[j-nsp] SRX as a server load balancer for service redundancy?
Majdi S. Abbas
msa at latt.net
Wed Aug 15 13:08:19 EDT 2012
On Wed, Aug 15, 2012 at 09:53:07AM -0700, joel jaeggli wrote:
> I'm generally down on the idea of putting a stateful firewall in
> front of a service that accepts unsolicited incoming connections, it
> will tend to be the least scalable item in the path.
That's okay, anyone that does this is quickly going to turn off
the involved ALG, as well as all the TCP state checks. They may even
wind up in packet mode.
Not that a 210 is super scalable to begin with... but now that
the J-series has effectively been turned into the SRX line I suspect
this is more common than we think. At least for Juniper's customers,
given the obvious gap in the product line.
--msa
More information about the juniper-nsp
mailing list