SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX packet-mode

    Posted 03-11-2019 05:28

    I have a hard time finding any definitive information on what exact features work / exist in packet mode (set security forwarding-options family mpls mode packet-based).

    Security policies / NAT are of course not working, but what about zones? Do they exist? What else is still there? Or better: what is NOT working with packet-based mode?

     

    Regards,

    Pawel Mazurkiewicz



  • 2.  RE: SRX packet-mode

    Posted 03-11-2019 06:37

    In packet mode, SRX processes the traffic as a traditional router on a per-packet basis. It supports only stateless firewall filter in this mode. Other firewall features like security zones, stateful firewall, NAT, IPSec, UTM services will not be supported in this mode.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461

    https://www.youtube.com/watch?v=YYHxcT8ZYiE

     



  • 3.  RE: SRX packet-mode
    Best Answer

    Posted 03-11-2019 06:37

    Everything under the security stanza does not work in packet-mode:

     

    security policies, NAT, IPsec VPN, zones, screens, ALGs and security features like IPS, UTM and Sky ATP.



  • 4.  RE: SRX packet-mode

    Posted 03-14-2019 04:56

    I guess macsec would work. 😉 - but I know what you mean.

    Thanks Jonas!

     

    Regards,

    Pawel Mazurkiewicz