I have had a SRX210 up and running in production for a few years now. Works great, been able to get it to everything I could want dual ISP routing, vpns, vlans, etc. I picked up a SRZX220 because the fe ports on the 210 started giving me issues as my traffic grew. Both the 210 and 220 have 12.1X46-D40.2 installed. I took the config on the 210 and basically just replace fe with ge and renumber the ports. Plugged it in and worked like a like charm for the network on site.
The dynamic vpn on the other hand is giving me problems. Pulse attempts to connect, it asks user to accept the certificate, fails and starts trying to connect again. It will sit in that loop forever if you let it. I never even asks for a username or password. First thing I tried was deleting out the old connection from Pulse. Next I double checked the config, ike and https are setup for the inferface. The correct external interface is set. I walked though this [SRX] Pulse client not able to connect to SRX due to configuration issues to make sure I wasn't missing something easy. No luck there so I decide to delete the dynamic vpn and run the wizard though the web interface. I run the wizard setup a everything, but I still get the same results in Pulse.
The Pulse debuglog.log didn't seem every helpful when I took a look. I pulled up the KMD log from the SRX220 and it shows a "KMD_INTERNAL_ERROR: iked_ifstate_eoc_handler: EOC msg received" from a few days ago but nothing recent.