IT projects I have successfully worked and complete (Firewalls SRX)

IT projects I have successfully worked and completed continuation...

 

Firewall setup.

Juniper SRX 240 H

 

For some reason many financial institutions like Cisco at least the ones I have dealt with, most use Cisco. What a pity!

I personally have used Juniper SSG F25 (running SreenOS) for many years and I just loved it. I think it is easy to setup, it is robust, it is reliable and I love the concept of “Zones”.

By the way “Zones” was something that Juniper developed and not Cisco as many think.

So I thought of using Juniper SSGs F25, but after talking to few people and doing some research I discovered SRX range.

We decided to use the Juniper SRX 240H, this Security Gateway has an amazing 16xGig Ethernet ports, 1GB Memory without mentioning Juniper’s support is the best I have ever used. Juniper engineers are knowledgeable, are helpful and they know their stuff.

One of the requirements was the site must be available at all times, and we will only failover to our DR if our live site is completely down.

With that in mind, I decided to use a HA cluster and bought two Juniper SRXs.

 

The Juniper cluster has been up since I finished the setup 1 year ago. They are so stable, so robust and reliable.

There are two ways of configuring a Juniper SRX:

1.    Using the web interface

The command interface is very intuitive; easy to use (it is not confusing like some firewalls out there i.e Sonicwall and Cisco ASA).

     

     2.   Via command line

The command line is quick, reliable and the commands are just named right.

There are aspects I prefer to config via command line and some other parts are just nice configuring using J-web.

Another strong point in favour of Juniper SRX is it price comparing to for example, Cisco. If you were to buy a Cisco device with the same amount of Giga Bit Interfaces x 16, Memory and features, it would cost 3 times the Juniper price.

 

Setting up an IPsec VPN is easy, quick and also very easy to troubleshoot, there is feature called "traceoptions", makes your work much pleasurable.

I think for Administrators, it is a great product and for business it is a great value for money. Robust, secure and reliable.

Some SRX Features

• User processes are separated from the kernel, If an user process crashes, the system continues to run fine, as it does not affect the kernel.

 

I could list loads of features here, but there is a nice PDF with many really cool and interesting features, check it out:

http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/security/software-all/feature-support-reference/junos-security-feature-support-guide.pdf#search=%22SRX%20features%22

Specification

Memory 1GB

Firewall performance (max)
1.8 Gbps

IPS performance (NSS 4.2.1)
230 Mbps

AES256+SHA-1 / 3DES+SHA-1 VPN performance
300 Mbps

Maximum concurrent sessions
128 K (Base) / 256 K (High Mem)

New sessions/second (sustained, TCP, 3-way)
8,500

Maximum security policies
4,096

Maximum users supported
Unrestricted

WAN / LAN fixed ports
16 x 10/100/1000BASE-T

CX111 3G/4G modem support
Yes

WAN / LAN PIMs

·         T1/E1

·         ADSL2 Annex A

·         ADSL2 Annex B

·         G.SHDSL

·         VDSL2 Annex A

·         DOCSIS 3.0 Cable Modem

·         GbE SFP

·         Sync Serial

High-availability support
Yes