SRX Next-Gen Firewalls

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • It also occurred to me that you may be pushing the poor SRX340 to its limits or beyond with 2g traffic, depending on what it's doing. See datasheet: https://www.juniper.net/content/dam/www/assets/datasheets/us/en/security/srx300-line-firewalls-branch-datasheet.pdf ...

  • Thanks for the reply! " SRX will do load-balancing per flow" - I figured as much, that's no surprise. We do have plenty of users, so I think it will mostly come out in the wash anyhow. The equipment from our ISP has several SFP+ ports, so maybe ...

  • I did some calculations. It's up to you if you wanna try this. Group 1 or both groups 38.252.2.1 38.252.2.2 Maybe use this as group 1 and 2 38.161.1.1 38.161.1.2 Or Group 1 38.252.2.1 38.252.2.2 Group ...

  • Hi Nikolay, Noted for your explanation. Now it more clear to me. Thanks

  • Yes, and no. Yes, you can hook up two 1G connections via a switch and configure load-balancing, but SRX will do load-balancing per flow. In practical terms that means that no single connection (flow) can exceed 1G. So if you start downloading a file ...

  • Our ISP is providing 2Gbps internet via a 10G SFP+ but our SRX340 only has 1G SFP ports. Is it possible for me to use an intermediate 5-port switch with one 10G SFP+ port to connect to my ISP equipment, and use 2x 1G links to the SRX340 and still somehow ...

  • Those are not intended to be advertised to peers. They're only significant locally to the SRX where these routes exist. They only control actions in the policy-statement defined on the SRX. In fact, it would probably be bad to advertise them to peers. ...

Unanswered Posts

Top Contributors in the Community