Day One: Migrate Cisco ASA to Juniper SRX Series

It’s rather obvious to those in IT that hardware gets old. Many platforms, such as the Cisco ASA firewall, have finite life spans, so it’s time to migrate to the SRX Series and start using its advanced security services. This Day One book walks you step-by-step through a best practice change process that will ease, and actually simplify, a migration from ASA to SRX.

Day One: Migrate Cisco ASA to Juniper SRX Series documents a detailed migration plan that will help you familiarize yourself with the Junos OS and the SRX Series. This book also includes dozens of configuration detail comparisons that will make any cutover, in the lab or in production, successful.

Relax, kick back, and learn about how to create a successful ASA to SRX migration path that can be used repeatedly in your network or the networks of your clients.

“This book is an excellent foundation for migrating from Cisco ASA to Juniper SRX for your organization’s next-generation security platform.”
- Clay Haynes, JNCIE-SEC #69

“Quintessential reading for the engineer migrating from ASA to SRX. Full of best practices and tips as you upgrade your security.”
- Nick Ryce, Senior Network Architect, Fluency, JNCIE-ENT #232

Sample Pages

Download Book

Day One books are a free download for our J-Net members*. If you're not a J-Net member, create a user account now. It's fast and there's no commitment or spam. Once you're a member you can come back and download any of the Day One books.

Download: J-Net Member
Download: Not a J-Net Member

* If you have an existing Juniper user account, you can use it to login to J-Net

About the Author(s)

Martin Brown is a Network Security Engineer for a tier 1 service provider based in the UK, and a Juniper Ambassador with knowledge that covers a broad range of network devices. Martin started his career in IT 20 years ago supporting Macintosh computers, became an MCSE in 1999, and has since progressed to networking, supporting most of the major manufacturers including Cisco, F5, Checkpoint, and of most importance, Juniper..

Rob Jeffery is the Technical Director at a specialist IT Security VAR & MSSP based in the UK, and has being a Juniper Networks Ambassador since 2013. After spending 8 years working within the hospitality industry, Rob retrained and quickly rose through the ranks. With a vast range of troubleshooting and deployment experience across Check Point, Fortinet, Cisco, Logrhythm, F5 and of course, Juniper.

Author Q & A

What got you started on this book?

I was thinking back to when I looked at my first Junos OS-based device and I remember thinking how different the OS was compared to ASA-based devices. The use of the commit threw me at first but what I found the hardest was trying to find out what the Junos OS equivalent to the ASA command was. Of course, I now speak Junos OS like a native, but that doesn’t help engineers who are new to these powerful devices, so I decided I’d try to write a guide that I would have liked to have had when I first tried to learn this new language.

Who is this book for?

This book is really aimed at engineers who have a lot of experience using Cisco ASA devices, but are working for a company who are migrating to Junos OS based devices, specifically the SRX Series next generation firewall. As they know how the technology works, this book tries to shy away from teaching them what they already know and instead focuses on telling them how to make the SRX do what their ASA did.

After reading this book, what's the take away?

That the next generation SRX Series firewall isn’t something to be unsure about. Sure, the operating system comes from the one Junos philosophy, but the concept of how a firewall works, how a VPN connects, how NAT rules translate addresses is still the same regardless of the name on the box. The only difference is that the SRX Series can perform these tasks faster than you may be used to.

What are you hoping that people will learn from this book?

I personally would hope that after reading this, engineers would be able to become a little more familiar with their new SRX firewalls and that when it comes to the migration, they will feel confidence that it will work first time without any major changes, if any, needed when the device goes live.

What do you recommend as the next item to read after this book?

If you really want to learn everything there is to know about the Juniper SRX Series, then the book “Juniper SRX Series” published by O’Reilly Media, would be just the book for you. Obviously, my own book just scratched the surface of what the SRX Series can do whereas the book “Juniper SRX Series” goes deep into how the hardware operates in addition to telling readers all of the functions an SRX nex-gen firewall can do, such as intrusion detection and so on. If you haven’t already, visit the documentation at the Juniper TechLibrary.

What's your inspiration?

When I first started my career in network engineering, I found the books by Wendell Odom and the videos by Jeremy Ciora to be amazing pieces of work, and at the time I wished I could write and present as well as they are able to. Of course, I doubt I would ever be that good or indeed as ‘famous’ but they still inspire me to contribute to the training and learning of future engineers just as I had learnt from the best.

What's your favorite bit/part in the book?

Although I didn’t write it (my co-author, Rob Jeffery did), I do like the VPN section for the simple reason that VPN technologies interest me a great deal. Some engineers tend to shy away from the technology, and to others its a black art, but for me it’s the thought of sending sensitive data across a public network and knowing that no one will be able to understand any of the data that is being transmitted.