[j-nsp] SRX Reliability

Wed Jun 12 14:10:42 EDT 2013

On 2013-06-12 1:18 PM, "Brent Jones" <brent at brentrjones.com> wrote:

>On Wed, Jun 12, 2013 at 5:41 AM, Andrew Gabriel
><mailandrewg at gmail.com>wrote:
>
>> On Wed, Jun 12, 2013 at 3:58 PM, Phil Mayers <p.mayers at imperial.ac.uk
>> >wrote:
>>
>> > We recently evaluated an SRX 3600, and modulo some minor cosmetic bugs
>> and
>> > one major one (PSN-2012-10-754, fixed in later software) they seemed
>> solid
>> > to me. We tested IPv4 & IPv6 layer4 firewalling, AppFW, dynamic
>>routing
>> > with BGP and multicast. It all seemed to work ok, and we have gone
>>ahead
>> > and purchased.
>> >
>> > It might help if you could specify what sort of things you want to do
>>on
>> > them e.g. IPsec, IDP, inline AV/web filtering (which the 3000s can't
>>do)
>> > and so forth.
>> >
>>
>> Hi Phil,
>>
>> Thanks, we are mainly looking at basic FW, VPN, and routing capability,
>> which we need to be rock solid. We do not intend to use the IPS and UTM
>> type features at the moment.
>>
>> Thanks,
>> -Andrew.
>>
>>
>>
>>
>We have several sets of SRX1400s in chassis cluster, plus dozens of SRXs
>from SRX100's up to SRX240's throughout various offices.
>We've had minor bugs here and there, but they get resolved through code or
>workarounds, no more bugs than other vendors really.
>Early on, yes, pre-10, tons of bugs, but 10.4 and greater are solid.
>We do various NAT, FW, VPNs, routing instances, etc, no issues to report.

I'd echo Brent's comments above - we have just over 120 SRX's in
deployment currently and have very few issues.  Make sure you size them
appropriately to the task if using UTM.  Yes, as mentioned before 10.x
there was a lot of issues but we mainly deploy now at 11.4 and they are
solid.

Paul