[125692] in North American Network Operators' Group
Re: Juniper firewalls - SSG or SRX
daemon@ATHENA.MIT.EDU (Brad Fleming)
Wed Apr 21 09:52:17 2010
From: Brad Fleming <bdflemin@gmail.com>
To: nanog@nanog.org
In-Reply-To: <q2oe95dc4e71004191732nc7fdccb8jcc42f3e72d6dcbfb@mail.gmail.com>
Date: Wed, 21 Apr 2010 08:51:42 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Apr 19, 2010, at 7:32 PM, Jeffrey Negro wrote:
> Has anyone on Nanog had any hands on experience with the lower end
> of the
> new SRX series Junipers? We're looking to purchase two new
> firewalls, and
> I'm debating going with SSG series or to make the jump to the SRX
> line. Any
> input, especially about the learning curve jumping from ScreenOS to
> JunOS
> would be greatly appreciated. Thank you in advance.
>
My general take:
Hardware == Well built and designed, very robust. The only thing 2
things I'd like to see are: 1) a field-replaceable CF card like the J-
series (bonus points if there's a backup like the J's as well!) and 2)
a 2-port T1 mPIM card.
Software == Not horrible but far from great. We have issues with:
Ethernet switching not functioning correctly, IPv6 not wanting to work
on Enet switched VLANs, IP-IP tunnels acting very "weird", gmd
crashing when trying to commit randomly, and lack of pretty much all
IPv6 security features.
I'd like to see Juniper really focus on getting the "branch" SRX
software up-to-snuff especially in regards to IPv6 security features.
I think they're working pretty hard on it but I haven't seen the
fruits of their labor yet!
