[j-nsp] Juniper Firewall Platforms

Amos Rosenboim amos at oasis-tech.net
Wed Aug 15 06:21:49 EDT 2007


Hello,

I do have some experience with the SSG series (running ScreenOS). I  
like those devices very much, although I did not use them in  
transparent mode, and did not get near the performance you expect.

They do have a feature (licensed one) called deep inspection, which  
is sort of IDP/IPS functionality performed by the firewall.
As expected, such feature has a significant performance impact. I did  
not find any documentation in the Juniper web site on how much of  
performance impact, but from my personal experience (protecting a web  
server) it was more then 70%.

Regards

Amos

On Aug 15, 2007, at 8:36 AM, TCIS List Acct wrote:

> Hi all,
>
> We are looking at purchasing a new firewall platform to replace a  
> pair of aging
> PIX 520s, and Juniper has several offerings that may fit.   
> Specifically, we need
> Layer 2 / Transparent Mode support and around 400Mbit of firewall  
> throughput.
> No real need for VPN, but IPS support would be nice.  We are  
> looking at the SSG
> series and the NetScreen 200/500.  Any experiences with these  
> devices or advice
> would be appreciated.
>
> --Mike
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list