We are in the process of replacing some SSGs (and NSes) with SRXes. The biggest issues so far that we've faced are: 1. Although the devices can be used at the core you can't enable "multifunction" IDP (i.e. you can only enable the filters for HTTP or Fileserver etc, not all at the same time or the device will crash). 2. The config restore is limited to a small file (i don't know what that is yet). If you need to restore a big file from SCP or USB key it will fail, you have to convert the file into commands (a bit like ScreenOS or IPTables) and then paste them all into CLI which can get messy if you make a typo or do them in the wrong order. 3. In shell mode the CPU shows pflow using up over 1000% CPU, apparently this is just an aesthetics problem and it's not actually using up 1000% CPU (the GUI also shows this but this is also an aesthetics problem). The advantages are that the CLI has more middle ground between IOS and ScreenOS, for example: ScreenOS and JunOS: set interfaces <name> <setting> Cisco interface <name> <setting> JunOS edit interface <name> set <setting> The BGP configuration is much more complicated, and in my short experience with JunOS, less feature rich than OpenBGPd from the OpenBSD crew (although the syntax is very similar). Regards, Ken On 19 April 2010 18:32, Jeffrey Negro <jnegro@billtrust.com> wrote:
Has anyone on Nanog had any hands on experience with the lower end of the new SRX series Junipers? We're looking to purchase two new firewalls, and I'm debating going with SSG series or to make the jump to the SRX line. Any input, especially about the learning curve jumping from ScreenOS to JunOS would be greatly appreciated. Thank you in advance.
Jeffrey