Juniper firewalls - SSG or SRX

Richard A Steenbergen ras at
Tue Apr 20 07:01:31 CDT 2010

On Tue, Apr 20, 2010 at 04:18:11AM -0700, Owen DeLong wrote:
> Interesting. My SRXes have been rock solid since upgrading to
> 10.0R1.8.

Not so much here. My basement SRX210 starts dropping bgp sessions over
an IPSEC tunnel every 30 secs or so after around 1-1.5 days of uptime,
and won't stop until you restart rpd (which buys you another day or so
of functioning bgp). And about 1 out of every 4 times you do restart
rpd, dhcpd will spin at 100% cpu until you restart that too. Even
10.1S1.3 doesn't help these issues. It's a nice box in theory, and it
has lots of potential, but lots and lots of unresolved bugs too. I knew
things were off to a bad start when I tried to downgrade from the 10.0R1
that shipped with the box to 9.6 after my first round of issues, and it
crashed in the middle of the installer, wiping the config in the process
and requiring a tftp boot of new code to recover. :)

Richard A Steenbergen <ras at>
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)

More information about the NANOG mailing list