[j-nsp] Virtual Firewall Security Appliances

Tim Eberhard xmin0s at gmail.com
Tue Jul 14 23:13:58 EDT 2009


The NS5400 can do 300 or vsys' I am unsure how many the ISG/SSG will do.

The ASA's context modes are limited and have multiple "gotchas" once you
start using them.

I've found no such limitations on the 6.X line of ScreenOS. Using Virtual
Systems you can do everything that you wanted to do and have it completely
segmented.

I am by no means a Vsys expert although I do have a a couple of 5400's that
have 300 or so on each. I can say I'm pretty happy with their capabilities
over all.

Good luck,
-Tim Eberhard


On Tue, Jul 14, 2009 at 9:09 PM, Clue Store <cluestore at gmail.com> wrote:

> Hi List,
>
> My team and I have been quite attched to our C ASA/PIX boxen up until this
> past week. My VP of Ops purchased a shiny new ASA 5550 with 50 context
> licenses. As I am reading up on the configuration of the multiple context
> mode, I discover that "wow, NO VPN SUPPORT in MULTIPLE CONTEXT MODE?!?!".
> Needless to say, I was very dissappointed to find out that we not have a
> huge slightly more sofisticated packet filter that can do ACL's. This does
> me no good. My questions do any of the Juniper SSG, ISG, Netscreen boxes
> support VPN's on each virtual firewall?? If so, whch models are comprable
> to
> the 5550 in pps, amount of tunnels, etc?? Off-list is fine. I will repost
> my
> findings if anyone cares to know as well.
>
> TIA,
> Clue
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list