On 23/03/10 04:05, Hoogen wrote: > I think the EX thread was really good and the feedback was awesome. I would > like hear about similar experiences while deploying SRX Series gateways, I > am assuming I would hear a lot on the branch boxes SRX 210,240,650 I would > also love to hear feedback on SRX 3000/5000 if people have been using it in > their setup, problems that their facing, improvements and general deployment > scenario that have been used.
So the big gotcha with the SRX line is the lack of IPv6 support. I've been assured by a Juniper tech rep that over 10.2-10.4 it should get closer to parity. From my big evil list: * SRX650 allowed me to configure {{family ethernet-switching}} on the internal ports, which isn't supported * SRX650 only supports LACP on {{family ethernet-switching}} ports, which excludes the internal ports, EX4200 doesn't have this problem From the firewall section (much of these are feature reqs) * Allow to change the default policy per {{from-zone a to-zone d}} * Allow to do {{from-zone any ...}} or perhaps just {{from-zone [ a b c ] to-zone d}}, this would be a *major* PITA in a hosting environment with a zone per customer. * Allow to have {{from-zone ... to-zone ...}} with no rules, I know the default is implied with it not there * Allow to have {{address-set}} inside {{address-set}} (ie, group of groups), this is a *huge* PITA for us now * The warning on {{show}} for an undefined application is {{Warning: application or application-set must be defined}} which sucks when multiple apps are defined, {{commit check}} is fine * Documentation is unclear re NAT pool IP addresses. I had to add the pool address to a loopback to get things working, until then the route was never offered. -- Julien Goodwin Studio442 "Blue Sky Solutioneering"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp