Hi Richard, Depending on your topology you can scale this out by having a common "Untrust" zone for all customers (which is has interfaces in the inet.0 instance) and simply leaking routes (interface(s), default or otherwise) into specific customer VRs.
Cheers, Ben On 22/07/2011, at 5:54 PM, Richard Zheng wrote: > Hi, > > I am trying to compare different models of srx. The application is to setup > virtual firewalls for several customers. The virtual router instance should > do it. The maximum number of security zones seems to be the limitation of > srx. For example, SRX220 has maximum 24 zones and 15 virtual routers. > Considering one virtual router needs at least 2 zones, one trusted and one > untrusted, how can you get more than 12 virtual routers with 24 zones? > > Am I missing something here? > > Thanks, > Richard > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp