[j-nsp] J-Series vs SSG

Giuliano (UOL) giulianocm at uol.com.br
Fri Nov 2 12:08:40 EDT 2007


Alex,

Its important to see the technical specifications for the SSG-320 box:

BGP instances       3
BGP peers           4
BGP routes          10,000
OSPF instances      3
OSPF routes         10,000
RIP v1/v2 instances 128
RIP v2 routes       10,000

> We are a small web hosting company looking to implement a pair of
> Juniper firewalls behind our border routers (both J4350s running BGP to
> a couple of ISPs).  What we are looking for is pretty simple - stateful
> firewalling, simple ACLs, DDoS protection, active/passive failover.

J-Series certainly will support all these features.

> We are looking at getting either 2 x SSG 320 or 2 x J2320s.  I'm aware
> that these are exactly the same hardware - the question is whether we
> want to be running ScreenOS or JunOS.
>  
> My preference right now is J2320s with JunOS as I'm very comfortable
> working with JunOS.  But there seems to be a consensus amongst people I
> have spoken to that ScreenOS will be easier to configure and will be a
> better solution in the long term.  Also as far as I can gather, JunOS
> isn't able to sync firewall state which ScreenOS does easily.

ScreeonOS is easier to configure, better support for NAT and Filters
(with UTM), but you will not have the same routing features and
flexibility to configure, manipulate, mark or classify traffic ... like
you have with JUNOS.

JUNIPER is talking about to support some UTM features in JUNOS and some
acceleration features too.

Att,

Giuliano



More information about the juniper-nsp mailing list