[j-nsp] SSG - Handling Load
Paul Stewart
paul at paulstewart.org
Fri Mar 6 08:09:16 EST 2009
Hi folks.. new to the list and looking for some real-world feedback on SSG
boxes and how they handle load. Perhaps this isn't the proper use for the
box or maybe it works just fine.
We're a service provider that has a small server farm. The traffic on this
server farm is 20Mb/s on average with occasional peaks up to 50Mb/s.
Our first requirement is a good firewall. Then on the ports still exposed
we're looking for packet inspection (IDS) with the idea that when certain
levels of signatures are hit then those packets will be dropped. I believe
at this point that an SSG can handle this.. We're considering an SSG-140 at
this point.
Now, turn on anti-spam and anti-virus - since these servers behind it handle
substantial amounts of email traffic I was wondering if the SSG could "zap
the obvious stuff" before it hits these servers (when also perform
anti-virus and anti-spam).. the theory being that the obvious stuff wouldn't
ever make it to the box...?
If I have the design concept correctly, these boxes are really designed more
for small to large office deployments and not data center deployment. But
with the traffic levels mentioned above, has anyone deployed something
similar?
Thanks,
Paul
More information about the juniper-nsp
mailing list