[j-nsp] srx advice

Kurt Bales kwbales at kwbales.net
Fri Jul 22 04:51:48 EDT 2011


Hello Richard,

I would hazard a guess that because not every virtual router needs to be
running in flow-based mode (ie run some in packet-mode ala
http://datainter.cz/doc/3500192-en.pdf ), that it may be possible to not
require 2x Zones per VR.

Just a thought.

Kurt
(@networkjanitor)

On Fri, Jul 22, 2011 at 17:54, Richard Zheng <rzheng at gmail.com> wrote:

> Hi,
>
> I am trying to compare different models of srx. The application is to setup
> virtual firewalls for several customers. The virtual router instance should
> do it. The maximum number of security zones seems to be the limitation of
> srx. For example, SRX220 has maximum 24 zones and 15 virtual routers.
> Considering one virtual router needs at least 2 zones, one trusted and one
> untrusted, how can you get more than 12 virtual routers with 24 zones?
>
> Am I missing something here?
>
> Thanks,
> Richard
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list