway
Solution
Accepted by topic author pmazurkiewicz
‎03-14-2019 04:54 AM

Re: SRX packet-mode

‎03-11-2019 06:37 AM

Everything under the security stanza does not work in packet-mode:

 

security policies, NAT, IPsec VPN, zones, screens, ALGs and security features like IPS, UTM and Sky ATP.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: SRX packet-mode

‎03-14-2019 04:55 AM

I guess macsec would work. 😉 - but I know what you mean.

Thanks Jonas!

 

Regards,

Pawel Mazurkiewicz

Feedback