Home / Reviews / Books / Book review: Juniper SRX Series

Book review: Juniper SRX Series

Juniper SRX Series

I met Brad, co-author of “Juniper SRX Series”, a few years ago when I was also working for Juniper Networks. I remember well how active he was in supporting the Juniper community on IDP first (the Intrusion Prevention solution) and SRX (the next-generation firewall family) later. So, when I saw this upcoming book on SRX written by Brad Woodberg together with Rob Cameron, another pillar of the development on this product, I jumped immediately on the possibility to get a review-copy.

What you read here is an exclusive review of the book “Juniper SRX Series“, only for RouterFreak.com!
juniper srx series

 

Juniper SRX Series… what?

If you’re not familiar with it, the Juniper SRX Series is the family of next-generation firewall products released in 2010 by Juniper Networks. The SRXs are the natural successor of the mighty NetScreen firewalls, and they represent a revolution because they’re based on the Juniper flagship operating system, JunOS. The product has been developed thinking ahead… hence including not only classic firewall services, such as Statefull Inspection, NAT, and VPN, but also Antivirus, URL-filtering, Intrusion Prevention, and Application Firewall capabilities. Maybe the most impressive part is the performance of the high-end devices:

The SRX5800 supports more than 200 Gbps firewall and 100 Gbps IPS, as well as 400,000 connections per second, and an industry record-breaking 60 million concurrent user sessions.

 

Juniper SRX Series, the review

The first thing that struck me was the structure of this book. It’s a collection of 15 chapters for a total of over 1.000 pages… it’s difficult not to call this a comprehensive guide. The first five chapters are designed to get you started using SRX and Junos. They basically require no technical knowledge and are great for anyone who wants to know more about SRX or is involved in making technology decisions within a company. The remaining chapters dig deep into specific features and are ordered by the popularity of the feature itself. All the configuration examples are using a clear network scenario defined as “reference networks” early in the book, and it’s great because in a simple diagram there are almost all the deployment options you can find in the real world!

I personally worked with SRX in Enterprise, Data Center, Service Provider and Mobile Operators environments, and it all boils down to the few scenarios presented here. Oh, if this book would have been available couple of years ago… 😉

 

What I liked of “Juniper SRX Series”

Brad and Rob’s passion for this product is really coming out on the pages of this book. Their long time involvement with both Juniper Engineering teams and customers made them real experts of this product.

Here are some of the things I really liked reading:

  • Best Practices
    One of the expectation of any customer talking to a product expert is to gain access to some “best practices” to follow in their networks. Unfortunately, those best practices are more often results of one’s experience than stated by the vendor… but in this book, Brad and Rob are sharing  in each chapter very valuable advises.
    I ran a search and I found more than 100 occurrence of the term “best practice”…. this should be best practice for any book talking about a product or technology!
  • Commands and Troubleshooting
    It’s nice to understand how a feature works and how to configure it, but we all know what happens when you’ll deploy it in production. Without any idea of how to verify the correct operations and identify the problems, the only option is to call support! Luckily, this has been taken into account too, and each chapter has a nice part with commands and expected output.
  • History of the Limitations
    Every complex product has its own limitations, and Juniper SRX is no exception. Normally, engineers scoff the products when they find out ridiculous limitations, cursing the developers… right?. What I like is that, in this book, the authors often take time to explain why a limitation is there and where it is coming from. Because if a limitation has a logic behind it, it’s automatically accepted, and its history is an interesting anecdote to share with customers. 😉

 

What I didn’t like of this Juniper SRX Series

Okay, I had to think hard to find something to write here because, to be honest, this book met my expectations.
The only negative points I have are:

  • Table of Contents
    In my Kindle, the index was pretty much unusable because the chapters and sub-chapters were all in one level. As I was reading a pre-release version, I expect this to be fixed before release date, but ultimately I would recommend you to go for the paper copy. This is a manual to keep close and to use as a reference, and my opinion is that for this usage the paperback is still better.
  • Repetitive explanations
    This can be seen as a plus as well as a negative thing, but I found some concepts repeated in multiple parts of the text. I do understand that it is not easy to explain, for example, the SRX hardware once and than refer to it without repeating what it is about, but at the same time, it made the text bloated.
  • No Multicast or IPv6 chapters
    While multicast is mentioned sometimes and IPv6 is kind of integrated in the rest of the explanations, I’m missing dedicated chapters, at least to explain how SRX handle those types of traffic and what has to be taken into account when deploying in such scenarios.

 

Conclusions

On KindleThis review is based on an early release, raw and unedited, of “Juniper SRX Series” so I’m confident my few critics have been addressed already by now. What is left is a lot of good information delivered in a clear and easy to follow text. The tagline of the book is “A Comprehensive Guide to Security Services on the SRX Series” but I wonder if is not too limiting calling this “a guide”. No, I’m not trying to market you. But with the kind of guides and manuals we, IT specialists, are used to dealing with, this book truly stands out for its quality. Best practices, deployment scenarios, and real experiences are what most of us are looking for in our daily job.

If you’re just approaching the daunting task to choose your next firewall deployment, investing in the “Juniper SRX Series” book is the first step towards a successful project… and a bright career!

 

 

You can buy this book from here (and support RouterFreak):

Juniper SRX Series (the book) – Meet the Authors video:

 

About Daniele Besana

Daniele is a freelancer consultant with 15 years of experience in network security, customer support, Linux and Salsa. He worked for Juniper Networks in Netherlands, providing support and consultancy on security projects across Europe and Middle-East.

6 comments

  1. Hello Daniele,

    For best reading and viewing experience, Which kindle size you would recommend ?

    Please let me know.

    Thanks
    Santosh

  2. Where is the GUI documentation? I would expect the book to cover that in more detail.

    I like this book, but will i be relegated to command line forever?

    Mike

    • Hi Mike,

      That’s true, but to be honest the SRX Web GUI is quite hard to use if you don’t know the CLI.
      It’s far from being intuitive, and it gives a graphical representation of the command line structure.

      Just look at it this way: we’re relegated to the CLI that is more powerful, flexible and immediate than any web interface 🙂

  3. I think the idea of pay for firewall, and pay for good documentation as well, is like to pay a plumber to work at your home, and pay him a second time to solve your issue … but, as Massimo already said, this is not the place, maybe sitting in front of a cool beer could be better ….

  4. I think that this book MUST be the normal documentation released by Juniper. Usually they miss the doc and many other basic stuff…..but this is not the place to talk about this….

    • I know what you mean Max!
      We’re so used to poor official documentation… but on the other side, a book like this requires few years of real experience in the field before it can be written.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.