Configuring HA in Juniper SRX

If you have been a long time Netscreen user and are thinking about upgrading to Juniper SRX, beware of the HA configuration complexity with JunOS, it is very unique and is a real challenge to master. You will definitely wish Juniper would have left it the way it was in Netscreen.

for details Ref. Juniper Knowledge base article

Default Cisco ASA Failover Times

By default failover in ASA HA firewalls will occur in

-  15 secs if the active firewall goes down.

-  25 secs if an interface on active firewall is flapping

-  5 secs if an interface on the firewall goes down

-  2 secs if a module on the active firewall goes down.

Use the failover polltime command on the active firewall to change from the default values.

Application Control Next Generation Firewalls

Checkpoint introduced Application control policies in their R75 version recently, while traditional firewalls like ASA and SRX perform control based on protocols, ports and IP, the new next generation firewalls in addition provides granular control by application and users using these applications.

The only other vendor doing this in the security space is a new company called Paloalto networks which appears to have initiated this concept for good.

The checkpoint App wiki is a great resource to see what application controls are possible.

http://appwiki.checkpoint.com/appwikisdb/public.htm

Enabling and configuring SNMP in Checkpoint Nokia

Warning, performing the below actions will do a cpstop & cpstart.

Using CLI

> Login to the Checkpoint Nokia appliance

> Type ‘cpconfig’

> Select ‘SNMP Extension’

> Select ‘y’ to activate the SNMP daemon

> Exit

Using Voyager

> Login > Configuration > SNMP