Junos OS

Expand all | Collapse all

Recommended JunOS for Switches/firewalls

Jump to Best Answer
  • 1.  Recommended JunOS for Switches/firewalls

    Posted 07-24-2018 01:36

    Hello everybody,

    We have a number of devices Switches/Firewalls runnning at our Datacentre/Branches. Now audit team suggested us to upgrade OS of all the devices to 18.1 version. On juniper Website, we came across number of OS , but its much confusing as the latest one is'nt recommended. Please guide/suggest the least vulnerable version

    Currently we have following devices/JunOS version

     

    1. Firewall SRX1500 JunOS version 17.3R1.10

    2. Firewall SRX320 JunOS version 15.1X-49-D45

    3. Firewall SRX320 JunOS version 15.1X49-D70.3

    4. Switch EX2300 JunOS version 15.1X53-D58.3

    5. Switch QFX5100 JunOS version 14.1X53-D35.3

    6. Switch EX2200 JunOS version 12.3R9.4



  • 2.  RE: Recommended JunOS for Switches/firewalls

    Posted 07-24-2018 02:07

    Please have a look at this KB: https://kb.juniper.net/InfoCenter/index?page=content&id=kb21476

     

    It's an overview of the JTAC recommended version for different platforms. It gives you a rather clear guideline of stable release for the different platforms.

    If there are security issues which needs to be handled, a new release will be done under the relevant Junos software train.

     

    That said; especially on SRX and QFX it can make sense to go to a newer release due to new features being introduced.

     



  • 3.  RE: Recommended JunOS for Switches/firewalls
    Best Answer

     
    Posted 07-24-2018 03:02

    Sounds like your audit team is trying to apply the normal upgrade procedure of servers to network devices.  Network OS tend to be less frequently moved from version to version than server OS.  In NOS we generally move up major releases for features not patches.  All supported Junos major releases get patched.

     

    I assume from your comment here the concern is security.  You can see the applicable security notices that would be apply to the JTAC recommended versions as opposed to the most recent upgrade here.

     

    https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

     

    You will note from this that Junos does patch the vulnerabilities in older Junos code trains that are still supported in addition to the newer major releases.  So from a security perspective there can be no different between running 15, 17 or 18 when looking at CVE issues.  All can be fully patched.