Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    vSRX Feature Considerations

    vSRX inherits most of the branch SRX Series features with the following considerations shown in Table 1.

    Table 1: vSRX Feature Considerations

    Feature

    Description

    Chassis cluster

    Generally, on SRX Series instances, the cluster ID and node ID are written into EEPROM. For the vSRX VM, the IDs are saved in boot/loader.conf and read during initialization.

    IDP

    The IDP feature is subscription based and must be purchased. After purchase, you can activate the IDP feature with the license key.

    For SRX Series IDP configuration details, see:

    Understanding Intrusion Detection and Prevention for SRX Series

    In J-Web, use the following steps to add or edit an IPS rule:

    1. Click Security>IDP>Policy>Add.
    2. In the Add IPS Rule window, select All instead of Any for the Direction field to list all the FTP attacks.

    ISSU

    ISSU is not supported on vSRX for all VPN and non-VPN features.

    Transparent mode

    The known behaviors for transparent mode support on vSRX are:

    • The default MAC learning table size is restricted to 16,383 entries.
    • VMware vSwitch does not support MAC learning. It also floods traffic to the secondary node. The traffic is silently dropped by the flow on the secondary node.

    For information on configuring transparent mode vSRX, see:

    Layer 2 Bridging and Transparent Mode Overview

    UTM

    The UTM feature is subscription based and must be purchased. After purchase, you can activate the UTM feature with the license key.

    For SRX Series UTM configuration details, see:

    Unified Threat Management Overview

    For SRX Series UTM antispam configuration details, see:

    Antispam Filtering Overview

    Modified: 2017-10-30

    Previous Page Next Page