On Wed, Nov 16, 2016 at 03:02:04PM +0800, Rod Bio wrote: > 1. Configuring firewall gives me "Warning: statement ignored: > unsupported platform (ex4550-32f)" when including "except". I'm trying > to filter ALL traffic except from some IP but except is not working.
Indeed, filters tend to be a grab bag of what the underlying hardware supports. The MX's tend to support the most paths, and the switches support some subset, and are different per switch depending on underlying chipset and what it will support. You'll just have to do the filter a different way to make it effective. Thankfully you usually have some choices in how to proceed. > 2. All the box have 13.2X51-D35.3 (Junos 13.2??) but juniper site says > 12.3R12 is suggested as of the moment. JunOS 15 and 16 is available for > the box (I think) but I am not sure what to follow. Generally, it is best to follow what JTAC suggests as the most stable. You'll have the best results with it. BUT, I know on this platform (EX4550), that certain interface cards require newer code in the 13.2 series of code releases. So, make sure you check out the requirements of all the modules installed in the switch. I know the 40GB expansion module requires 13.2X of some version. I don't run any expansion modules, and I run 12.3 releases on mine. Network ops tend to be very conservative (probably being bitten way too many times). JunOS 15 and 16 are way too far out there to consider for me. I'd consider running them only if there are any super compelling reason or feature you absolutely need out of that train. To tell you the truth, the EX switches tend to be pretty far behind the JunOS train. I would worry too much about runing "the latest". This is much like the Cisco Catalyst switches, where they run 12.1 and 12.2S IOS for ever and ever? _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp