IT
projects I have successfully worked and completed continuation...
Firewall
setup.
Juniper
SRX 240 H
For some reason many financial
institutions like Cisco at least the ones I have dealt with, most use Cisco. What
a pity!
I personally have used Juniper SSG F25
(running SreenOS) for many years and I just loved it. I think it is easy to
setup, it is robust, it is reliable and I love the concept of “Zones”.
By the way “Zones” was something that
Juniper developed and not Cisco as many think.
So I thought of using Juniper SSGs F25,
but after talking to few people and doing some research I discovered SRX range.
We decided to use the Juniper SRX
240H, this Security Gateway has an amazing 16xGig Ethernet ports, 1GB Memory
without mentioning Juniper’s support is the best I have ever used. Juniper
engineers are knowledgeable, are helpful and they know their stuff.
One of the requirements was the site
must be available at all times, and we will only failover to our DR if our live
site is completely down.
With that in mind, I decided to use a
HA cluster and bought two Juniper SRXs.
The Juniper cluster has been up since
I finished the setup 1 year ago. They are so stable, so robust and reliable.
There are two ways of configuring a
Juniper SRX:
1.
Using
the web interface
The
command interface is very intuitive; easy to use (it is not confusing like some
firewalls out there i.e Sonicwall and Cisco ASA).
2.
Via
command line
The
command line is quick, reliable and the commands are just named right.
There
are aspects I prefer to config via command line and some other parts are just
nice configuring using J-web.
Another strong point in favour of
Juniper SRX is it price comparing to for example, Cisco. If you were to buy a
Cisco device with the same amount of Giga Bit Interfaces x 16, Memory and
features, it would cost 3 times the Juniper price.
Setting up an IPsec VPN is easy, quick and also very easy to troubleshoot, there is feature called "traceoptions", makes your work much pleasurable.
I think for Administrators, it is a great product and for business it is a great value for money. Robust, secure and reliable.
Some SRX Features
- User processes are separated from the kernel, If an user process crashes, the system continues to run fine, as it does not affect the kernel.
I could list loads of features here,
but there is a nice PDF with many really cool and interesting features, check
it out:
Specification
Memory 1GB
Firewall performance (max)
1.8 Gbps
1.8 Gbps
IPS performance (NSS 4.2.1)
230 Mbps
230 Mbps
AES256+SHA-1 / 3DES+SHA-1 VPN performance
300 Mbps
300 Mbps
Maximum concurrent sessions
128 K (Base) / 256 K (High Mem)
128 K (Base) / 256 K (High Mem)
New sessions/second (sustained, TCP, 3-way)
8,500
8,500
Maximum security policies
4,096
4,096
Maximum users supported
Unrestricted
Unrestricted
WAN / LAN fixed ports
16 x 10/100/1000BASE-T
16 x 10/100/1000BASE-T
CX111 3G/4G modem support
Yes
Yes
WAN / LAN PIMs
·
T1/E1
·
ADSL2 Annex A
·
ADSL2 Annex B
·
G.SHDSL
·
VDSL2 Annex A
·
DOCSIS 3.0 Cable Modem
·
GbE SFP
·
Sync Serial
High-availability support
Yes
Yes
