Our SSG install base is going EoL and we are planning moving to JunOS.
I am in a typical small business environment with a large number of IPSec VPNs (~100).
The SSGs are used to filter incoming Internet traffic and establish IPSec VPNs to branches and business partners.
What is the best way to introduce a JunOS firewall/router (SRX 340) to the mix, and progressively rebuild all IPSec VPNs onto the SRX?
I looked into the ScreenOS-to-JunOS config translation tool, and it doesn't decrypt the IPSec keys, otherwise I would attempt a device swap.
My guess is that I'll have to setup the new SRX as an alternate gateway on the LAN side, and start moving the VPNs.
Looking for inputs.