I need your input on what model I should go for the SRX in order to build my own lab for JNCIE-SEC.
I did some research and i think the following should be sufficient .
1) SRX210HE = sty 1 , I will UTM, DYNAMIC VPN on this one, I am not going buy any PIM
2) SRX210BE = 3
Please note that "E" is the enhanced version of SRX with Faster CPU.
Total SRX = 4
Attached is the pdf file with all the parts I am thinking to order.
I need technical advice , will SRX 210 be enough for the preparation of JNCIE-SEC. Also if anyone (if moderator of exams) can give us idea about the number of SRX boxes to expect at the JNCIE-SEC exam, i hope this question is not violating any NDA.
As I understand only SRX boxes will be their in JNCIE-SEC exam, Can we expect any other appliances like J-series and other in the exam.
Is it possible if I can make cluster of TWO SRX , one SRX with UTM license and other SRX does not have UTM license.
Any suggestion is really appreciated as I want to do wise investment : ).
Just wanted to know that the JNCIE-SEC is purely based on SRX only i guess that 's more of an SRX expert exam and not on the overall juniper security portfolio like SSL, IDP & UAC. Would have been great if this exam was more than CCIE Sec which covers most of the security products.
At home, I'm using three SRX 210H series. Two of them have the IDP-Sig,Dynamic-VPN,anti-spam, and anti-virus licenses. I also have an EX 3200 juniper switch. I use the switch for aggregating the different SRX connections. I bridge a trunk link back to my iMac running a VMWare fusion linux guest with a 8 router olive setup simulating an ISP core network. So I have a HA cluster as a remote office appearing off a set of PE olives, and my third SRX is another remote office connected to a different set of PEs. They are linked via a MPLS Layer 3 VPN. I know simulating the ISP core isn't needed, but it was more fun to do that then connecting these SRX back to back. I've been going through the JNCIP-SEC objectives (IPS, Advanced VPN, etc) and think this will be a useful setup for the JNCIE-SEC.
With the link to my iMac, I also have several VMWare guests I can launch and place in different parts of the internetwork. I have a vulnerable web server host that can be exploited. I also have a client hacker guest that runs BackTrack5. This is not needed, but is more fun to do and lets me run metasploit and other tools to test the security policies I implement.
If this post was helpful, please mark this post as an "Accepted Solution". Kudos are always appreciated!