[j-nsp] J-Series vs SSG

Jeremy Stinson laxplayer at earthlink.net
Sat Nov 3 11:06:30 EDT 2007


I am running many SSGs across my clients and the number one thing that I 
like ScreenOS over JunOS is that within a 15 minute walk through, I can have 
my most junior guy making updates and checking objects, rules, etc. JunOS 
has a much larger learning curve. Depending on how your organization is laid 
out, this may or may not be a requirement. For us it is and is why it is the 
device of choice for our networks.

Jeremy


----- Original Message ----- 
From: "Giuliano (UOL)" <giulianocm at uol.com.br>
To: "Campbell, Alex" <Alex.Campbell at dtdigital.com.au>
Cc: <juniper-nsp at puck.nether.net>
Sent: Friday, November 02, 2007 12:08 PM
Subject: Re: [j-nsp] J-Series vs SSG


> Alex,
>
> Its important to see the technical specifications for the SSG-320 box:
>
> BGP instances       3
> BGP peers           4
> BGP routes          10,000
> OSPF instances      3
> OSPF routes         10,000
> RIP v1/v2 instances 128
> RIP v2 routes       10,000
>
>> We are a small web hosting company looking to implement a pair of
>> Juniper firewalls behind our border routers (both J4350s running BGP to
>> a couple of ISPs).  What we are looking for is pretty simple - stateful
>> firewalling, simple ACLs, DDoS protection, active/passive failover.
>
> J-Series certainly will support all these features.
>
>> We are looking at getting either 2 x SSG 320 or 2 x J2320s.  I'm aware
>> that these are exactly the same hardware - the question is whether we
>> want to be running ScreenOS or JunOS.
>>
>> My preference right now is J2320s with JunOS as I'm very comfortable
>> working with JunOS.  But there seems to be a consensus amongst people I
>> have spoken to that ScreenOS will be easier to configure and will be a
>> better solution in the long term.  Also as far as I can gather, JunOS
>> isn't able to sync firewall state which ScreenOS does easily.
>
> ScreeonOS is easier to configure, better support for NAT and Filters
> (with UTM), but you will not have the same routing features and
> flexibility to configure, manipulate, mark or classify traffic ... like
> you have with JUNOS.
>
> JUNIPER is talking about to support some UTM features in JUNOS and some
> acceleration features too.
>
> Att,
>
> Giuliano
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp 



More information about the juniper-nsp mailing list