On 23/03/10 04:05, Hoogen wrote: > I think the EX thread was really good and the feedback was awesome. I would > like hear about similar experiences while deploying SRX Series gateways, I > am assuming I would hear a lot on the branch boxes SRX 210,240,650 I would > also love to hear feedback on SRX 3000/5000 if people have been using it in > their setup, problems that their facing, improvements and general deployment > scenario that have been used.
So the big gotcha with the SRX line is the lack of IPv6 support. I've
been assured by a Juniper tech rep that over 10.2-10.4 it should get
closer to parity.
From my big evil list:
* SRX650 allowed me to configure {{family ethernet-switching}} on the
internal ports, which isn't supported
* SRX650 only supports LACP on {{family ethernet-switching}} ports,
which excludes the internal ports, EX4200 doesn't have this problem
From the firewall section (much of these are feature reqs)
* Allow to change the default policy per {{from-zone a to-zone d}}
* Allow to do {{from-zone any ...}} or perhaps just {{from-zone [ a b c
] to-zone d}}, this would be a *major* PITA in a hosting environment
with a zone per customer.
* Allow to have {{from-zone ... to-zone ...}} with no rules, I know the
default is implied with it not there
* Allow to have {{address-set}} inside {{address-set}} (ie, group of
groups), this is a *huge* PITA for us now
* The warning on {{show}} for an undefined application is {{Warning:
application or application-set must be defined}} which sucks when
multiple apps are defined, {{commit check}} is fine
* Documentation is unclear re NAT pool IP addresses. I had to add the
pool address to a loopback to get things working, until then the route
was never offered.
--
Julien Goodwin
Studio442
"Blue Sky Solutioneering"
signature.asc
Description: OpenPGP digital signature
_______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
