SRX

According to the information below, only the SRX1500 and above support the ETSI GS QKD 014 API.

Page.221

Hardware requirements -Juniper Networks® SRX1500 Firewall and higher-numbered device models
or Juniper Networks® vSRX Virtual Firewall (vSRX3.0)
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/vpn-ipsec.pdf

Q1. Is the lack of support for SRX300 series due to hardware limitations or product positioning reasons?

Q2. Is there a possibility that SRX300 series will support the ETSI GS QKD 014 API in a future version?

I've been wondering much the same thing. As far as I know everything post-quantum requires at least SRX1500, not just the key distribution part. The SRX300 series does have a pretty sluggish control plane. Perhaps HPE is holding out for an SRX400 series?

According to the information below, only the SRX1500 and above support the ETSI GS QKD 014 API.

Page.221

Hardware requirements -Juniper Networks® SRX1500 Firewall and higher-numbered device models
or Juniper Networks® vSRX Virtual Firewall (vSRX3.0)
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/vpn-ipsec.pdf

Q1. Is the lack of support for SRX300 series due to hardware limitations or product positioning reasons?

Q2. Is there a possibility that SRX300 series will support the ETSI GS QKD 014 API in a future version?

Hi Nikolay

Thank you for the suggestion about SRX400.
According to this article, it seems the new generation SRX400 will support PQC.

HPE introduces sweeping security advancements to secure AI adoption and strengthen enterprise resiliency | HPE

Then what I want to know is whether existing SRX300 series will need to replace to SRX400 to support PQC,
 or if it can be done with OS upgrade.

I've been wondering much the same thing. As far as I know everything post-quantum requires at least SRX1500, not just the key distribution part. The SRX300 series does have a pretty sluggish control plane. Perhaps HPE is holding out for an SRX400 series?

According to the information below, only the SRX1500 and above support the ETSI GS QKD 014 API.

Page.221

Hardware requirements -Juniper Networks® SRX1500 Firewall and higher-numbered device models
or Juniper Networks® vSRX Virtual Firewall (vSRX3.0)
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/vpn-ipsec.pdf

Q1. Is the lack of support for SRX300 series due to hardware limitations or product positioning reasons?

Q2. Is there a possibility that SRX300 series will support the ETSI GS QKD 014 API in a future version?

I uploaded some info on SRX400. The info should be "public" according to a Juniper SE, but still preliminary. From earlier SRX announcements, performance figures will not decrease but rather the opposite after more testing has been done. First models are scheduled to be released before July this year.

The SRX400 will not support traditional clustering, only MNHA clustering. MNHA clustering will also finally go from M=dual to M=multi, as in 2-4 clustering (in 25.4 I seem to recall).

Hi Nikolay

Thank you for the suggestion about SRX400.
According to this article, it seems the new generation SRX400 will support PQC.

HPE introduces sweeping security advancements to secure AI adoption and strengthen enterprise resiliency | HPE

Then what I want to know is whether existing SRX300 series will need to replace to SRX400 to support PQC,
 or if it can be done with OS upgrade.

I've been wondering much the same thing. As far as I know everything post-quantum requires at least SRX1500, not just the key distribution part. The SRX300 series does have a pretty sluggish control plane. Perhaps HPE is holding out for an SRX400 series?

According to the information below, only the SRX1500 and above support the ETSI GS QKD 014 API.

Page.221

Hardware requirements -Juniper Networks® SRX1500 Firewall and higher-numbered device models
or Juniper Networks® vSRX Virtual Firewall (vSRX3.0)
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/vpn-ipsec.pdf

Q1. Is the lack of support for SRX300 series due to hardware limitations or product positioning reasons?

Q2. Is there a possibility that SRX300 series will support the ETSI GS QKD 014 API in a future version?

I uploaded some info on SRX400. The info should be "public" according to a Juniper SE, but still preliminary. From earlier SRX announcements, performance figures will not decrease but rather the opposite after more testing has been done. First models are scheduled to be released before July this year.

The SRX400 will not support traditional clustering, only MNHA clustering. MNHA clustering will also finally go from M=dual to M=multi, as in 2-4 clustering (in 25.4 I seem to recall).

Hi Nikolay

Thank you for the suggestion about SRX400.
According to this article, it seems the new generation SRX400 will support PQC.

HPE introduces sweeping security advancements to secure AI adoption and strengthen enterprise resiliency | HPE

Then what I want to know is whether existing SRX300 series will need to replace to SRX400 to support PQC,
 or if it can be done with OS upgrade.

I've been wondering much the same thing. As far as I know everything post-quantum requires at least SRX1500, not just the key distribution part. The SRX300 series does have a pretty sluggish control plane. Perhaps HPE is holding out for an SRX400 series?

According to the information below, only the SRX1500 and above support the ETSI GS QKD 014 API.

Page.221

Hardware requirements -Juniper Networks® SRX1500 Firewall and higher-numbered device models
or Juniper Networks® vSRX Virtual Firewall (vSRX3.0)
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/vpn-ipsec.pdf

Q1. Is the lack of support for SRX300 series due to hardware limitations or product positioning reasons?

Q2. Is there a possibility that SRX300 series will support the ETSI GS QKD 014 API in a future version?

Hi Nikolay

Thank you for the suggestion about SRX400.
According to this article, it seems the new generation SRX400 will support PQC.

HPE introduces sweeping security advancements to secure AI adoption and strengthen enterprise resiliency | HPE

Then what I want to know is whether existing SRX300 series will need to replace to SRX400 to support PQC,
 or if it can be done with OS upgrade.

I've been wondering much the same thing. As far as I know everything post-quantum requires at least SRX1500, not just the key distribution part. The SRX300 series does have a pretty sluggish control plane. Perhaps HPE is holding out for an SRX400 series?

According to the information below, only the SRX1500 and above support the ETSI GS QKD 014 API.

Page.221

Hardware requirements -Juniper Networks® SRX1500 Firewall and higher-numbered device models
or Juniper Networks® vSRX Virtual Firewall (vSRX3.0)
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/vpn-ipsec.pdf

Q1. Is the lack of support for SRX300 series due to hardware limitations or product positioning reasons?

Q2. Is there a possibility that SRX300 series will support the ETSI GS QKD 014 API in a future version?

Hi Nikolay

Thank you for the suggestion about SRX400.
According to this article, it seems the new generation SRX400 will support PQC.

HPE introduces sweeping security advancements to secure AI adoption and strengthen enterprise resiliency | HPE

Then what I want to know is whether existing SRX300 series will need to replace to SRX400 to support PQC,
 or if it can be done with OS upgrade.

I've been wondering much the same thing. As far as I know everything post-quantum requires at least SRX1500, not just the key distribution part. The SRX300 series does have a pretty sluggish control plane. Perhaps HPE is holding out for an SRX400 series?

According to the information below, only the SRX1500 and above support the ETSI GS QKD 014 API.

Page.221

Hardware requirements -Juniper Networks® SRX1500 Firewall and higher-numbered device models
or Juniper Networks® vSRX Virtual Firewall (vSRX3.0)
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/vpn-ipsec.pdf

Q1. Is the lack of support for SRX300 series due to hardware limitations or product positioning reasons?

Q2. Is there a possibility that SRX300 series will support the ETSI GS QKD 014 API in a future version?