Re: [j-nsp] SRX firewall virtualization

2015-10-02 Thread james list
Thanks Damien very good explaination. Regards James 2015-10-02 14:56 GMT+02:00 Damien DeVille : > In my opinion, Lsys has one distinct use case and one only. That use case > is when you have a requirement for multiple different groups to have > administrative control over thier own distinct sec

Re: [j-nsp] SRX firewall virtualization

2015-10-02 Thread Damien DeVille
In my opinion, Lsys has one distinct use case and one only. That use case is when you have a requirement for multiple different groups to have administrative control over thier own distinct security policies. Lsys comes with a lengthy list of caveats and limitations (this is not an all inclusive

Re: [j-nsp] SRX firewall virtualization

2015-10-02 Thread Youssef Bengelloun-Zahr
Hello, My comments inline. BR. 2015-10-02 14:44 GMT+02:00 james list : > Hi Youssef > so you use LSYS since quite time, is there a reason why you have decided > for that and not for VR ? > ==> I never said that, we use them both. As stated before by Chris Jones, L-SYS is a higher a higher le

Re: [j-nsp] SRX firewall virtualization

2015-10-02 Thread james list
Hi Youssef so you use LSYS since quite time, is there a reason why you have decided for that and not for VR ? LSYS as far as I understand is limited to 32, right ? Which is the throughput you get among LSYS ? As far as I see now the only benefit of LSYS against VR is the separate management...

Re: [j-nsp] SRX firewall virtualization

2015-10-02 Thread Youssef Bengelloun-Zahr
Hello, We've been using those in an 5600 cluster for quite some time now, no major worries. As usual, you will of course run into certain limitations / caveats of the technology. But hey, what did you expect ? ;-) Number of L-SYS supported have increased over time with newer versions of Junos. C

Re: [j-nsp] SRX firewall virtualization

2015-10-02 Thread james list
Well indeed with SRX you can also associate zones+policies to the interface in the specific routing table I guess it's something more from my point of view and I see also some benefit against lsys, I understand that SRX high end for example supoprt a few number of lsys... isn,'t it ? 2015-1

[j-nsp] SRX firewall virtualization

2015-10-02 Thread james list
Dear experts, I’d like to know your opinion about firewall virtualization inside SRX boxes (high-end). As far as I understand there are a couple of way: Logical Systems (LSys) and Virtual routers (VR). From your point of view: 1) Which are the main differences among Lsys and VR ? 2)