Juniper Networks firewalls

[imipenem]

We are a small business - 100PCs and looking to buy a firewall. I considered Barracuda but recently found Juniper Networks' SSG series. Does anyone have any experience with Juniper?

 

[azev]

Have you consider cisco asa55xx series ?

 

[imipenem]

I think the price will eliminate Cisco from consideration, also don't the Ciscos require user licenses?

 

[jlazzaro]

can you define exactly what functions this firewall will perform?

price wise, the SSG 20 is on par with the ASA 5505. i've used their Netscreen-5's in the past and have never had a problem with them. configuration was simple and the web interface was intuitive (more so than Cisco's ASDM).

personally, i'd go with an ASA because its what i'm comfortable with. regardless, Juniper makes nice products and either one will probobly do what you want it to.

 

[drebo]

Cisco does offer unlimited user bundles, and the price of the ASA5505 is lower than the equivalent PIX 501 was. It's nice to see a product replaced with a less expensive product for a change.

 

[imipenem]

Spam filtering, web filtering, and AV. AT&T provides our router, I just need a firewall...

 

[Genx87]

I have used the netscreens in the past. I like their functionality.

 

[cmetz]

I have used NetScreen firewalls in the past (waaay past, and recently). I've been pretty disappointed by them.

Historically, NetScreen used the wrong gender for their serial console ports. It's a little thing that shows a lack of understanding the problem space. (Juniper fixed this problem)

NetScreen's CLI is *awful*. It's very clearly not intended to be the way you really configure the box. It's very clearly not built by CLI people. They really want you to use their web UI. It's an okay web UI, and all, but fundamentally, real network gear is configured through the CLI and toy network gear is configured through a web UI. They've made a choice there.

Every month or so, I'd see a NetScreen in the field reboot for no apparent reason. Which one did it would vary. While not the end of the world, this too is not a good sign.

Rules are straightforward enough, VPNs work well enough, performance is reasonable for the price.

I just always felt like NetScreen didn't get it.

(BTW, Juniper firewalls / SSGs = NetScreen. Being owned by Juniper has seemed to affect them positively in terms of design clues and reliability)

 

[rasczak]

Originally posted by: imipenem
We are a small business - 100PCs and looking to buy a firewall. I considered Barracuda but recently found Juniper Networks' SSG series. Does anyone have any experience with Juniper?

we're using the ssg 550 right now. Currently in the middle of trying to figure it all out. I'm new to this so there's not much more I can tell you at this point except i've got a giant headache from trying to figure out how to make eth 0/1 a trusted port as opposed to a DMZ port.