A bunch of Juniper SRX300 firewalls dumped cheap

oddball

Active Member
May 18, 2018
165
53
28
38
(FYI, this isn't me selling)

I've noticed recently someone is dumping a LOT of Juniper SRX300 firewall appliances on ebay: (juniper srx300 | eBay)

Last week there were ~30 auctioned, and another ~30 this week. They all start at $95 and end between $120-140.

These are awesome little units, I have two, a third on the way. They can firewall 1Gbps with 1500b packets at line rate. They can change their ports from firewall mode to switching mode. So you can have this as a gateway router/firewall and then have devices connected directly.

This is a really good deal, not sure why there are so many available, but if you're considering learning Junos this is a great way to start.
 
  • Like
Reactions: Blinky 42 and Samir

frogtech

Well-Known Member
Jan 4, 2016
1,315
205
63
32
Do these require a license or service account for updates and/or features? How would it compare to a pf sense router?
 

oddball

Active Member
May 18, 2018
165
53
28
38
The license is honor based, all of the features work out of the box without a license. You need a subscription to get IDS updates from Juniper. Even weirder if you have the base license it doesn't appear anywhere in the software, so as far as I can tell the software is license agnostic. I have some licensed boxes and some unlicensed "lab" machines. If you do a "show system license" it only shows add-on licenses like AV/IDS.

I prefer something like this to pfsense. They're low power, silent and can handle a decent amount of traffic. If you switch them from flow to packet mode you can route 1.5Gbps. Juniper is conservative in their specs and I've found you can hit the numbers they claim.

I like that these have ASICs for the traffic vs hitting the control plane like pfSense.

They've both built on FreeBSD. In Junos you can jump to a FreeBSD shell and work with the typical command utilities. Difference is a more robust routing, switching, firewalling platform.
 

oddball

Active Member
May 18, 2018
165
53
28
38
Oh and this is sort of rogue, but on one of these boxes you can find a reseller online who will sell you JuniperCare for $50/yr. Just don't ever mention you purchased it on eBay, give them the serial and no questions asked you'll be able to get software updates and can even RMA one of these. If you try to talk to Juniper directly they'll give you the "we don't certify eBay machines" but I've found resellers don't care, and Juniper doesn't care as long as it comes through a reseller.
 
  • Like
Reactions: Aluminat

j_h_o

Active Member
Apr 21, 2015
414
89
28
Are software/firmware updates available for these units without JuniperCare?
 

PigLover

Moderator
Jan 26, 2011
2,954
1,262
113
These things are rock solid. In man ways preferable to pfSense. Normally 10x this price even at large volume discounts, so this is a great deal.

Do pay close attention though - with full IDS mode turned on these slow down quite a bit. More than fast enough to do full IDS for the majority of home ISP connections - but if you are on a 150Gig or faster connection full IDS will speed limit you.
 

Samir

Well-Known Member
Jul 21, 2017
1,250
361
83
45
I'll keep my eye on these as it sounds like a great upgrade to the netgear fvs318n I've been running for years if I get a gigabit connection. It's already 500/50 on the other end with a watchguard m200, so it sounds like I could have a nice fat pipe between these two locations with the Juniper even though I get a consistent 450Mbps wan-to-lan on the netgear already.
 

oddball

Active Member
May 18, 2018
165
53
28
38
I don't think you need an additional license for HA, it's a base feature of the boxes.

Sorry @badskater for highlighting these...didn't mean to step on any toes.
 

badskater

Automation Architect
May 8, 2013
121
42
28
Canada
Nah it's fine, don't worry. I don't mind people knowing about these, I just tried to grab some before people found those deals. ;)
 

herby

Active Member
Aug 18, 2013
177
51
28
This is interesting, fan-less in a desktop form factor with a power brick; but Juniper also makes a 1U bracker for it with a holder for the brick.

Model # SRX300-RMK0
Link is to a third party Newegg seller because they have a drawing of it.
 

Cybertron

Member
Oct 4, 2016
98
29
18
38
Atlant, GA
This is very temping indeed. My company uses these all the time in our DC's, and it would be a great way to learn. And yeah we use these in HA all day long.
 

packmule

New Member
Mar 21, 2019
5
1
3
I've always been impressed with the SRX line. I first played with them back when they introduced the SRX-210. I don't think there's a meaningful route / switch / l4 firewall feature they lack for an enterprise environment. Juniper isn't my choice for ngfw, but they make great gear.

The only things they really lack are home friendly features like upnp, mdns proxy, etc. It's not really fair to call that a deficiency given the target users.
 
Last edited:

Evan

Well-Known Member
Jan 6, 2016
3,026
499
83
Interesting little unit for sure.
Not an alternative that I have seen often compared to the the Meraki, Sophos, Fortinet, Sonicwall, etc but looks good.

Resists looking into it further in case I decide to buy a couple
 

RTM

Active Member
Jan 26, 2014
540
192
43
Looks rather interesting, would be cool to get one for my lab.

So as I can't see the SRX300 on this page, does it mean that end of support (which I assume implies firmware updates) is not set yet and thus it should be possible to get firmware updates for a likely long period of time?

Also what product number should I look for to get Junipercare?
 

packmule

New Member
Mar 21, 2019
5
1
3
The SRX300 is current hardware. It will likely be supported for at least the next 3-4 years before EOL.