Thanks, taking the responses on board: I think 2 x SRX210s in HA Active Passive mode connected into 2 x EX2200-24T should work for us. I want to take a default and partial routing table from the ISPs. Partial as in just the routes for that ISP. I think that should be well within the capabilities of the SRX210s. In addition to that firewalling and maybe some VPNs in the future.
Shame about not being able to do hitless upgrades due to having to do upgrades on the HA pair at the same time as Keegan Holley said. However we will just have to bear this in mind and plan upgrades accordingly. From: Keegan Holley [mailto:keegan.hol...@sungard.com] Sent: 09 November 2010 03:18 To: Julien Goodwin Cc: Maqbool Hashim; juniper-nsp Subject: Re: [j-nsp] Using SRX's for BGP and Firewalling On Mon, Nov 8, 2010 at 7:47 PM, Julien Goodwin <jgood...@studio442.com.au<mailto:jgood...@studio442.com.au>> wrote: On 09/11/10 02:38, Maqbool Hashim wrote: > Hi, > > I'm looking at doing a multihomed BGP setup using two upstream Internet > providers. We are obtaining PI space and would like to announce our PI space > via BGP to our upstreams. I'm looking at using one of the SRX range from > Juniper to handle the BGP and firewalling requirement for us. We don't need > a full routing table. Is it a realistic proposal to do the BGP and > firewalling on one device (an SRX) ? Or am I creating a rod for my own back > by not using separate BGP routers and using separate devices to do the > firewalling for me. I'd be interested in hearing if other people are using > the SRX's in a similar way. Thunderbird just ate my response, grr. BGP full feed on an SRX650 is fine, if you disable flow mode (as much as you can, don't forget the ALG's). What's the point of doing BGP on a firewall with firewallling turned off? BGP with a default inbound and advertising a few routes is fine with firewalling. You could probably do this with openwrt if you found the right platform. Combining a full feed with firewalling is a bad idea, at least on the branch kit, and probably the SRK1k and 3k. -- Julien Goodwin Studio442 "Blue Sky Solutioneering" _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/juniper-nsp ---------------------------------------------------------------------- This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not an intended recipient, please delete this e-mail immediately and notify NTS(UK) Ltd on 0844 815 5925 This e-mail does not necessarily reflect the Company's opinion and should not be interpreted as such. This message was scanned by Proofpoint Protection Server - please contact NTS for further information. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
