[j-nsp] Opinion about stateful firewall : SSG or ASM
Phil Sykes
psykes at imtechtelecom.co.uk
Sun Sep 2 16:38:58 EDT 2007
> - Potential savings from using a J4350 router instead of the larger
> J6350, as you'll generally be performance-bound by the SSG 550
> firewall. The J4350 lacks redundant power options, though. It's
> also not a direct replacement for the SSG 550, whereas the J6350 is,
> if that would affect any sparing strategy you might have.
It's worth mentioning the J2320/SSG320 here, as the poster only has
45Mbps of external bandwidth, and it's rated for 400Mbps of IMIX traffic
in both firewall and routing mode.
It's approximately 1/2 the price of the J4350 in its 1GB RAM mode,
which will be necessary for a full table, or the UTM features of
ScreenOS.
My recommendation for the overall approach would be to get a J2320 and
an SSG320, safe in the knowledge that in an emergency one can be
reinstalled to become the other, and J-Series adaptive services firewall
would provide a useful stopgap security solution.
JUNOS AS firewall is much more painful to configure than ScreenOS
today: the ScreenOS web-based management is good for a non-specialist to
configure firewall rulesets.
Regards,
Phil Sykes
Technical Consultant JNCIE-M #227
Imtech Telecom
Mobile: +44 (0) 7823 530 630
http://www.imtechtelecom.co.uk/
More information about the juniper-nsp
mailing list