[j-nsp] Opinion about stateful firewall : SSG or ASM

Phil Sykes psykes at imtechtelecom.co.uk
Sun Sep 2 16:38:58 EDT 2007


>  - Potential savings from using a J4350 router instead of the larger 
> J6350, as you'll generally be performance-bound by the SSG 550 
> firewall.  The J4350 lacks redundant power options, though.  It's 
> also not a direct replacement for the SSG 550, whereas the J6350 is, 
> if that would affect any sparing strategy you might have.

 It's worth mentioning the J2320/SSG320 here, as the poster only has
45Mbps of external bandwidth, and it's rated for 400Mbps of IMIX traffic
in both firewall and routing mode.
 It's approximately 1/2 the price of the J4350 in its 1GB RAM mode,
which will be necessary for a full table, or the UTM features of
ScreenOS.

 My recommendation for the overall approach would be to get a J2320 and
an SSG320, safe in the knowledge that in an emergency one can be
reinstalled to become the other, and J-Series adaptive services firewall
would provide a useful stopgap security solution.

 JUNOS AS firewall is much more painful to configure than ScreenOS
today: the ScreenOS web-based management is good for a non-specialist to
configure firewall rulesets.

Regards,

Phil Sykes
Technical Consultant		JNCIE-M #227
 
Imtech Telecom
Mobile:        +44 (0) 7823 530 630
http://www.imtechtelecom.co.uk/


More information about the juniper-nsp mailing list