As I mentioned previously, I’ve recently started a new job, and its given me a spur to get back into studying. There are some weird and wonderful technologies covered at my new work place, and getting to grips with them is going to be my immediate priority in the coming months.
I hope to be able to write about them as I study them, so watch this space. Continue reading »
Last week I passed my JNCIS-SEC. I’ve already done my JNCIA-FWV and JNCIS-FWV (though I’ve let them expire now…) so I’m familiar with a lot of the concepts from the ScreenOS world.
This was quite different though… Lots of questions on UTM and IPS which I’m not too hot on. And of course, the SRX does things in quite a different way to ScreenOS. Having had a few weeks experience working with the SRX, but quite a lot of time working with Junos and Netscreens in the past, I decided to follow the excellent fast track study material on the Juniper site and try and get this one under my belt.
Word of warning though – don’t even think about just doing the video! There is a lot, lot more in the study guide, including UTM – which there was quite a lot of in my exam.
Having passed I’m keen to do more Juniper certs – I’m looking for cheap SRXs to build a lab at home, but not many seem to have found their way onto eBay yet… If you have some to sell, drop me a comment! Continue reading »
I was at a customer site last week, and was asked to do something that I didn’t think was possible, having come from a ScreenOS background. I was wrong!
They are a large organisation and have multiple data centres, each adhering to the rule of having separate firewall clusters for the perimeter and the core of the network. The firewalls in the core of this data centre are a clustered pair of SRX 3600s, with different zones for different services – different server groups being separated out from communicating with each other except via the firewalls.
All traffic destined for the outside world went into a DMZ shared with the outer firewalls, called the secure DMZ. There is no direct route out to the internet for the majority of the servers, for security purposes. However, some servers need to access some things on the internet, as is always the way.
Having been experimenting a bit with my blog over on blogger, I’ve decided to move lock stock and barrel over to WordPress. Hopefully it will give me a bit more control, and incentive to post more!
I’ve also moved jobs, and moved countries, so this is a fresh start for me and this blog. Previously I was working for a medium sized ISP, and now I’m working for a consultancy company, who cover all kinds of different technologies and vendors I had previously never had any exposure to. Continue reading »
There are a number of ways you can deploy your SA units, and in this example I’m going to go over using IVSs. These are Instant Virtual Systems, which are typically used by service providers to split a single or clustered SA unit into separate, independent logical units. Note that this is a licence activated feature, so you must purchase the ability to run IVSs from Juniper.
There are some pretty amazing things you can do with these boxes, and I wholeheartedly recommend them.
For redundancy, you can run them in clusters. These can be Active/Active, or Active/Passive, but for an Active/Active setup you need to use an external load balancer. We use both in my network.
Shortly I’ll post some thoughts on the different ways to cluster the boxes… watch this space!