[j-nsp] MX Firewall Capabilities
Doug Hanks
dhanks at juniper.net
Tue Jul 12 13:35:25 EDT 2011
The SRX has more headroom for stateful scale and more features.
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Brendan Mannella
Sent: Tuesday, July 12, 2011 10:19 AM
To: OBrien, Will; sthaug at nethelp.no
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] MX Firewall Capabilities
Nice, and if I decided I want stateful firewalling and IPS, I see I can use the DPC card...
Are there any pros/cons to this vs just buying a separate SRX?
-----Original Message-----
From: OBrien, Will [mailto:ObrienH at missouri.edu]
Sent: Tuesday, July 12, 2011 1:04 PM
To: sthaug at nethelp.no
Cc: Brendan Mannella; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] MX Firewall Capabilities
Yup. That is correct. Border filters are no problem without the ms-dpc.
Sent from my iPad
On Jul 12, 2011, at 12:56 PM, "sthaug at nethelp.no" <sthaug at nethelp.no> wrote:
>> Just wondering what the firewalling capabilities are with the MX series vs the SRX. We just would like to have basic firewall (block all incoming ports, allow specifcs). Would we need the MS-DPC to achieve this? The new router will be are trio cards.
>
> As long as you don't need *state* tracking but simply basic filtering
> on ports, IP addresses etc your standard MX cards work just fine - no
> need for MS-DPC.
>
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list