[j-nsp] Using SRX's for BGP and Firewalling
Maqbool Hashim
mhashim at ntsuk.co.uk
Tue Nov 9 04:01:38 EST 2010
Hmmm, that’s interesting. There were two reasons why I was considering the SRX's over the SSG's for this setup.
1) I had thought that the routing functionality in JunOS would be more mature than in the SSGs.
2) Getting more experience with JUNOS and the SRX's as JUNOS might be the one platform for Juniper going forwards.
I think we will still go for the SRX's in this case especially as they seem to offer better value for money in features and performance.
Maq
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Michel de Nostredame
Sent: 08 November 2010 22:30
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Using SRX's for BGP and Firewalling
On Mon, Nov 8, 2010 at 10:54 AM, Keegan Holley <keegan.holley at sungard.com> wrote:
> One of the things that turned us off to the SRX series was the fact
> that code upgrades have to be done on both firewalls if you run them in HA mode.
> That's kind of a big deal if you want hitless upgrades or there are
> issues with the upgrade itself. BGP is one of the main reasons to use
> a juniper fw over a cisco in some designs, but I find myself liking
> the SSG/Netscreen code better for now, even though Juniper has stated
> that they plan to move everything to JunOS.
This is the reason we still stay in ScreenOS on all of our SSG and continue to buy SSG boxes. From our experience that ScreenOS on SSG is much stable and mature compares to JUNOS on SRX, if we don't take hardware performance into consideration.
Don't know why Juniper is so keen on adapting everything to JUNOS. It only break stable things, from a small customer point of view.
If the JUNOS CLI is that good and important (be honest, it is very good from our point of view) why not just add a shell in ScreenOS that accepts JUNOS CLI style statements?
--
Michel~
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
----------------------------------------------------------------------
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please delete this e-mail immediately and notify NTS(UK) Ltd on 0844 815 5925
This e-mail does not necessarily reflect the Company's opinion and should not be interpreted as such.
This message was scanned by Proofpoint Protection Server - please contact NTS for further information.
More information about the juniper-nsp
mailing list