I probably shouldn’t say this, but UTM on Junos with their new SRX devices.. (ahem).. is not very good… Juniper support is excellent, and the base features of the device are good, but there are a few caveats:
1. Don’t do too much logging
2. Especially, don’t log too much to the device’s filesystem
3. Don’t implement large whitelists/blacklists (particularly with wildcard filtering on URLs)
Juniper’s support on this product is (as usual) excellent, and far surpasses any other manufacturer’s level of help. However, there are some bits of code in this box that haven’t undergone the level of testing you might expect.
Junos 10.0R3 is therefore what we should all be waiting for – available in April. It includes almost 300 fixes (just fixes – no new features), and they have re-worked how the do Q&A on the entire product line.
If you’re struggling with an SRX right now, I’d be really interested to hear from you. In the meantime, let’s hope that release R3 is going to alleviate some of our pain..