I am in the process to upgrade qfx5200-32c and 48y and I would like to install the recommended version, the 18.1R3-S6.
Heading to the Juniper website for sw download, now i am in front of 3 choices:
So all of them have Secure Boot so no need to go deep on this topic.
What about the remaining meaning?
QFX 5e Series Switch with Enhanced Automation
This one looks to me that it is intended in case of any automation is needed and
"Veriexec is disabled, which enables you to run unsigned programs, such as programs that you develop with Python, Chef, and Puppet"
QFX 5e Series - Secure Boot
I am assuming that this one is like the above but with less support for automation but i could not find any exlapanation
Limited - QFX 5e Series Switch - Secure Boot
This one is for
"Version has no cryptographic support and is intended for countries in the Eurasian Customs Union (EACU). These countries have import restrictions on software containing data-plane encryption. "
and it is not my case cause the hardware i am going to upgrade is not located in any EACU state
Based on your experience do you agree with me that the correct choice here is the QFX 5e Series Switch with Enhanced Automation ?
Could someone bring any light on what is the QFX 5e Series - Secure Boot?
I am facing the exact same choice. Have you had any answer somehow on the exact differences between all these versions ?
Hi FabNewCert,You have figured out most of the diference but here you go:
#Limited - QFX 5e Series Switch - Secure Boot:The “Junos Limited” image does not have data-plane encryption and is intended only for countries in the Eurasian Customs Union because these countries have import restrictions on software containing data plane encryption. Unlike the “Junos Worldwide” image, the “Junos Limited” image supports control plane encryption through Secure Shell (SSH) and Secure Sockets Layer (SSL), thus allowing secure management of the system.
#QFX 5e Series Switch with Enhanced Automation - Secure BootThis software bundle is identical to the other software bundle except that Veriexec is disabled, which enables you to run unsigned programs, such as programs that you develop with Python, Chef, and Puppet.
#QFX 5e Series Switch - Secure BootThis is the normal Junos version which you can use. It doesn't allow you to run abovementioned unsigned programs. PS: Please mark my answer as resolution if it answers your query, kudos are appreicated too!ThanksVishal
This may have the info you are looking for about Junos and secure boot,
"A significant system security enhancement: Secure Boot. The Secure Boot implementation is based on the UEFI 2.4 standard. The BIOS has been hardened and serves as a core root of trust. The BIOS updates, the bootloader, and the kernel are cryptographically protected. Secure boot is enabled by default on supported platforms."