SRX

I am setting up static VPN between two firewalls: Juniper SRX650-BASE-SRE6-645AP Services Gateways.

Do all XPIM modules should match including number of ports or can we have:

#1 SRX 650 firewall with 24 ports: Juniper SRX-GP-24GE-POE 24-Port Gigabit PoE

#2 SRX 650 firewall with 16 ports: Juniper SRX-GP-16GE-POE 16-Port Gigabit PoE

Is the difference in XPIM port #s would be an issues for setting VPN between the 2 SRXs or XPIMs have to match including their number of ports?

You can configure an IPsec VPN between any type of SRX - doesn't matter which local interfaces are present.

IPsec will also work towards other vendors (Cisco, Check Point, Fortinet etc.) - there can be small things which needs adjustment, but overall it works.

Is it recomended however to configure VPN tunnel between two identical SRX devices like 650s?

If so, XPIMs type and number of ports present doesnt matter?

Right?

There is no such recommendation. In your case you will have the same performance with or without the same XPIMs... and interoperability is just as good.

So I see no issue moving forward configuring IPsec between the two firewalls.

So if I had

Site 1: SRX 650 with 24 POE ports

Site 2: SRX 240 with 16 POE ports

There would be no issues setting up VPN tunnel?

PS. what about recommended setups, don't they recommend to go with similar/same types of devices?

Hi Clubber,

The number of ports or SRX models are not important and it is not going to make any difference when you configure a VPN. 

You can use the following guideline to configure an IPSEC VPN (route-based) : 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-route-based-ipsec-vpns.html#id-example-configuring-a-route-based-vpn 

Hope his information is going to help you.

Best Regard

Luis Mora - JNCIS-Security

luism@juniper.net

For 24x7 support, call +1.888.314.JTAC or Contact Support for the full list of international numbers.