Archive for the ‘srx’ tag
My Juniper account exec let some news slip yesterday. We were on the phone talking about how great the SRX platform was and that I wanted to put one in my house instead of my ASA 5505. Of course, I don’t want to spend too much on a new gateway device, so I asked if there was anything below the $100 mark. He said there wasn’t anything on the books but there was something in the works. I think he had a little too much to drink at dinner. :)
It turns out that Juniper is in talks to buy D-link – one of the big names in home networking. The idea is that D-link already has some large, medium, and small business offerings, so the catalog is very wide. The big money, though, is in the consumer market. My account exec went on to tell me that they’re already working on a new consumer-level product based on the SRX; it will be marketed as a D-link device with the Juniper name on it somewhere. I can’t wait to see a home router with Junos on it. Think about running the Pulse client to connect back home. Awesome!
I also learned that Juniper is going to buy the EasyShare line from Kodak. Kodak just announced that they have already lost $200 million in the first two months of the year, so they are definitely hurting and looking to get some help after their Chapter 11 bankruptcy filing. The EasyShare line provides a way for Juniper to get themselves positioned in the video market with the rest of the big hitters. There is no word on why they want to get into video, but the logical next step would be an enterprise video solution or maybe it’s a building block for another larger product. We’ll have to see.
I’ll have to get my account exec a few more drinks in him the next time he’s in town. Maybe he’ll tell me when Juniper is going to have a voice solution. LOL
Send any similar stories questions to me.
Oh, my. Another Junos post. Somebody stop me before I get my JNCIA!
This isn’t hard stuff at all. I’m sure there are a couple of cool tricks I don’t know yet, but let’s try anyway. I”m working on an SRX240 here running 11.1 and some change.
Let’s put interfaces ge-0/0/0.0 and lo0.0 in OSPF area 0. If you know the Junos configuration hierarchy, this will be very easy to you. Even if you don’t, you can stare at the config for a little bit and see what we’re doing.
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set protocols ospf area 0.0.0.0 interface lo0.0
This is the only OSPF configuration you need, but guess what? It won’t work. Since a Junos device is also a firewall, it will drop OSPF packets as they come into the interface; you have to declare that you do indeed want to accept OSPF packets. You do this by creating a security zone, putting the right interfaces in the right zone, and then enabling OSPF on that zone.
We’ll create a zone called INSIDE for our purposes here. Note that there are about billion more steps (I counted) to fully configure your security zones, but that’s way beyond our scope here.
set security zones security-zone INSIDE interfaces ge-0/0/0.0 set security zones security-zone INSIDE interfaces lo0.0 set security zones security-zone INSIDE host-inbound-traffic protocols ospf
You can also allow OSPF on specific interfaces like this. These commands will also put those interfaces in the right security zone.
set security zones security-zone INSIDE interfaces ge-0/0/0.0 host-inbound-traffic protocols ospf set security zones security-zone INSIDE interfaces lo0.0 host-inbound-traffic protocols ospf
I’m not sure if you need to do this to lo0.0, but it won’t hurt.
Now you can see your OSPF neighbors come up and start exchanging routing information. That is, of course, assuming you did everything else right.
blog deadlines questions my way.