Hi,
I am fairly new to the Juniper scene and I would like to get a second/third opinion on the matter. I've been tasked with choosing the right equipment for the following scenario :
We need two routers/firewalls to do :
- vlan routing ( we are not going to make the switches do the routing, tho they are Cisco 3560E and 3750E swtiches that are quite capable of handling the task ), there are 8 vlans in total, 4 of which are actually routable.
- Statefull firewall . I am coming from Cisco and I have a bone to pick with the way the ACLs are stated, also a lot of the coders that are in the company will have access to the firewall, so they could run their own services and so on. I need a solution with clean and structured ACLs, the guys are familiar with iptables and from what I've seen the Junos way of ACLs looks a bit like iptables.
- AWS Ipsec Tunnel. We have a 200Mbit uplink and the majority of it will be dedicated to AWS traffic. This means that the devices should be capable of handling the encrypted traffic. I've read that the SRX 550s can handle up to 1Gbit but in real world i trickles down to ~200Mbits, which is perfect for us. Also the SRX series from Juniper are one of the suggested AWS solution in the Amazon tuts.
- The devices should support some kind of high-availability solution. We would buy a pair for redundancy.
We have a mostly Cisco oriented network as far as devices go. But we would like to change it up a bit. So that's why ASAs are not an option, or Meraki. Right now the role of the hardware devices I would like to buy is "played" by a virtual router and it gets the job done. I would prefer it tho to have a hardware solution with HA and easier management and I would love not to worry about a VM going down and all my vlan routing and AWS uplink going down with it.
Reasons I've selected the Juniper SRX550s :
- they are cheap ( we are going to use 2nd hand equipment )
- they come with 4gb of ram ( I would have to deal with bgp, as far as AWS goes, but not an entire table, but more ram is always good to have )
- 2 PSUs and HA options
- Bandwidth and performance seems to suffice what we need at the moment ( If it can handle 200Mbit Ipsec that's more than enough )
- Modularity - I can later add some more interfaces if need be ( tho I don't see that happening, if there is an upgrade it would be 10g and that wont cut it, but it's not happening any time soon )
- At first glance the way it handles ACLs seems better than Cisco's ACLs . As far as GUIs go I have no idea ...
Any input or even suggestions for other devices are welcomed.
Thank you in advance.
No comments:
Post a Comment