these do run a bit warm since they have no fans. so in the summertime, I tend to have computer fan blowing across it. the whole chassis is the heatsink on these.
Last edited:
Oh and this is sort of rogue, but on one of these boxes you can find a reseller online who will sell you JuniperCare for $50/yr. Just don't ever mention you purchased it on eBay, give them the serial and no questions asked you'll be able to get software updates and can even RMA one of these. If you try to talk to Juniper directly they'll give you the "we don't certify eBay machines" but I've found resellers don't care, and Juniper doesn't care as long as it comes through a reseller.
After having won one on eBay, I did a bit of research into what it requires to get updates and use the device. It seems like Juniper really doesn't want us to reuse and resell these devices.
My understanding is that Juniper do not care enough about IDS-only to sell it as a service, but given that you need a subscription for IPS signatures, I can only assume that you do not get IDS signatures with juniper care / core service license.Does JuniperCare include IDS updates?
you need a support contract for firmware updates. generally the JSB/JSE are honor based but could be enforced anyday with a updated firmware.After having won one on eBay, I did a bit of research into what it requires to get updates and use the device. It seems like Juniper really doesn't want us to reuse and resell these devices.
My understanding is that you also need a JSB, JSB-L or JSE license to be allowed to use the software.
So in reality if you buy a SRX300 from new, you should purchase a license with it.
Juniper has SKUs like srx300-sys-jb that include the device and a jsb license.
Of course, the question is in this case, if what we buy from the seller on eBay somehow includes a JSB, JSB-L or JSE license? Is it even possible to transfer ownership of one of these licenses?
On top of all that, you of course still need the core support license to get firmware updates.
i have no clue. i dont use mine for IPS/IDS. i have a opnsense box stacked behind the SRX to do all that.My understanding is that Juniper do not care enough about IDS-only to sell it as a service, but given that you need a subscription for IPS signatures, I can only assume that you do not get IDS signatures with juniper care / core service license.
What I would be interested in knowing, is whether it is possible to use the IPS-engine in IDS mode only, and if you can install your own signatures in it (possibly sourced from Cisco/Talos/Snort VRT/whatever or Emerging Threats)
Yeah that is what I read too, I was thinking about buying a JSB-L license as it doesn't cost too much anyway just to be on the safe side, I don't like the thought that the device may stop working after some software update (and not updating doesn't work for me either).you need a support contract for firmware updates. generally the JSB/JSE are honor based but could be enforced anyway.
Licensing on the SRX300 series is unclear from the very begining BUT with that said, the hardware is ONLY the hardware and your SUPPOSED to buy a license from juniper to be legal software wise.Yeah that is what I read too, I was thinking about buying a JSB-L license as it doesn't cost too much anyway just to be on the safe side, I don't like the thought that the device may stop working after some software update (and not updating doesn't work for me either).
Of course if the device somehow comes with a JSB license (and there was a way to determine it), that would be great.
Which rackmount kit do you suggest \ model that holds it?Licensing on the SRX300 series is unclear from the very begining BUT with that said, the hardware is ONLY the hardware and your SUPPOSED to buy a license from juniper to be legal software wise.
of interesting note, the SRX300 and SRX320 are the same motherboard with just the Mini-PIM slots on the 320 and a few fans.
AND anybody looking for the rackmount kit, BEWARE, there are 2 different ones , one has the tray to hold the power supply and other one DOESNT.
Model numbers are:Which rackmount kit do you suggest \ model that holds it?
I've got a couple coming, and if they work as expected they'll need racked if it's not overpriced vs. sticking them ona shelf
In what regard?So are these usable at home or not really?
absolutely. ive been running the srx300 at home since they came out. dead silent since they have NO fan but i run a computer fan across it in the summer time to keep it cooler.So are these usable at home or not really?
Really great information for us considering these boxes. Thank you.These are extremely usable at home. It's an enterprise router/firewall that's completely silent and can do 1Gbps line-rate (with the caveat of 1500 sized packets).
In terms of licensing. I'm not really sure how they will enforce it. I purchased a JSB license for one after-market, it was ~$100. You plug it into the license activation tool online. It says "thanks" and then gives you a message that there is nothing to install on the device itself.
The device appears no different with or without the license. If you go digging on Google there are a lot of people who report the same thing. When you do "show system licenses" all it shows are additional entitlements, such as IPS, IDS, Web Filtering. In Junipers docs those are the only licensed features on the box that can be enabled.
I have a SRX345 with the JSE license, and I can't find anything on-box that looks any different than one of my hardware licensed SRX300's without a base license.
If you buy the Juniper Care on the hardware you get the software downloads, I believe it's $50/yr for the Juniper Care. That's really cheap to get full software updates in my mind.
You can purchase an IDS license for $200 at CDW if you want the updates for a year, again, fairly reasonable depending on the situation.
If you sign up with Juniper you can view the serial number lookup tool. I've pushed a few serials from the boxes I received from eBay through there. One is still so new it has the manufacturer's warranty on it for another month, it was clearly a test unit. Another had the service contract expire the month it appeared on eBay.
I haven't even seen it enforced on the higher end SRX's either in the consulting work that I do.The feature licenses are enforced on the larger model SRX, but I believe it was removed on the small boxes because managing licenses at the large number of enterprise endpoints they market this too was considered too complicated.