My top things that I hate about juniper SRX
1: junos software updates are slow. The SRX or any juniper device as far as that goes, is extremely slow and tedious to do any software updates
2: No means to restrict concurrent -sessions per firewall policy, no means for simple deployment of GEO polices, no blacklist subscription service without additional license features
3: No means to enforce tcp-mss per firewall policy
4: packet-captures operations requires you to actually make changes to the configuration in order to do a simple pcap creation
5: No easy way to do many ipsec-tunnel creations
6: Configurations of ipsec-tunnels are tedious and time consuming process
7: Still no WCCP intercept for proxy integration. The normal junos solution for transparent use a non-WCCP solution that is a hocus pocus route-rib, filter, event monitors, and a host of other items to get it to work. JUNPR get over the fact that cisco was the previous designer and support of WCCP. WCCP is what we should have and be doing.
8: Layer2 Virtual-wirepairs are not a feature current or on any forecast
9: SDWAN is not a simple feature to deploy and requires specific srx-model and with additional license
10: Simple on board proxy for web/ftp is not available
11: AV/DLP/IPS/IDP deployment is clumsy and more difficult then other firewalls to deploy
12: PBR deployments for specific routing needs is not easily doable
13: My final item, simple server-load-balance DNAT vips are not a supported feature
Ken Felix
No comments:
Post a Comment