[c-nsp] Cisco FWSM vs Juniper NetScreen 5400
Elmar K. Bins
elmi at 4ever.de
Thu Aug 9 05:36:18 EDT 2007
gert at greenie.muc.de (Gert Doering) wrote:
> On Thu, Aug 09, 2007 at 06:43:28PM +1000, Dale Shaw wrote:
> > Alas, the routing protocol is EIGRP. This shouldn't pose too much of a
> > problem though as I only need to segment about 20 VLANs.
>
> Well, it will be for the Netscreen - it can only do OSPF or RIP (and BGP).
If one makes EIGRP a requirement, one makes "Cisco" a requirement ;)
> Besides this, I really hate PIXen, and Netscreens mostly are a pleasure
> to work with. They have a few design quirks that you need to get used to
> (like: for established state, the session table is consulted before the
> routing table, so some things work in surprising ways, if your routing
> is asymmetric) - but that's like "for a PIX, everything is a NAT", it
> needs getting used to.
The point to it is - it ensures symmetry, and that's what I particularly
like about it. Returning the traffic exactly to where it came from is a
really nice thing, and the recording of the origin interface in the
session does that nicely. (Ok, I have one case where it's a PITA, but
that's like squeezing more bw out of a 208's interfaces and then hoping
things work with only partial failover; they don't of course, but it
would have been soooooo nice)
> Netscreen tech support sucks, but it's no worse than TAC.
I can recommend our partner in Germany. They are very (!) competent, and
they have got a hot wire into Juniper Tech.
Yours,
Elmi.
--
"Hinken ist kein Mangel eines Vergleichs, sondern sollte als wesentliche
Eigenschaft von Vergleichen angesehen werden." (Marius Fränzel in desd)
--------------------------------------------------------------[ ELMI-RIPE ]---
More information about the cisco-nsp
mailing list