SRX Services Gateway
SRX Services Gateway

SRX packet-mode

[ Edited ]
‎03-11-2019 05:28 AM

I have a hard time finding any definitive information on what exact features work / exist in packet mode (set security forwarding-options family mpls mode packet-based).

Security policies / NAT are of course not working, but what about zones? Do they exist? What else is still there? Or better: what is NOT working with packet-based mode?

 

Regards,

Pawel Mazurkiewicz

3 REPLIES 3
SRX Services Gateway

Re: SRX packet-mode

‎03-11-2019 06:36 AM

In packet mode, SRX processes the traffic as a traditional router on a per-packet basis. It supports only stateless firewall filter in this mode. Other firewall features like security zones, stateful firewall, NAT, IPSec, UTM services will not be supported in this mode.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461

https://www.youtube.com/watch?v=YYHxcT8ZYiE

 

Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway
Solution
Accepted by topic author pmazurkiewicz
‎03-14-2019 04:54 AM

Re: SRX packet-mode

‎03-11-2019 06:37 AM

Everything under the security stanza does not work in packet-mode:

 

security policies, NAT, IPsec VPN, zones, screens, ALGs and security features like IPS, UTM and Sky ATP.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
SRX Services Gateway

Re: SRX packet-mode

‎03-14-2019 04:55 AM

I guess macsec would work. Smiley Wink - but I know what you mean.

Thanks Jonas!

 

Regards,

Pawel Mazurkiewicz