This complete field guide, authorized by Juniper Networks, is the perfect hands-on reference for deploying, configuring, and operating Juniper’s SRX Series networking device. Authors Brad Woodberg and Rob Cameron provide field-tested best practices for getting the most out of SRX deployments, based on their extensive field experience.
While their earlier book, Junos Security, covered the SRX platform, this book focuses on the SRX Series devices themselves. You'll learn how to use SRX gateways to address an array of network requirements—including IP routing, intrusion detection, attack mitigation, unified threat management, and WAN acceleration. Along with case studies and troubleshooting tips, each chapter provides study questions and lots of useful illustrations.
Explore SRX components, platforms, and various deployment scenarios
Learn best practices for configuring SRX’s core networking features
Leverage SRX system services to attain the best operational state
Deploy SRX in transparent mode to act as a Layer 2 bridge
Configure, troubleshoot, and deploy SRX in a highly available manner
Design and configure an effective security policy in your network
Implement and configure network address translation (NAT) types
Provide security against deep threats with AppSecure, intrusion protection services, and unified threat management tools
Brad Woodberg, JNCIE-M, JNCIE-SEC, et al, is a product line manager for SRX at Juniper Networks. He is co-author of Junos Security (O’Reilly), Juniper Networks NetScreen(Syngress), and Juniper Networks SSL VPN (Syngress).
Rob Cameron, principal engineer at a Silicon Valley startup, worked for eight years at Juniper Networks. He’s the co-author of Junos Security (O’Reilly) and Configuring Juniper Networks NetScreen & SSG Firewalls (Syngress).
The animal on the cover of Juniper SRX Series is the Spot-fin porcupinefish (Diodonhystrix). The porcupinefish is a close relative of the pufferfish family Tetraodontidae,which are commonly served as the Japanese delicacy Fugu. Like its famous relative, theporcupinefish secretes a poison thought to be tetradotoxin and can inflate itself to threetimes its normal size when threatened.The porcupinefish has a short, round body and a mouth whose teeth are fused into twobeak-like plates, making it easier for the porcupinefish to crush the shellfish it normallyfeeds on. It is grayish tan with black spots and is covered in small spines. It inhabitstropical areas in the Atlantic, Pacific, and Indian oceans. The porcupinefish begins itslife floating in the open ocean, where it is often found near sargassum seaweed, alongwith thousands of sibling larvae. Young fish swim toward land and the adult fish spendthe rest of their lives in shallow waters (3–20 meters below sea level). If eaten, the porcupinefishcan sometimes escape by inflating itself in the throat of a predator.The cover image is of unknown origin. The cover font is Adobe ITC Garamond. Thetext font is Adobe Minion Pro; the heading font is Adobe Myriad Condensed; and thecode font is Dalton Maag’s Ubuntu Mono.
My blog entry from blog.ciscoinferno.net regarding this book as been attached below.
As some readers may note I have been using Juniper's SRX-110 for my home firewall for some time. It is a very cool piece of kit and an extremely flexible, dynamic, and feature rich. In June, Brad Woodberg and Rob Cameron released the SRX bible. Juniper SRX Series by O'Reilly press is over 1000 pages of tasty, richly written, architectural and functional deep dive into the security platform. I was extremely keen to get my hands on this book well before it was scheduled to be published.
This book follows in the same pedigree of which the Juniper MX series book comes from. A reference book which proves invaluable to engineers, architects, and solution engineers. What is great in Juniper books is that there is a topology defined from the outset. This point of reference allows readers to follow along with the authors. It also enables those with access to similar or the same hardware to actually bring up the labs. I have found it hard with some Cisco Press books to get my mind to quickly adapt to new topologies quickly when in learning mode. This also leads to the point that I really like the diagrams, the fonts and the outlay of the examples. Clear and easy to read is something that I really appreciate.
The technical breadth is phenomenal. Like the MX Series book, the SRX Series is just as superb. The hardware breakdowns give insight into product placement, function, and role with the reasons why behind the models hardware minimums and maximums. If you're a firewall focused engineer or someone who needs to work on an SRX this is for you. No matter if your running a branch SRX or DC SRX you will find what you need. UTM, VPN, Security Zones, Policies, Module compatibility - it's all there.
One of the highlights of this book is the Best Practice section. Each topic covered or technology that is discussed in the book has a Best practices section. A book alone could be published with just the best practices as they are useful for anyone deploying the platform. Juniper does not have the equivalent of Cisco SRND so these tips are invaluable. It explains Some of the best come around my weaker areas. IPsec VPNs and UTM. For example, it is best to use main mode under IKE1 due to the fact identity information isn't obfuscated.
After being enlightened recently under the doctrine of Ed Horley, I am becoming slowly more aggressive of the ignorance of IPv6 by many people. The book unfortunately misses a dedicated chapter on this. Although IPv6 appears here and there - the NAT and IPsec chapters mainly - the term IPv6 is only found on 69 pages. I'd love to know in detail how the SRX handles v6 packets, what impact it has on hardware TCAM and other modules, and the SRXs place in v6-only networks. I could be a little harsh in raising this point though it is becoming a personal bug bear of mine lately.
If you work on an SRX or are interested in the SRX then this book is for you. This book is waiting to be devoured. The content in this book is designed to complement Juniper Security book from a few years back. Armed with this book you have a superb firewall reference book to aid you when designing your next internet edge, DMZ, or national branch deployment.
DISCLAIMER - I received a copy of this text from Juniper in exchange for considering writing a review on my blog - blog.ciscoinferno.net
Bottom Line Yes, I would recommend this to a friend