[j-nsp] SRX vs. SSG

Fahad Khan fahad.khan at gmail.com
Sun May 9 02:00:39 EDT 2010


About which work around are u talking of IP tracking ???

thanks
Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fahad at pk.ibm.com
+92-321-2370510
+92-301-8247638
Skype: fahad-ibm
http://www.linkedin.com/in/muhammadfahadkhan
http://fahad-internetworker.blogspot.com
http://www.visualcv.com/g46ptnd


On Sun, May 9, 2010 at 2:57 AM, Pavel Lunin <plunin at senetsy.ru> wrote:

> Hi Eric,
>
> SSG should be available for another couple of years. Juniper likes to say
> ScreenOS's roadmap is full of things do be done till the end of the next
> year.
>
> However I wouldn't say SSG has so much better featureset.
>
> In routing SRX is far far beyond. You can even have packet-mode instances
> with MPLS, reachable through a internal tunnel. Just like mature routers.
> >From security point of view — embedded IPS, NAT pools not linked to any
> direct networks, very granular per zone or interface stateful filters for
> control plane destined traffic, some more FW things.
>
> And of course increased performance/price ratio.
>
> JUNOS itself.
>
> As for me, the major weaknesses are:
> — NHRP, which allows auto-connect IPSec VPNs, is not supported. A
> workaround
> is possible here if you want an SRX to be a hub for SSG spokes.
> — IP tracking is not supported for very basic dual-homing. Sure,
> workarounds
> are possible.
> — Reverse path next-hop is always chosen with reverse route lookup. Not to
> much important. An ER exists for this though no idea whether someone cares
> of it.
>
> --
> Pavel
>
> 2010/5/8 Eric Helm <helmwork at ruraltel.net>
>
> > Hi,
> >
> > Has anyone heard what Juniper's plan is moving forward with the SSG
> > platform? The SSG still has a much better feature set than the SRX, but
> > is seems that marketing is pushing people to the SRX. I am looking to
> > roll-out of approximately 200-300 VPN tunnels and trying to decide what
> > platform to go with between the two. SSG is more appealing because of
> > some of its feature set and proven stability. I just don't want to be
> > buying equipment that is slated to be phased out sometime in the future.
> >
> > Thanks in advance,
> >
> > /Eric
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list