[j-nsp] Netscreen Virtualization?

Kim Halavakoski kim at halavakoski.net
Mon Sep 3 05:23:34 EDT 2007 

Hello,
I am currently running a VSX on Nokia platforms and we have run into  
a few features and problems that have made me question Checkpoint VSX  
atleast on a Nokia platform. Checkpoint and/or Nokia has had problems 
(routes dissapearing when pushing policies, IPsec/VPN using wrong IPs  
for peer-traffic, VSX VSes using "internal communication network IPs"  
for routed traffic(which should NEVER happen btw.) with coming up  
with real answers to our support cases and usually come back with  
answers stating that it will be supported in a future release or  
similar...there has also been some talk about migrating from Nokia to  
SecurePlatform since there seems to be some "issues" with how CP and  
Nokia co-operate, don't ask any details on that...just my  
interpretation on the correspondense from our Support organisation/ 
Nokia/Checkpoint...

All this has made me look around for other platforms and Netscreen  
ISG-platforms has ahd some pretty good reviews from what I have  
found...and our Juniper-reseller is ofcourse bragging about all the  
Checkpoint-to-Netscreen migrations that has been happening lately,  
seemingy related to licensing costs but also to stability...

-kimh


On Sep 3, 2007, at 10:40 AM, sin wrote:

> Kim Halavakoski wrote:
>> Hello,
>> I am curious about the Juniper Netscreen virtualization features.   
>> Does anybody have experience in running ISG VSes in highly  
>> critical  environments? Does it work well? Stable enough to run on  
>> critical  systems or is one better off running highly critical  
>> systems on  separate hardware?
>> I have been looking into Checkpoint VSX but that platform seems to  
>> be  very unmature and I am now looking into what Juniper can offer  
>> on the  virtualization frontier...anybody care to share experiences?
>
> Hi,
>
> Although so far I haven't had the chance to run virtual systems on  
> Juniper, I do have some experience with VSX and it's pretty stable  
> once you set it up and don't add/remove interfaces from the  
> firewall every day.
>
>
> I'm curious on how you came to the conclusion that VSX is immature.
>
> PS: I'm not a Check Point zealot :)
>
> 10x,
>
> sin

====================================
Kim Halavakoski                www.halavakoski.net
kim at halavakoski.net    photos.halavakoski.net
====================================




====================================
Kim Halavakoski                www.halavakoski.net
kim at halavakoski.net    photos.halavakoski.net
====================================


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20070903/aeb32e9c/attachment.bin

More information about the juniper-nsp mailing list