[j-nsp] SRX240 - ready for prime time?
Tim Eberhard
xmin0s at gmail.com
Mon Mar 5 18:43:14 EST 2012
Having dealt with the SRX through some very trying times (from early
alpha boxes running on SSG) to current 11.x code I have to say the SRX
has come a long long way. The 9.x code train and even well into 10.x
saw some pretty big bugs with HA, VPN and other critical features.
I have you say 10.4 and the 11.x code train have been pretty stable in
whatever environment I've thrown them in. I tend to use the SRX's for
their core functions (e.g. NAT, security policies, VPN's, etc) and
stay away from IDP/UTM but from what i've seen they've been in good
shape.
I would encourage you to check out the 240. It's an amazing firewall
for the price. Stick to 10.4 or something in the 11.x code and you'll
be fine. I think you'll be shocked how stable and bug free it is after
hearing all the bad items on this list.
Good luck, hope this helps.
-Tim Eberhard
On Mon, Mar 5, 2012 at 5:28 PM, TCIS List Acct
<listacct at tulsaconnect.com> wrote:
> Over the past few years the general feeling I've gotten reading j-nsp and
> elsewhere was to stay away from the SRX line until the code matured. We've
> got an upcoming project that I'm considering using a SRX 240 for.
>
> Has the code matured to the point that it can be considered a stable
> platform for security (just basic firewall, 1:1 NATs, maybe a few VPNs),
> high availability, and some very basic layer 3 routing services?
>
> TIA.
>
> --Mike
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list