Juniper SRX Cisco alternative

Mokhalil82 · ‎11-01-2017

Hi

We have a Juniper SRX firewal in our network that is only operating as a router and terminates two of our 1G point to point links. I would like to replace it with a Cisco router as all our routers are Cisco. What is a good replacement, I do have a spare 2921 that I can use.

Reza Sharifi · ‎11-01-2017

Hi,

What model SRX is that? Depending on the number of interfaces you need 2921 probably will work. May I ask what is the reason for doing this? In general, Juniper firewalls have a lots of capabilities.

HTH

Mokhalil82 · ‎11-01-2017

Its a SRX240. The reason for replacing is as its the only juniper device that was installed by a provider, all other routers are cisco.

We want to stick to an all cisco network, and the fact that i have a spare 2921 and the routing on the juniper requires a tidy up so i can replace it during the change window as part of the routing tidy

Reza Sharifi · ‎11-01-2017

Hi,

Ok, that make sense. If you have a lot policies on the firewall, it may be a little challenging converting them to Cisco. If it is functioning as a basic layer-3 device than that should not be an issue. The 2921 will do the job.

HTH

Mokhalil82 · ‎11-01-2017

Hi
No it doesn't do any firewall policies just layer 3. My main concern is the fact that it terminates the 1G links and whether the 2921 with lack in throughput compared to the SRX

Reza Sharifi · ‎11-01-2017

Overall you may get better throughput with the SRX as it support 16 1Gig ports but if you just need a couple of Gig ports, the 2921 may work fine. Is the provider handing off a full 1Gig connection to you?

Try it with the 2921 and if you don't get the same performance level, you can bring back the Juniper.

HTH

paul driver · ‎11-01-2017

Hello

If you sure you don't require any security/FW , UTM services etc Then a cisco 2921 ISR could be applicable for you - I guess it all depends on what you requirements -- review this

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

casanavep · ‎11-01-2017

What is you actual traffic throughput at peak, i.e. interface to interface 600Mbps down x 300Mbps Up? A Cisco 2921 can only do approximately 250Mbps "aggregate throughput" - think 200 down x 50 Up Mbps. This is before turning on things like NAT, NBAR, FNF, or security. Cisco officially stopped updating it, but if you look hard you can still find archived copies of the router performance PDF. After 250Mbps you'd likely start to see the CPU stay beyond 75% utilization. That's when you start to creep up on packet delivery consistency issues, i.e. period of significant packet jitter.

casanavep · ‎11-01-2017

What is you actual traffic throughput at peak, i.e. interface to interface 600Mbps down x 300Mbps Up? A Cisco 2921 can only do approximately 250Mbps "aggregate throughput" - think 200 down x 50 Up Mbps. This is before turning on things like NAT, NBAR, FNF, or security. Cisco officially stopped updating it, but if you look hard you can still find archived copies of the router performance PDF. After 250Mbps you'd likely start to see the CPU stay beyond 75% utilization. That's when you start to creep up on packet delivery consistency issues, i.e. period of significant packet jitter.