I am a little confused as to weather or not I can plug my cable modem via RJ45 directly into the the SRX110?
I have not bought the SRX110 yet, but I am trying to figure out where to buy it and understand the licensing with it.
I have seen some SRX110's on ebay/amazon but perhaps there is not a license sold with it?
you should be able to put a SRX behind a cable modem. Depening on the "options" of your cable modem. If you have the option to put a device behind the cablemodem and that device is able to request an IP from the Service Provider by dhcp/radius.
Or does the Service Provider assign an IP to the cable modem ? With both options you are able to put an SRX behind it. Keep in mind that when the assigned IP is on the cablemodem you could endup with double nat
For your cable provider and modem, you would ask if they support "bridge mode" on the cable modem and allow customers to provide the firewall. If they do you can put the SRX directly on the internet getting a public ip address from the cable provider using DHCP.
If not, you can still connect the SRX behind the cable modem but it will be getting a private address behind the cable firewall and your devices are then behind two firewalls. For outbound traffic and configurations nothing really changes on the SRX. But if you want to setup and test inbound rules and NAT you would need to also configure these on both the cable device and the SRX.
With any SRX purchase the license options are separate from the hardware and can be purchased separately. So you can get hardware from ebay or the like and then purchase a license to add to the device via CDW or other distributors.
Thanks! Great information! I believe my ISP will allow me to do either. Right now it does pickup a dynamic ip, in which feeds to my 6700v2 netgear. I am hoping to just have the cable modem bridged so that the SRX is pulling a dynamic. That is probably faster than the Cable pulling a dynamic, and then the SRX pulling whatever the cable modem has. Next question, is hooking up my 6700v2 netgear to do wifi only? I should be able to do this? and create three vlans on the SRX? Wired / Wireless / Guest Wireless.
After further research it appears, that maybe I might be better off starting with the SRX220 instead of the 110.
This would be for my home network.
Is this SRX220 (I see this on ebay for $179) for my home network good enough for basic security that will allow me to better manage and lock down my network than what that netgear offers? I used Zenmap, and could not get those ports/services blocked on that netgear. The SRX220h2 are much more expensive.
I picked up my JNCIA, last year, and I am looking to renew it possibly with a security certification that will renew my A+/N+/S+.
Where is the best place to buy the hardware? eBay/Amazon? Then just buy software license at CDW? Any alternatives?
Is it better to buy it all in one with the hardware and software together?
I am wondering if i can just use the SRX firewall without a license? I dont think I need AppSecure.
Any links to understanding more on how the software works as far as licensing goes? I am not sure if the license means buy it once and for all. Or every 1 to 3 to 5 years? I want to be able to build a juniper network at my home, and use it along with understanding it. Then implement it in the various places I work. I have a basic understanding of cisco, but enough that I much rather grow in Juniper products, and be skilled in Juniper.
On the Netgear, these general default to full firewall router mode. What it sounds like you want is for this to function as a WAP only. There is an AP mode for some models of Netgear but not all. You will need to look for that in your manual. If it is supported you just activate AP mode and the device will function as a stand alone WAP.
Since you are studying for the JNCIS/JNCIP-SEC, you may want to get at least an SRX300 series device. The revised exams all use the new ELS layer 2 mode and have sections on SkyATP. Both of these are not supported on the SRX110/200 series devices. You could learn them strictly via documentation. And the new 300 series will be much more than the 100/200 series. Just be aware of the limitation.
Licensing is mosty for a time period of years. The remote access node license to increase from the built in 2 users to more users are permanent, but all the rest are time based. You can see the available bundles and options on the data sheets for the various SRX models on the older branch model sheet. The basic groupings are:
SRX branch series for the srx200
SRX300 - unfortunately they removed the part numbers for all the licensing here. But you will notice the hardware comes with or without the application bundle.
Thanks Steve. I am thinking on just purchasing this SRX300 on Amazon for $268. I don't think I will need to purchase any licenses right since I am only going to use this at home, and for learning purposes. If I decide later to get licenses, I should be able to get with Juniper or just purchase the license via CDW? It appears this one is not a licensed Juniper reseller.
Does SkyATP fall under applications function whereas i would need to buy only the applications license?
1 YR Support:
Secure Branch License:
268 + 39 + 144 = $451
SkyATP is a separate licensed service. This is the cloud file check, geoip and command and control detection platform. There is a free version of this for some SRX hardware. But you do need to have at least an SRX340 for this service. And the support contract has to be active for the free service version.
The branch bundle includes the rest of the NGFW feature: web filtering, AV, spam, AppSecure and IDP.