A bunch of Juniper SRX300 firewalls dumped cheap

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

oddball

Active Member
May 18, 2018
206
122
43
43
(FYI, this isn't me selling)

I've noticed recently someone is dumping a LOT of Juniper SRX300 firewall appliances on ebay: (juniper srx300 | eBay)

Last week there were ~30 auctioned, and another ~30 this week. They all start at $95 and end between $120-140.

These are awesome little units, I have two, a third on the way. They can firewall 1Gbps with 1500b packets at line rate. They can change their ports from firewall mode to switching mode. So you can have this as a gateway router/firewall and then have devices connected directly.

This is a really good deal, not sure why there are so many available, but if you're considering learning Junos this is a great way to start.
 
  • Like
Reactions: Blinky 42 and Samir

frogtech

Well-Known Member
Jan 4, 2016
1,484
272
83
36
Do these require a license or service account for updates and/or features? How would it compare to a pf sense router?
 

oddball

Active Member
May 18, 2018
206
122
43
43
The license is honor based, all of the features work out of the box without a license. You need a subscription to get IDS updates from Juniper. Even weirder if you have the base license it doesn't appear anywhere in the software, so as far as I can tell the software is license agnostic. I have some licensed boxes and some unlicensed "lab" machines. If you do a "show system license" it only shows add-on licenses like AV/IDS.

I prefer something like this to pfsense. They're low power, silent and can handle a decent amount of traffic. If you switch them from flow to packet mode you can route 1.5Gbps. Juniper is conservative in their specs and I've found you can hit the numbers they claim.

I like that these have ASICs for the traffic vs hitting the control plane like pfSense.

They've both built on FreeBSD. In Junos you can jump to a FreeBSD shell and work with the typical command utilities. Difference is a more robust routing, switching, firewalling platform.
 

oddball

Active Member
May 18, 2018
206
122
43
43
Oh and this is sort of rogue, but on one of these boxes you can find a reseller online who will sell you JuniperCare for $50/yr. Just don't ever mention you purchased it on eBay, give them the serial and no questions asked you'll be able to get software updates and can even RMA one of these. If you try to talk to Juniper directly they'll give you the "we don't certify eBay machines" but I've found resellers don't care, and Juniper doesn't care as long as it comes through a reseller.
 

PigLover

Moderator
Jan 26, 2011
3,215
1,571
113
These things are rock solid. In man ways preferable to pfSense. Normally 10x this price even at large volume discounts, so this is a great deal.

Do pay close attention though - with full IDS mode turned on these slow down quite a bit. More than fast enough to do full IDS for the majority of home ISP connections - but if you are on a 150Gig or faster connection full IDS will speed limit you.
 

Samir

Post Liker and Deal Hunter Extraordinaire!
Jul 21, 2017
3,520
1,633
113
49
HSV and SFO
I'll keep my eye on these as it sounds like a great upgrade to the netgear fvs318n I've been running for years if I get a gigabit connection. It's already 500/50 on the other end with a watchguard m200, so it sounds like I could have a nice fat pipe between these two locations with the Juniper even though I get a consistent 450Mbps wan-to-lan on the netgear already.
 

oddball

Active Member
May 18, 2018
206
122
43
43
I don't think you need an additional license for HA, it's a base feature of the boxes.

Sorry @badskater for highlighting these...didn't mean to step on any toes.
 

badskater

Automation Architect
May 8, 2013
129
44
28
Canada
Nah it's fine, don't worry. I don't mind people knowing about these, I just tried to grab some before people found those deals. ;)
 

herby

Active Member
Aug 18, 2013
187
54
28
This is interesting, fan-less in a desktop form factor with a power brick; but Juniper also makes a 1U bracker for it with a holder for the brick.

Model # SRX300-RMK0
Link is to a third party Newegg seller because they have a drawing of it.
 

Cybertron

Active Member
Oct 4, 2016
110
30
28
42
Atlanta, GA
This is very temping indeed. My company uses these all the time in our DC's, and it would be a great way to learn. And yeah we use these in HA all day long.
 

packmule

New Member
Mar 21, 2019
5
1
3
I've always been impressed with the SRX line. I first played with them back when they introduced the SRX-210. I don't think there's a meaningful route / switch / l4 firewall feature they lack for an enterprise environment. Juniper isn't my choice for ngfw, but they make great gear.

The only things they really lack are home friendly features like upnp, mdns proxy, etc. It's not really fair to call that a deficiency given the target users.
 
Last edited:

Evan

Well-Known Member
Jan 6, 2016
3,346
601
113
Interesting little unit for sure.
Not an alternative that I have seen often compared to the the Meraki, Sophos, Fortinet, Sonicwall, etc but looks good.

Resists looking into it further in case I decide to buy a couple
 

RTM

Well-Known Member
Jan 26, 2014
956
359
63
Looks rather interesting, would be cool to get one for my lab.

So as I can't see the SRX300 on this page, does it mean that end of support (which I assume implies firmware updates) is not set yet and thus it should be possible to get firmware updates for a likely long period of time?

Also what product number should I look for to get Junipercare?
 

packmule

New Member
Mar 21, 2019
5
1
3
The SRX300 is current hardware. It will likely be supported for at least the next 3-4 years before EOL.