Junos Security by Rob Cameron, Brad Woodberg, Patricio Giecco, Timothy Eberhard, James Quinn

There are two common challenges to deploying traditional Layer 3 network firewalls into a network. The first challenge is that you typically must change the IP routing to support the new firewall into the network, which can be a particularly difficult task, especially when dealing with readdressing segments. The other challenge with traditional firewalls is that they are very weak routers, at least in terms of dynamic routing protocol support, not to mention the fact that the security teams which managed the firewalls are typically separate from the teams which managed the routing infrastructure.

Since the SRX runs Junos, you’re already equipped with the best routing platform there is, so routing support isn’t an issue for the SRX, even though it is for many competitive firewalls and the previous generation of ScreenOS devices.

Transparent mode essentially allows the SRX to act as a Layer 2 bridge with the added security functionality of being a stateful firewall, as well as providing additional services such as intrusion protection services (IPS). At the time of this writing, transparent mode is only supported on the high-end SRX platforms and not on the branch SRX Series. However, support is likely to come on the branch SRX platforms in the near future, and quite possibly while you’re reading these pages.