I am setting up static VPN between two firewalls: Juniper SRX650-BASE-SRE6-645AP Services Gateways.
Do all XPIM modules should match including number of ports or can we have:
#1 SRX 650 firewall with 24 ports: Juniper SRX-GP-24GE-POE 24-Port Gigabit PoE
#2 SRX 650 firewall with 16 ports: Juniper SRX-GP-16GE-POE 16-Port Gigabit PoE
Is the difference in XPIM port #s would be an issues for setting VPN between the 2 SRXs or XPIMs have to match including their number of ports?
You can configure an IPsec VPN between any type of SRX - doesn't matter which local interfaces are present.
IPsec will also work towards other vendors (Cisco, Check Point, Fortinet etc.) - there can be small things which needs adjustment, but overall it works.
Is it recomended however to configure VPN tunnel between two identical SRX devices like 650s?
If so, XPIMs type and number of ports present doesnt matter?
There is no such recommendation. In your case you will have the same performance with or without the same XPIMs... and interoperability is just as good.
So I see no issue moving forward configuring IPsec between the two firewalls.
So if I had
Site 1: SRX 650 with 24 POE ports
Site 2: SRX 240 with 16 POE ports
There would be no issues setting up VPN tunnel?
PS. what about recommended setups, don't they recommend to go with similar/same types of devices?
The number of ports or SRX models are not important and it is not going to make any difference when you configure a VPN.
You can use the following guideline to configure an IPSEC VPN (route-based) :
Hope his information is going to help you.
Luis Mora - JNCIS-Security
For 24x7 support, call +1.888.314.JTAC or Contact Support for the full list of international numbers.