[j-nsp] Using SRX's for BGP and Firewalling

Michel de Nostredame d.nostra at gmail.com
Mon Nov 8 17:29:53 EST 2010

On Mon, Nov 8, 2010 at 10:54 AM, Keegan Holley
<keegan.holley at sungard.com> wrote:
> One of the things that turned us off to the SRX series was the fact that
> code upgrades have to be done on both firewalls if you run them in HA mode.
>  That's kind of a big deal if you want hitless upgrades or there are issues
> with the upgrade itself.  BGP is one of the main reasons to use a juniper fw
> over a cisco in some designs, but I find myself liking the SSG/Netscreen
> code better for now, even though Juniper has stated that they plan to move
> everything to JunOS.

This is the reason we still stay in ScreenOS on all of our SSG and
continue to buy SSG boxes. From our experience that ScreenOS on SSG is
much stable and mature compares to JUNOS on SRX, if we don't take
hardware performance into consideration.

Don't know why Juniper is so keen on adapting everything to JUNOS. It
only break stable things, from a small customer point of view.
If the JUNOS CLI is that good and important (be honest, it is very
good from our point of view) why not just add a shell in ScreenOS that
accepts JUNOS CLI style statements?


More information about the juniper-nsp mailing list