Hello Richard, I would hazard a guess that because not every virtual router needs to be running in flow-based mode (ie run some in packet-mode ala http://datainter.cz/doc/3500192-en.pdf ), that it may be possible to not require 2x Zones per VR.
Just a thought. Kurt (@networkjanitor) On Fri, Jul 22, 2011 at 17:54, Richard Zheng <rzh...@gmail.com> wrote: > Hi, > > I am trying to compare different models of srx. The application is to setup > virtual firewalls for several customers. The virtual router instance should > do it. The maximum number of security zones seems to be the limitation of > srx. For example, SRX220 has maximum 24 zones and 15 virtual routers. > Considering one virtual router needs at least 2 zones, one trusted and one > untrusted, how can you get more than 12 virtual routers with 24 zones? > > Am I missing something here? > > Thanks, > Richard > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp