A bunch of Juniper SRX300 firewalls dumped cheap

Discussion in 'Great Deals' started by oddball, Mar 22, 2019.

  1. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    151
    Likes Received:
    48
    (FYI, this isn't me selling)

    I've noticed recently someone is dumping a LOT of Juniper SRX300 firewall appliances on ebay: (juniper srx300 | eBay)

    Last week there were ~30 auctioned, and another ~30 this week. They all start at $95 and end between $120-140.

    These are awesome little units, I have two, a third on the way. They can firewall 1Gbps with 1500b packets at line rate. They can change their ports from firewall mode to switching mode. So you can have this as a gateway router/firewall and then have devices connected directly.

    This is a really good deal, not sure why there are so many available, but if you're considering learning Junos this is a great way to start.
     
    #1
    Blinky 42 and Samir like this.
  2. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    151
    Likes Received:
    48
  3. frogtech

    frogtech Well-Known Member

    Joined:
    Jan 4, 2016
    Messages:
    1,212
    Likes Received:
    141
    Do these require a license or service account for updates and/or features? How would it compare to a pf sense router?
     
    #3
  4. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    151
    Likes Received:
    48
    The license is honor based, all of the features work out of the box without a license. You need a subscription to get IDS updates from Juniper. Even weirder if you have the base license it doesn't appear anywhere in the software, so as far as I can tell the software is license agnostic. I have some licensed boxes and some unlicensed "lab" machines. If you do a "show system license" it only shows add-on licenses like AV/IDS.

    I prefer something like this to pfsense. They're low power, silent and can handle a decent amount of traffic. If you switch them from flow to packet mode you can route 1.5Gbps. Juniper is conservative in their specs and I've found you can hit the numbers they claim.

    I like that these have ASICs for the traffic vs hitting the control plane like pfSense.

    They've both built on FreeBSD. In Junos you can jump to a FreeBSD shell and work with the typical command utilities. Difference is a more robust routing, switching, firewalling platform.
     
    #4
    Emanuele, T_Minus and packmule like this.
  5. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    151
    Likes Received:
    48
    Oh and this is sort of rogue, but on one of these boxes you can find a reseller online who will sell you JuniperCare for $50/yr. Just don't ever mention you purchased it on eBay, give them the serial and no questions asked you'll be able to get software updates and can even RMA one of these. If you try to talk to Juniper directly they'll give you the "we don't certify eBay machines" but I've found resellers don't care, and Juniper doesn't care as long as it comes through a reseller.
     
    #5
  6. BackupProphet

    BackupProphet Well-Known Member

    Joined:
    Jul 2, 2014
    Messages:
    785
    Likes Received:
    278
    This is very interesting for me. Though I don't have time for playing much around, I would be very happy for an IDS that is easy to setup and has low latency!
     
    #6
  7. j_h_o

    j_h_o Active Member

    Joined:
    Apr 21, 2015
    Messages:
    369
    Likes Received:
    74
    Are software/firmware updates available for these units without JuniperCare?
     
    #7
  8. PigLover

    PigLover Moderator

    Joined:
    Jan 26, 2011
    Messages:
    2,775
    Likes Received:
    1,116
    These things are rock solid. In man ways preferable to pfSense. Normally 10x this price even at large volume discounts, so this is a great deal.

    Do pay close attention though - with full IDS mode turned on these slow down quite a bit. More than fast enough to do full IDS for the majority of home ISP connections - but if you are on a 150Gig or faster connection full IDS will speed limit you.
     
    #8
  9. MiniKnight

    MiniKnight Well-Known Member

    Joined:
    Mar 30, 2012
    Messages:
    2,950
    Likes Received:
    859
    Can these do HA?
     
    #9
  10. PigLover

    PigLover Moderator

    Joined:
    Jan 26, 2011
    Messages:
    2,775
    Likes Received:
    1,116
    Should be able to. The entire SRX linup, top to bottom, runs the same software. It is a licensed option - but see @oddball's comments above regarding licenses :).
     
    #10
    JErmolowich likes this.
  11. badskater

    badskater Active Member

    Joined:
    May 8, 2013
    Messages:
    116
    Likes Received:
    41
    #11
  12. Samir

    Samir Active Member

    Joined:
    Jul 21, 2017
    Messages:
    782
    Likes Received:
    156
    I'll keep my eye on these as it sounds like a great upgrade to the netgear fvs318n I've been running for years if I get a gigabit connection. It's already 500/50 on the other end with a watchguard m200, so it sounds like I could have a nice fat pipe between these two locations with the Juniper even though I get a consistent 450Mbps wan-to-lan on the netgear already.
     
    #12
  13. oddball

    oddball Active Member

    Joined:
    May 18, 2018
    Messages:
    151
    Likes Received:
    48
    I don't think you need an additional license for HA, it's a base feature of the boxes.

    Sorry @badskater for highlighting these...didn't mean to step on any toes.
     
    #13
  14. badskater

    badskater Active Member

    Joined:
    May 8, 2013
    Messages:
    116
    Likes Received:
    41
    Nah it's fine, don't worry. I don't mind people knowing about these, I just tried to grab some before people found those deals. ;)
     
    #14
  15. herby

    herby Active Member

    Joined:
    Aug 18, 2013
    Messages:
    161
    Likes Received:
    41
    This is interesting, fan-less in a desktop form factor with a power brick; but Juniper also makes a 1U bracker for it with a holder for the brick.

    Model # SRX300-RMK0
    Link is to a third party Newegg seller because they have a drawing of it.
     
    #15
  16. Cybertron

    Cybertron Member

    Joined:
    Oct 4, 2016
    Messages:
    97
    Likes Received:
    27
    This is very temping indeed. My company uses these all the time in our DC's, and it would be a great way to learn. And yeah we use these in HA all day long.
     
    #16
  17. packmule

    packmule New Member

    Joined:
    Mar 21, 2019
    Messages:
    5
    Likes Received:
    1
    I've always been impressed with the SRX line. I first played with them back when they introduced the SRX-210. I don't think there's a meaningful route / switch / l4 firewall feature they lack for an enterprise environment. Juniper isn't my choice for ngfw, but they make great gear.

    The only things they really lack are home friendly features like upnp, mdns proxy, etc. It's not really fair to call that a deficiency given the target users.
     
    #17
    Last edited: Mar 22, 2019
  18. Evan

    Evan Well-Known Member

    Joined:
    Jan 6, 2016
    Messages:
    2,859
    Likes Received:
    427
    Interesting little unit for sure.
    Not an alternative that I have seen often compared to the the Meraki, Sophos, Fortinet, Sonicwall, etc but looks good.

    Resists looking into it further in case I decide to buy a couple
     
    #18
  19. RTM

    RTM Active Member

    Joined:
    Jan 26, 2014
    Messages:
    427
    Likes Received:
    142
    Looks rather interesting, would be cool to get one for my lab.

    So as I can't see the SRX300 on this page, does it mean that end of support (which I assume implies firmware updates) is not set yet and thus it should be possible to get firmware updates for a likely long period of time?

    Also what product number should I look for to get Junipercare?
     
    #19
  20. packmule

    packmule New Member

    Joined:
    Mar 21, 2019
    Messages:
    5
    Likes Received:
    1
    The SRX300 is current hardware. It will likely be supported for at least the next 3-4 years before EOL.
     
    #20
Similar Threads: bunch Juniper
Forum Title Date
Great Deals Juniper EX4200-48T + 2x10g + rails + dual psu -- $148 Aug 21, 2018
Great Deals Juniper EX4200-48PBX PoE+ - $100 shipped Aug 3, 2018
Great Deals Juniper EX3300-24T Sep 16, 2017
Great Deals Juniper 4 port 10GbE module (EX-UM-4X4SFP) May 10, 2017
Great Deals lot of Juniper equipment May 4, 2016

Share This Page