We are trying to setup transit VPC in our multiaccount/multiregional AWS environment and have chosen Juniper vSRX for its flexibility and more attractive pricing model in comparison with other well-known vendors. We played a bit with single vSRX instance and our trial period is almost expired. Could we ask you please to clarify the following areas:
1. During subscribing to the service we selected the subscription of
vSRX Premium-Next Generation Firewall with Anti-Virus Protection
but during spinning the vSRX instance with our terrafrom scripts we used the AMI
There are also several other images on AWS Marketplace Community area, like
Did we choose correct AMI to match our subscription?
2. We'd like to have vSRX instance to perform not only routing functions but security inspections as well. The plan is to have such protection mechanisms as IDS/IPS and Antivirus enabled. I am a bit confused if that's possible to enable both IDP and UTM. Does our current subscription allow to do that?
3. The last question is regarding getting JTAC support. Am I right that during trial period it's not possible to reach our the support team? I have also noticed that during creating account on Juniper community I had to provide vSRX AWS instance number but since we are using terraform and IAC model with deploying/destroying infrastructure the instance number is changing at each deployment. We prefer to start with PAYG licence initially with switching to permanent one later. How is it possible to resolve this dynamic instance id confusion?
Do you want to use the vSRX as a Transit VPC or a normal Spoke VPC? The version and subscription name that you have mentioned is that of a Spoke VPC. The Transit VPC is called: Juniper vSRX virtual firewall - Transit VPC BYOL and comes only in 15.1X49-D100 software. You can also download the Juniper template as well from the Github link: https://github.com/Juniper/vSRX-AWS and use that for spinning the vSRX Transit VPC on AWS. In the process, AWS GUI will give you an option to choose the PAYG(License Included) model or BYOL.
Regarding using IDP and AV: The vSRX Premium Next Generation Firewall with Anti-Virus Protection, will come with the Appliance and AntiVirus bundle only. You would need to buy the appropriate license bundle from Juniper for IDP and can use those features.
For opening a TAC case: You can reach out to TAC even in the trial period. Have you already tried creating a case with the dynamic instance ID? I think it should work. If it does not you can reach out to Juniper Customer Care on 1-888-314-5822.
I just confirmed that vSRX Premium Next Generation Firewall with Anit-Virus Protection comes with Virtual Appliance and IDP/APPSig/Anti-Virus/Anti-Spam License Bundle. So the answer to your second query is yes.