Juniper SRX Series
Brad Woodberg, Rob Cameron
Format: PDF / Kindle (mobi) / ePub
This complete field guide, authorized by Juniper Networks, is the perfect hands-on reference for deploying, configuring, and operating Juniper’s SRX Series networking device. Authors Brad Woodberg and Rob Cameron provide field-tested best practices for getting the most out of SRX deployments, based on their extensive field experience.
While their earlier book, Junos Security, covered the SRX platform, this book focuses on the SRX Series devices themselves. You'll learn how to use SRX gateways to address an array of network requirements—including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Along with case studies and troubleshooting tips, each chapter provides study questions and lots of useful illustrations.
- Explore SRX components, platforms, and various deployment scenarios
- Learn best practices for configuring SRX’s core networking features
- Leverage SRX system services to attain the best operational state
- Deploy SRX in transparent mode to act as a Layer 2 bridge
- Configure, troubleshoot, and deploy SRX in a highly available manner
- Design and configure an effective security policy in your network
- Implement and configure network address translation (NAT) types
- Provide security against deep threats with AppSecure, intrusion protection services, and unified threat management tools
the SYSIO port that has nine 10/100/1000 Ethernet ports and three SFP+ ports that allow for either 1G or 10G ports. This option must be ordered from the factory. The SRX1400 has a special card called an NSPC. This card is double-wide and fits into a single slot. It offers a lower cost card that combines both one NPC and one SPC on a single card. Alternatively, you can buy a carrier tray that lets you use a single NPC and SPC module in the chassis. This is a good option if you have other SRXs with
but that traffic will be processed by the firewall. 3. It’s possible to place a branch device in any location. The biggest cutoff typically is the number of concurrent sessions. When you are unable to create new ses‐ sions, there isn’t much the firewall can do with new traffic besides drop it. The second biggest limit is throughput. If the firewall can create the session but not push the traffic, it doesn’t do any good. If a branch SRX Series product can meet both of these needs, it might be the
differences are minor, as the port mode is configured as a trunk and multiple VLAN members are added to the port. Traffic entering the port must be tagged and must match the VLANs configured on the port. Aggregate Interfaces On most SRX platforms, it is possible to configure aggregate Ethernet interfaces. These interfaces are special, as they allow the addition of multiple Ethernet ports to the same logical interface. The most common use case for this is as a redundant Ethernet interface (reth).
including raw device control over the BSD side of the device. Junos also allows scripting tasks, so you can utilize automation all the way up to, and including, creating your own processes that can run on the plat‐ form. No matter where you want to start with Junos, it can be your best friend on a journey of learning that spans many different technologies within the Junos ecosphere. What you learn in this book can be applied to other Junos devices and other network segments. The discussions for
of the features. Chapters 5 through 9 are features that are used in almost every SRX deployment. Because of this, we wrote them in a manner that assumes the reader would read them sequentially. They will stand on their own, of course, but if you read them in order you’ll notice more about xxiv | Preface the concepts that we are building on. Chapters 10 through 14 are all standalone chapters. These also are the deeper chapters in terms of complexity, as they focus on some of the more