Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Junos differences

    Posted 08-26-2019 10:27

    Hi There,

     

    I am in the process to upgrade qfx5200-32c and 48y and I would like to install the recommended version, the 18.1R3-S6.

    Heading to the Juniper website for sw download, now i am in front of 3 choices:

    • QFX 5e Series Switch with Enhanced Automation - Secure Boot
    • QFX 5e Series - Secure Boot
    • Limited - QFX 5e Series Switch - Secure Boot

    So all of them have Secure Boot so no need to go deep on this topic.

    What about the remaining meaning?

    QFX 5e Series Switch with Enhanced Automation 

    https://www.juniper.net/documentation/en_US/junos/topics/concept/junos-flex-overview.html

    This one looks to me that it is intended in case of any automation is needed and

    "Veriexec is disabled, which enables you to run unsigned programs, such as programs that you develop with Python, Chef, and Puppet"

     

    QFX 5e Series - Secure Boot

    I am assuming that this one is like the above but with less support for automation but i could not find any exlapanation

     

    Limited - QFX 5e Series Switch - Secure Boot

    This one is for

    https://www-origin.junipercloud.net/documentation/en_US/junos/topics/topic-map/software-install-and-upgrade-overview.html#id-junos-os-editions

    "Version has no cryptographic support and is intended for countries in the Eurasian Customs Union (EACU). These countries have import restrictions on software containing data-plane encryption. "

    and it is not my case cause the hardware i am going to upgrade is not located in any EACU state

     

    Based on your experience do you agree with me that the correct choice here is the QFX 5e Series Switch with Enhanced Automation ?

    Could someone bring any light on what is the QFX 5e Series - Secure Boot?

     

    Thanks!

     

     

     

     



  • 2.  RE: Junos differences

    Posted 12-03-2019 06:48

    I am facing the exact same choice. Have you had any answer somehow on the exact differences between all these versions ?



  • 3.  RE: Junos differences

     
    Posted 12-03-2019 07:08

    Hi FabNewCert,

    You have figured out most of the diference but here you go:

    #Limited - QFX 5e Series Switch - Secure Boot:

    The “Junos Limited” image does not have data-plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data plane encryption. Unlike the “Junos Worldwide” image, the “Junos Limited” image supports control plane encryption through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus allowing secure management of the system.

     

    #QFX 5e Series Switch with Enhanced Automation - Secure Boot

    This software bundle is identical to the other software bundle except that Veriexec is disabled, which enables you to run unsigned programs, such as programs that you develop with Python, Chef, and Puppet.

     

    #QFX 5e Series Switch - Secure Boot

    This is the normal Junos version which you can use. It doesn't allow you to run abovementioned unsigned programs. 

    PS: Please mark my answer as resolution if it answers your query, kudos are appreicated too!

    Thanks
    Vishal

     



  • 4.  RE: Junos differences

    Posted 12-03-2019 09:43

    This may have the info you are looking for about Junos and secure boot,

     

    https://apps.juniper.net/feature-explorer/feature-info.html?fKey=7360&fn=Secure%20Boot

     

    "A significant system security enhancement: Secure Boot. The Secure Boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. Secure boot is enabled by default on supported platforms."