Supported Devices for NGFW, and Ports and Protocols to Open

Table 1 lists the Next-Generation Firewall (NGFW) devices that are supported by CSO and the list of ports or protocols that must be opened for these devices.

Before you add a NGFW spoke site:

• Connect cables to the device according to your network design, and power on the device. For more information, see the hardware documentation links in Table 1.

  Note:

  We assume that the NGFW device will obtain the DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design.

• Ensure that the ports and protocols listed in Table 1 are open on the network.

• Ensure that the devices are running the recommended version of Junos OS. For information about the supported Junos OS versions in a CSO release, refer to the CSO Release Notes for that release (available at the CSO Documentation page).

• If you are using an SRX Series device as the NGFW, ensure that you configure either the first port (ge-0/0/0) or the last port (ge-0/0/7 or ge-0/0/15 based on the SRX model) for Internet connectivity.