[j-nsp] srx advice

Farid Bouzemarene Farid.Bouzemarene at magirus.com
Fri Jul 22 13:13:27 EDT 2011


Just as a reminder : LSYS ( screenos vsys equivalent ) are arriving in 11.2 on srx ....
 


----- Message d'origine -----
De : Ben Dale [bdale at comlinx.com.au]
Envoyé : 22.07.2011 22:11 ZE10
À : Richard Zheng <rzheng at gmail.com>
Cc : juniper-nsp at puck.nether.net
Objet : Re: [j-nsp] srx advice



Hi Richard,

Depending on your topology you can scale this out by having a common "Untrust" zone for all customers (which is has interfaces in the inet.0 instance) and simply leaking routes (interface(s), default or otherwise) into specific customer VRs.

Cheers,

Ben

On 22/07/2011, at 5:54 PM, Richard Zheng wrote:

> Hi,
> 
> I am trying to compare different models of srx. The application is to setup
> virtual firewalls for several customers. The virtual router instance should
> do it. The maximum number of security zones seems to be the limitation of
> srx. For example, SRX220 has maximum 24 zones and 15 virtual routers.
> Considering one virtual router needs at least 2 zones, one trusted and one
> untrusted, how can you get more than 12 virtual routers with 24 zones?
> 
> Am I missing something here?
> 
> Thanks,
> Richard
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list