SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX240 Upgrades and SA Vulnerability Applicability

    This message was posted by a user wishing to remain anonymous
    Posted 04-16-2022 12:57
    This message was posted by a user wishing to remain anonymous

    Hello,

    I have an SRX240H2 that is up to date with what is displayed here https://support.juniper.net/support/downloads/?p=srx240 which shows the last update as of Aug 2020.  But if you look at the new Security Advisories page here https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]&f:level3=[SRX-Series%20Branch]&f:level4=[SRX240] it shows there are a lot of applicable updates to the Branch SRX series, specifically SRX240 that are after that date. 

    Is the discrepancy because of the OS versioning? How do I know I'm fully up to date? Is there somewhere else that the upgrades are downloaded from now that I'm missing?


  • 2.  RE: SRX240 Upgrades and SA Vulnerability Applicability

    Posted 04-19-2022 12:59
    The SRX240H2 is going full EoL in a few months, so there are no more software upodates being made for it any longer.  12.3X48-D105 is likely the last update made for the SRX240H2 back in 2020.  Given there are no more updates even for security issues, it should be retired and you would need to look at an SRX340 as it's direct replacement which can run all the latest code.

    ------------------------------
    KRISTIAN DURVIN
    ------------------------------



  • 3.  RE: SRX240 Upgrades and SA Vulnerability Applicability

    Posted 04-20-2022 05:41
    According to the EOL page listing many versions of the srx220 are still for sale until the end of the year and all versions show end of support will not be till the end of 2023.

    Seems odd to me that security patches would not be applied to a security device from a security focused company on a supported platform.  Where do you see this documented?

    https://support.juniper.net/support/eol/product/srx_series/

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 4.  RE: SRX240 Upgrades and SA Vulnerability Applicability

     
    Posted 04-20-2022 09:28
    Afai can tell from that page the only non (or very recently) EndOfSales "parts" of SRX2xx are licenses whereas the actual HW parts are long EoEverything.
    Please see also In which releases are vulnerabilities fixed? (juniper.net)


  • 5.  RE: SRX240 Upgrades and SA Vulnerability Applicability

     
    Posted 04-20-2022 10:56
    End of software engineering  (no more patches or updates) is three years after LOD (date of last order): https://support.juniper.net/support/pdf/eol/990833.pdf

    That said, I see a number of different varieties of SRX-240H2 in the EOL list, the oldest has an LOD of May 2016, putting end of software engineering at May 2019.  In contrast, the SRX-220H2 has an LOD date of Nov 2018. Confusingly, the "SRX-240H2-TAA" SKU has an LOD of Nov 2018.