[j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826

Brent Jones brent at servuhome.net
Thu Sep 1 16:59:26 EDT 2011


On Thu, Sep 1, 2011 at 11:00 AM, Paul Stewart <paul at paulstewart.org> wrote:
> We have yet to see that even with PIM modules installed - do you remember
> what version of JunOS you were running by chance?
>
>
>
> Paul
>
>
>
>
>
> From: Nathan Sipes [mailto:nathan.sipes at gmail.com]
> Sent: September-01-11 12:05 PM
> To: Paul Stewart
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826
>
>
>
> I have had similar experiences to Richard's with the "Free SRX210H" I even
> managed to get a DSL PIM in there as well. Had it up and working for about 2
> months when the pim quit forwarding traffic randomly. Rebooting the SRX
> seems to fix it well enough though... I will say that the free hardware has
> cost a lot of my time and some annoyed phone calls from my wife when netflix
> doesn't work.
>
>
>
>
>
> On Thu, Sep 1, 2011 at 9:48 AM, Paul Stewart <paul at paulstewart.org> wrote:
>
> Actually I'm curious as well - RAS is not typically wrong though about this
> kind of stuff ;)
>
> We have numerous SRX deployed for firewall and router functionality - some
> are running Dynamic VPN (which yes, we've had issues with - definitely it's
> not perfect).  We've been bitten by some surprises as well ... so I'm not
> disagreeing, just saying that we're pretty used to these issues we've
> encountered and don't deploy if we know they will come up. Typically, we use
> them as site to site VPN boxes along with firewalling.
>
> I have an SRX210 at my home as well - run the full UTM suite on it and had
> no real issues (granted it's a home environment to be fair).
>
> RAS, can you share a few highlights of "broken"?
>
> Appreciate it,
> Paul
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Phil Mayers
> Sent: September-01-11 11:35 AM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826
>
>
> On 01/09/11 10:09, Richard A Steenbergen wrote:
>
>> I have an SRX210 in my basement doing my home routing, and it is the
>> only free device I've ever been given that I would seriously consider
>> returning and asking for my money back. Broken doesn't even begin to
>> describe it, my condolences to anyone who actually needs to run these
>> things in production.
>
> Is this for routing functionality, or firewall functionality?
>
> We're using one as an MPLS PE, and it seems to be working ok, but given
> what you've said... gulp!
>
> Is there a good summary of the problems anywhere, or do I need to trawl
> the archives?
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

I run multiple SRXs at several sites doing firewalling, routing, VPNs.
Have everything from SRX100s, to SRX 1400s, branch units run 10.4R6 I
believe, and SRX1400s running 11.1R3 (will double check later).
Have had minor issues, mainly with VPNs to other vendor devices like
Cisco ASAs. You have to be mindful if you need policy based VPN or
route based VPNs to work with other vendors.

I'd be curious to hear what problems other people have, for something
to look out for, but otherwise the SRXs have worked as well as most
anything else on the market.
I would know, I've gone through the whole lifecycle of Cisco PIX, into
ASAs, Sonicwall, Fortigate, etc, and I would say SRXs have worked
better than most, especially considering they are a young product
line.


-- 
Brent Jones
brent at servuhome.net



More information about the juniper-nsp mailing list