[c-nsp] Cisco FWSM vs Juniper NetScreen 5400

jason.plank at comcast.net jason.plank at comcast.net
Thu Aug 9 09:14:03 EDT 2007 

Maybe there are different degrees of sucking, but juniper support is absolutely horrid. 

As far as which vendor I would go with, it probably depends on $$$ and throughput demands. Junipers firewalls kick Cisco's ass in terms of throughput (Although I hear a newer products coming in the fall...). If the expectation is to run a routing protocol on the firewall, and you are stuck on EIGRP that's obviously an issue.

If you can afford the extra money for the juniper it's a nice product. If you grow your infrastructure - do yourself a favor and stay the f!ck away from NSM. 

--
Regards,

Jason Plank
CCIE #16560
e: jason.plank at comcast.net

 -------------- Original message ----------------------
From: Gert Doering <gert at greenie.muc.de>
> Hi,
> 
> On Thu, Aug 09, 2007 at 06:43:28PM +1000, Dale Shaw wrote:
> > Alas, the routing protocol is EIGRP. This shouldn't pose too much of a
> > problem though as I only need to segment about 20 VLANs.
> 
> Well, it will be for the Netscreen - it can only do OSPF or RIP (and BGP).
> 
> Besides this, I really hate PIXen, and Netscreens mostly are a pleasure
> to work with.  They have a few design quirks that you need to get used to
> (like: for established state, the session table is consulted before the
> routing table, so some things work in surprising ways, if your routing
> is asymmetric) - but that's like "for a PIX, everything is a NAT", it
> needs getting used to.
> 
> Netscreen tech support sucks, but it's no worse than TAC.
> 
> 10G on Netscreens is going to cost two arms and a leg.  At least.
> 
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                            //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             gert at greenie.muc.de
> fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list