Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
Am 02.09.2011 14:11, schrieb Derick Winkworth: 1. Have you opened tickets? 2. Did you look in the Defect Search tool? To be honest - no. I've solved the issue by only filtering the traffic on one virtual router, that did the trick. Unfortunately we have so many bugs in our NSM installation/database, that we cannot simply upgrade the NSM and thus I'm currently stuck with JunOS 10.1 (due to NSM 2008). We have plenty of open cases for the NSM which has way more priority. Hopefully an update to a recent JunOS release will solve some problems... We'll see... We have SRXs in our environment and there has been some issues, but thus far all have been identified and resolved over time. Months actually rather than years. At least for us, Juniper has been quick to resolve issues. Hmm, my mileage varies here. Some issues (mainly with ScreenOS) have been identified and solved quite fast. Others (primarily NSM) are now open for over a year without significant progress. It depends heavily on the type of bug that you discover, and if engineering is able to reproduce the issue. Best regards, Stephan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
Am 01.09.2011 23:06, schrieb Scott T. Cameron: I have 2x chassis cluster with SRX3400s. ALGs will destroy your soul. Avoid at all costs. Additionally, they don't work when firewalling over two virtual routers (which I did need for a setup on a chassis cluster). The ports then get only open for one of the involved zones, the zones for the other virtual router don't seem to care for the opened ports, or the ALG just doesn't open the ports for that zones, ones it has been processed. Very uncool... Regards, Stephan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
1. Have you opened tickets? 2. Did you look in the Defect Search tool? We have SRXs in our environment and there has been some issues, but thus far all have been identified and resolved over time. Months actually rather than years. At least for us, Juniper has been quick to resolve issues. Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://blinking-network.blogspot.com From: Stephan Tesch step...@tesch.cx To: juniper-nsp@puck.nether.net Sent: Friday, September 2, 2011 5:29 AM Subject: Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826 Am 01.09.2011 23:06, schrieb Scott T. Cameron: I have 2x chassis cluster with SRX3400s. ALGs will destroy your soul. Avoid at all costs. Additionally, they don't work when firewalling over two virtual routers (which I did need for a setup on a chassis cluster). The ports then get only open for one of the involved zones, the zones for the other virtual router don't seem to care for the opened ports, or the ALG just doesn't open the ports for that zones, ones it has been processed. Very uncool... Regards, Stephan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
We have yet to see that even with PIM modules installed - do you remember what version of JunOS you were running by chance? Paul From: Nathan Sipes [mailto:nathan.si...@gmail.com] Sent: September-01-11 12:05 PM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 I have had similar experiences to Richard's with the Free SRX210H I even managed to get a DSL PIM in there as well. Had it up and working for about 2 months when the pim quit forwarding traffic randomly. Rebooting the SRX seems to fix it well enough though... I will say that the free hardware has cost a lot of my time and some annoyed phone calls from my wife when netflix doesn't work. On Thu, Sep 1, 2011 at 9:48 AM, Paul Stewart p...@paulstewart.org wrote: Actually I'm curious as well - RAS is not typically wrong though about this kind of stuff ;) We have numerous SRX deployed for firewall and router functionality - some are running Dynamic VPN (which yes, we've had issues with - definitely it's not perfect). We've been bitten by some surprises as well ... so I'm not disagreeing, just saying that we're pretty used to these issues we've encountered and don't deploy if we know they will come up. Typically, we use them as site to site VPN boxes along with firewalling. I have an SRX210 at my home as well - run the full UTM suite on it and had no real issues (granted it's a home environment to be fair). RAS, can you share a few highlights of broken? Appreciate it, Paul -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: September-01-11 11:35 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 On 01/09/11 10:09, Richard A Steenbergen wrote: I have an SRX210 in my basement doing my home routing, and it is the only free device I've ever been given that I would seriously consider returning and asking for my money back. Broken doesn't even begin to describe it, my condolences to anyone who actually needs to run these things in production. Is this for routing functionality, or firewall functionality? We're using one as an MPLS PE, and it seems to be working ok, but given what you've said... gulp! Is there a good summary of the problems anywhere, or do I need to trawl the archives? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
10.4R2 and 11.1R2 The local interzone traffic continued to forward and traffic sourced from the outside interface continued to work. On Thu, Sep 1, 2011 at 12:00 PM, Paul Stewart p...@paulstewart.org wrote: We have yet to see that even with PIM modules installed – do you remember what version of JunOS you were running by chance? ** ** Paul ** ** ** ** *From:* Nathan Sipes [mailto:nathan.si...@gmail.com] *Sent:* September-01-11 12:05 PM *To:* Paul Stewart *Cc:* juniper-nsp@puck.nether.net *Subject:* Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 ** ** I have had similar experiences to Richard's with the Free SRX210H I even managed to get a DSL PIM in there as well. Had it up and working for about 2 months when the pim quit forwarding traffic randomly. Rebooting the SRX seems to fix it well enough though... I will say that the free hardware has cost a lot of my time and some annoyed phone calls from my wife when netflix doesn't work. On Thu, Sep 1, 2011 at 9:48 AM, Paul Stewart p...@paulstewart.org wrote: Actually I'm curious as well - RAS is not typically wrong though about this kind of stuff ;) We have numerous SRX deployed for firewall and router functionality - some are running Dynamic VPN (which yes, we've had issues with - definitely it's not perfect). We've been bitten by some surprises as well ... so I'm not disagreeing, just saying that we're pretty used to these issues we've encountered and don't deploy if we know they will come up. Typically, we use them as site to site VPN boxes along with firewalling. I have an SRX210 at my home as well - run the full UTM suite on it and had no real issues (granted it's a home environment to be fair). RAS, can you share a few highlights of broken? Appreciate it, Paul -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: September-01-11 11:35 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 On 01/09/11 10:09, Richard A Steenbergen wrote: I have an SRX210 in my basement doing my home routing, and it is the only free device I've ever been given that I would seriously consider returning and asking for my money back. Broken doesn't even begin to describe it, my condolences to anyone who actually needs to run these things in production. Is this for routing functionality, or firewall functionality? We're using one as an MPLS PE, and it seems to be working ok, but given what you've said... gulp! Is there a good summary of the problems anywhere, or do I need to trawl the archives? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ** ** ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
Weird, I have a number of SRX210s running 10.4Rx and have had no notable issues at all. Now 9.x code was a totally different story. I work out of my home office, so my main 210 has to be working all the time, which it does just fine. Currently Running: ADSL2+ PIM for uplink, 10Mb V4 + V6 (both flow) AX411 WLAN Few GRE tunnels COS using MFC filters NAT: Source and Destination A handful of V4/V6 BGP sessions I have a second SRX210 sitting next to it as a cold spare if I need it, but have never needed it. I use MRTG to graph my resource utilization on it (including flows), just to keep an eye on things and have been satisfied with the performance. Regards, -Jeff On Sep 1, 2011, at 11:00 AM, Paul Stewart wrote: We have yet to see that even with PIM modules installed - do you remember what version of JunOS you were running by chance? Paul From: Nathan Sipes [mailto:nathan.si...@gmail.com] Sent: September-01-11 12:05 PM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 I have had similar experiences to Richard's with the Free SRX210H I even managed to get a DSL PIM in there as well. Had it up and working for about 2 months when the pim quit forwarding traffic randomly. Rebooting the SRX seems to fix it well enough though... I will say that the free hardware has cost a lot of my time and some annoyed phone calls from my wife when netflix doesn't work. On Thu, Sep 1, 2011 at 9:48 AM, Paul Stewart p...@paulstewart.org wrote: Actually I'm curious as well - RAS is not typically wrong though about this kind of stuff ;) We have numerous SRX deployed for firewall and router functionality - some are running Dynamic VPN (which yes, we've had issues with - definitely it's not perfect). We've been bitten by some surprises as well ... so I'm not disagreeing, just saying that we're pretty used to these issues we've encountered and don't deploy if we know they will come up. Typically, we use them as site to site VPN boxes along with firewalling. I have an SRX210 at my home as well - run the full UTM suite on it and had no real issues (granted it's a home environment to be fair). RAS, can you share a few highlights of broken? Appreciate it, Paul -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: September-01-11 11:35 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 On 01/09/11 10:09, Richard A Steenbergen wrote: I have an SRX210 in my basement doing my home routing, and it is the only free device I've ever been given that I would seriously consider returning and asking for my money back. Broken doesn't even begin to describe it, my condolences to anyone who actually needs to run these things in production. Is this for routing functionality, or firewall functionality? We're using one as an MPLS PE, and it seems to be working ok, but given what you've said... gulp! Is there a good summary of the problems anywhere, or do I need to trawl the archives? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
That may be the difference I am running the SRX-MP-1VDSL2-A PIM. On Thu, Sep 1, 2011 at 12:19 PM, Jerry Jones jjo...@danrj.com wrote: Mine here at home has been working well, with the internal ADSL2. Only initial issue I had were the dumb MTU and MSS defaults. Only time it gets rebooted is when I pull the wrong cord Now I need to fix DDNS. Had it working on 10.1, but 10.4 and 11.x break it again. On Sep 1, 2011, at 1:09 PM, Nathan Sipes wrote: 10.4R2 and 11.1R2 The local interzone traffic continued to forward and traffic sourced from the outside interface continued to work. On Thu, Sep 1, 2011 at 12:00 PM, Paul Stewart p...@paulstewart.org wrote: We have yet to see that even with PIM modules installed – do you remember what version of JunOS you were running by chance? ** ** Paul ** ** ** ** *From:* Nathan Sipes [mailto:nathan.si...@gmail.com] *Sent:* September-01-11 12:05 PM *To:* Paul Stewart *Cc:* juniper-nsp@puck.nether.net *Subject:* Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 ** ** I have had similar experiences to Richard's with the Free SRX210H I even managed to get a DSL PIM in there as well. Had it up and working for about 2 months when the pim quit forwarding traffic randomly. Rebooting the SRX seems to fix it well enough though... I will say that the free hardware has cost a lot of my time and some annoyed phone calls from my wife when netflix doesn't work. On Thu, Sep 1, 2011 at 9:48 AM, Paul Stewart p...@paulstewart.org wrote: Actually I'm curious as well - RAS is not typically wrong though about this kind of stuff ;) We have numerous SRX deployed for firewall and router functionality - some are running Dynamic VPN (which yes, we've had issues with - definitely it's not perfect). We've been bitten by some surprises as well ... so I'm not disagreeing, just saying that we're pretty used to these issues we've encountered and don't deploy if we know they will come up. Typically, we use them as site to site VPN boxes along with firewalling. I have an SRX210 at my home as well - run the full UTM suite on it and had no real issues (granted it's a home environment to be fair). RAS, can you share a few highlights of broken? Appreciate it, Paul -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: September-01-11 11:35 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 On 01/09/11 10:09, Richard A Steenbergen wrote: I have an SRX210 in my basement doing my home routing, and it is the only free device I've ever been given that I would seriously consider returning and asking for my money back. Broken doesn't even begin to describe it, my condolences to anyone who actually needs to run these things in production. Is this for routing functionality, or firewall functionality? We're using one as an MPLS PE, and it seems to be working ok, but given what you've said... gulp! Is there a good summary of the problems anywhere, or do I need to trawl the archives? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ** ** ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
Mine here at home has been working well, with the internal ADSL2. Only initial issue I had were the dumb MTU and MSS defaults. Only time it gets rebooted is when I pull the wrong cord Now I need to fix DDNS. Had it working on 10.1, but 10.4 and 11.x break it again. On Sep 1, 2011, at 1:09 PM, Nathan Sipes wrote: 10.4R2 and 11.1R2 The local interzone traffic continued to forward and traffic sourced from the outside interface continued to work. On Thu, Sep 1, 2011 at 12:00 PM, Paul Stewart p...@paulstewart.org wrote: We have yet to see that even with PIM modules installed – do you remember what version of JunOS you were running by chance? ** ** Paul ** ** ** ** *From:* Nathan Sipes [mailto:nathan.si...@gmail.com] *Sent:* September-01-11 12:05 PM *To:* Paul Stewart *Cc:* juniper-nsp@puck.nether.net *Subject:* Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 ** ** I have had similar experiences to Richard's with the Free SRX210H I even managed to get a DSL PIM in there as well. Had it up and working for about 2 months when the pim quit forwarding traffic randomly. Rebooting the SRX seems to fix it well enough though... I will say that the free hardware has cost a lot of my time and some annoyed phone calls from my wife when netflix doesn't work. On Thu, Sep 1, 2011 at 9:48 AM, Paul Stewart p...@paulstewart.org wrote: Actually I'm curious as well - RAS is not typically wrong though about this kind of stuff ;) We have numerous SRX deployed for firewall and router functionality - some are running Dynamic VPN (which yes, we've had issues with - definitely it's not perfect). We've been bitten by some surprises as well ... so I'm not disagreeing, just saying that we're pretty used to these issues we've encountered and don't deploy if we know they will come up. Typically, we use them as site to site VPN boxes along with firewalling. I have an SRX210 at my home as well - run the full UTM suite on it and had no real issues (granted it's a home environment to be fair). RAS, can you share a few highlights of broken? Appreciate it, Paul -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: September-01-11 11:35 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 On 01/09/11 10:09, Richard A Steenbergen wrote: I have an SRX210 in my basement doing my home routing, and it is the only free device I've ever been given that I would seriously consider returning and asking for my money back. Broken doesn't even begin to describe it, my condolences to anyone who actually needs to run these things in production. Is this for routing functionality, or firewall functionality? We're using one as an MPLS PE, and it seems to be working ok, but given what you've said... gulp! Is there a good summary of the problems anywhere, or do I need to trawl the archives? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ** ** ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
On Thu, Sep 1, 2011 at 11:00 AM, Paul Stewart p...@paulstewart.org wrote: We have yet to see that even with PIM modules installed - do you remember what version of JunOS you were running by chance? Paul From: Nathan Sipes [mailto:nathan.si...@gmail.com] Sent: September-01-11 12:05 PM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 I have had similar experiences to Richard's with the Free SRX210H I even managed to get a DSL PIM in there as well. Had it up and working for about 2 months when the pim quit forwarding traffic randomly. Rebooting the SRX seems to fix it well enough though... I will say that the free hardware has cost a lot of my time and some annoyed phone calls from my wife when netflix doesn't work. On Thu, Sep 1, 2011 at 9:48 AM, Paul Stewart p...@paulstewart.org wrote: Actually I'm curious as well - RAS is not typically wrong though about this kind of stuff ;) We have numerous SRX deployed for firewall and router functionality - some are running Dynamic VPN (which yes, we've had issues with - definitely it's not perfect). We've been bitten by some surprises as well ... so I'm not disagreeing, just saying that we're pretty used to these issues we've encountered and don't deploy if we know they will come up. Typically, we use them as site to site VPN boxes along with firewalling. I have an SRX210 at my home as well - run the full UTM suite on it and had no real issues (granted it's a home environment to be fair). RAS, can you share a few highlights of broken? Appreciate it, Paul -Original Message- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers Sent: September-01-11 11:35 AM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] JUNOS 10.4S6 for EX8200 - PR/676826 On 01/09/11 10:09, Richard A Steenbergen wrote: I have an SRX210 in my basement doing my home routing, and it is the only free device I've ever been given that I would seriously consider returning and asking for my money back. Broken doesn't even begin to describe it, my condolences to anyone who actually needs to run these things in production. Is this for routing functionality, or firewall functionality? We're using one as an MPLS PE, and it seems to be working ok, but given what you've said... gulp! Is there a good summary of the problems anywhere, or do I need to trawl the archives? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp I run multiple SRXs at several sites doing firewalling, routing, VPNs. Have everything from SRX100s, to SRX 1400s, branch units run 10.4R6 I believe, and SRX1400s running 11.1R3 (will double check later). Have had minor issues, mainly with VPNs to other vendor devices like Cisco ASAs. You have to be mindful if you need policy based VPN or route based VPNs to work with other vendors. I'd be curious to hear what problems other people have, for something to look out for, but otherwise the SRXs have worked as well as most anything else on the market. I would know, I've gone through the whole lifecycle of Cisco PIX, into ASAs, Sonicwall, Fortigate, etc, and I would say SRXs have worked better than most, especially considering they are a young product line. -- Brent Jones br...@servuhome.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
I have 2x chassis cluster with SRX3400s. ALGs will destroy your soul. Avoid at all costs. Chassis cluster upgrades are needlessly painful (imo). Session counts can become exhausted very easily and lead to a very quick and dreadful DOS. Most of my early adopter issues have disappeared with updates over time and the software is quite stable for me in the past 6 months. Scott On Thu, Sep 1, 2011 at 4:59 PM, Brent Jones br...@servuhome.net wrote: I run multiple SRXs at several sites doing firewalling, routing, VPNs. Have everything from SRX100s, to SRX 1400s, branch units run 10.4R6 I believe, and SRX1400s running 11.1R3 (will double check later). Have had minor issues, mainly with VPNs to other vendor devices like Cisco ASAs. You have to be mindful if you need policy based VPN or route based VPNs to work with other vendors. I'd be curious to hear what problems other people have, for something to look out for, but otherwise the SRXs have worked as well as most anything else on the market. I would know, I've gone through the whole lifecycle of Cisco PIX, into ASAs, Sonicwall, Fortigate, etc, and I would say SRXs have worked better than most, especially considering they are a young product line. -- Brent Jones br...@servuhome.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] SRX Experiences - Was: JUNOS 10.4S6 for EX8200 - PR/676826
Yep, the FTP ALG has been a real dark and sinister sadist for a while. On Thu, Sep 1, 2011 at 3:06 PM, Scott T. Cameron routeh...@gmail.comwrote: I have 2x chassis cluster with SRX3400s. ALGs will destroy your soul. Avoid at all costs. Chassis cluster upgrades are needlessly painful (imo). Session counts can become exhausted very easily and lead to a very quick and dreadful DOS. Most of my early adopter issues have disappeared with updates over time and the software is quite stable for me in the past 6 months. Scott On Thu, Sep 1, 2011 at 4:59 PM, Brent Jones br...@servuhome.net wrote: I run multiple SRXs at several sites doing firewalling, routing, VPNs. Have everything from SRX100s, to SRX 1400s, branch units run 10.4R6 I believe, and SRX1400s running 11.1R3 (will double check later). Have had minor issues, mainly with VPNs to other vendor devices like Cisco ASAs. You have to be mindful if you need policy based VPN or route based VPNs to work with other vendors. I'd be curious to hear what problems other people have, for something to look out for, but otherwise the SRXs have worked as well as most anything else on the market. I would know, I've gone through the whole lifecycle of Cisco PIX, into ASAs, Sonicwall, Fortigate, etc, and I would say SRXs have worked better than most, especially considering they are a young product line. -- Brent Jones br...@servuhome.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp