Hi Sanjeev, On Wed, Oct 10, 2012 at 10:12 PM, Sanjeev Neelarapu <sanjeev.neelar...@citrix.com> wrote: > Hi Sheng, > > Following are the review comments on F5&SRX in in-line mode PRD: > > > 1. Apart from providing security to load balancing traffic are there any > other benefits of deploying F5&SRX in in-line mode?
No as I know. The main change is LB would behind Firewall which make more sense and more secure. > > 2. In this scenario SRX is the single point of contact for the entire > zone. How are we going to provide the redundancy (to avoid single point of > failure condition) ? No, and even in side-by-side mode, if SRX is failure, we would face the same situation - I don't think only LB works would be good enough for guest network. > > 3. Is there any limit on the no.of IP addresses that can be acquired and > configured for load balancing on SRX? The same as PF/static nat, as far as I know, no. > > 4. Are we going to use SRX with JUNOS 10.4R1 or above for this feature > support? Yes, which would make VPN works. > > 5. What level of security are we providing to the load balancing > traffic? CIDR& Port Range based filtering or do we support application level > filtering(content inspection) as well? In fact F5 support application level filtering, but we haven't got plan to support it so far. We only support http protocol now. --Sheng > > > Thanks, > Sanjeev > > >
