[j-nsp] SSG - Handling Load

Stefan Fouant sfouant at gmail.com
Fri Mar 6 09:41:41 EST 2009 

Paul,

Check the datasheets available on the Juniper site for details on the
amount of load these boxes can handle. For just raw FW performance the
SSG-140 should easily be able to handle the 20-50 Mbps load you intend
to throw at it.  One of the nice things that I really like about these
boxes is that you can selectively enable which traffic you intend to
do perform Anti-Virus and Anti-Spam, rather than all traffic, so if
you do your policies correctly you can choose to do Anti-Spam only for
SMTP traffic, or AV for SMTP attachments, http, and ftp for example.
Similarly you can choose to enable the IDS functions (which for an
SSG-140 is really just basic signature matching) for only certain
types of traffic. If you choose your configuration wisely you should
be able to scale the box to meet your needs.

If you can spend a little more you might opt for the SSG 320M which
would give you the flexibility to upgrade to JUNOS-ES in the future,
should you wish to do so.


On 3/6/09, Paul Stewart <paul at paulstewart.org> wrote:
> Hi folks.. new to the list and looking for some real-world feedback on SSG
> boxes and how they handle load.  Perhaps this isn't the proper use for the
> box or maybe it works just fine.
>
>
>
> We're a service provider that has a small server farm.  The traffic on this
> server farm is 20Mb/s on average with occasional peaks up to 50Mb/s.
>
>
>
> Our first requirement is a good firewall.  Then on the ports still exposed
> we're looking for packet inspection (IDS) with the idea that when certain
> levels of signatures are hit then those packets will be dropped.  I believe
> at this point that an SSG can handle this.. We're considering an SSG-140 at
> this point.
>
>
>
> Now, turn on anti-spam and anti-virus - since these servers behind it handle
> substantial amounts of email traffic I was wondering if the SSG could "zap
> the obvious stuff" before it hits these servers (when also perform
> anti-virus and anti-spam).. the theory being that the obvious stuff wouldn't
> ever make it to the box...?
>
>
>
> If I have the design concept correctly, these boxes are really designed more
> for small to large office deployments and not data center deployment.  But
> with the traffic levels mentioned above, has anyone deployed something
> similar?
>
>
>
> Thanks,
>
>
>
> Paul
>
>
>
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

-- 
Sent from Gmail for mobile | mobile.google.com

Stefan Fouant

Stay the patient course.
Of little worth is your ire.
The network is down.

More information about the juniper-nsp mailing list