Results 1 to 13 of 13
-
03-26-2011, 03:39 PM #1Aspiring Evangelist
- Join Date
- Aug 2003
- Location
- Singapore
- Posts
- 422
Firewall: Juniper SSG140 and Cisco 1841
Hey,
Have anyone heard about these firewalls? Are they good enough as a firewall and which do you think is better?
-
03-26-2011, 03:53 PM #2Aspiring Evangelist
- Join Date
- Dec 2005
- Location
- NYC
- Posts
- 428
The Cisco 1841 is not a firewall it is an integrated services router. I would more appropriately compare the ssg to the cisco asa product family.
Edge 1, LLC
http://www.edge1.net | 800.392.2349
Cisco SMARTnet & Licensing Specialists | Datacenter/Network Design & Management Consulting | Cisco New & Certified Refurb Equipment Sales
-
03-26-2011, 03:57 PM #3Aspiring Evangelist
- Join Date
- Oct 2002
- Posts
- 351
How much throughput do you need? Do you know screenos or cisco ios more? 1800 series is an ISR that can do the zone-based firewall.
SSG140 will do tons more throughput for sure, 1841 is not that beefy of a router at all. I also believe the 1841(all 1800 series for that matter) is EOL. We where looking at the 1811's for some remote sites but they are EOS next month, so we are now looking at the cisco 891.
We looked at ssg5's but the cost savings wasnt really there as we are a cisco shop and it would require a LOT of extra time to learn screenos well enough to support it.
FYI smartnet on the 891 is really cheap.
-
03-26-2011, 03:59 PM #4Aspiring Evangelist
- Join Date
- Oct 2002
- Posts
- 351
-
03-26-2011, 04:12 PM #5Web Hosting Master
- Join Date
- Nov 2009
- Location
- Cincinnati
- Posts
- 1,585
Wouldn't an SRX be a better choice?
'Ripcord'ing is the only way!
-
03-26-2011, 06:49 PM #6Master of the Truth
- Join Date
- Mar 2006
- Location
- Reston, VA
- Posts
- 3,131
SRX is the juniper new line of firewalls, SSG's are a great firewall and much easier to work with than SRX, the SRX has a better interface now than before but runs on JuneOS vs the ssg which is screenOS
If you want cisco ASA is the only thing out unless you find some EOL'd PIX's. which I would suggest against.Yellow Fiber Networks
http://www.yellowfiber.net : Managed Solutions - Colocation - Network Services IPv4/IPv6
Ashburn/Denver/NYC/Dallas/Chicago Markets Served zak@yellowfiber.net
-
03-26-2011, 10:41 PM #7Web Hosting Master
- Join Date
- Nov 2009
- Location
- Cincinnati
- Posts
- 1,585
SRX are all policy driven, they can a bit complicated to setup but its rather straight forward once it *clicks*.
We use SRX between data center for connectivity over an IPSEC tunnel.
I would stick with SSG or SRX.'Ripcord'ing is the only way!
-
03-27-2011, 01:51 AM #8Aspiring Evangelist
- Join Date
- Aug 2003
- Location
- Singapore
- Posts
- 422
Thanks! So SSG will be much better as a firewall. But is it easy to use the functions and set rules and policies?
Do I have to buy update for the antivirus and antispam protection etc?
-
03-27-2011, 02:03 PM #9Web Hosting Master
- Join Date
- Aug 2009
- Location
- Orlando, FL
- Posts
- 1,063
The SSG has the best web-interface IMHO. You can do 95% of everything you need from the webUI. Like everyone said, the SSG and 1800 series aren't apples to apples. The SSG is a true firewall. I have many SSGs deployed in offices and data centers. Everything from the SSG5 to the SSG550.
As far as the SRX goes, I would stay away from them for a little while longer. About a year ago I was thinking about getting some, but ended up getting two SSG 320s. The forums and even Juniper rep I spoke with said they just aren't stable enough to use in full production. Some features were buggy at best, and some things flat out didn't work. It has gotten better over last year, but I recently asked some others using them and suggest I still wait a little longer.-=SKULLBOX.NET=-
-
03-27-2011, 09:39 PM #10Web Hosting Master
- Join Date
- May 2005
- Location
- Bay Area
- Posts
- 1,211
The SRX's were extremely buggy a year or so ago, but juniper has done a great job of fixing up all its quirks. Personally, ScreenOS drives me crazy; once you get the hang of JunOS (really not hard) you will never go back. Something like an SRX240 should be around the same price range, or close to it. I suppose though if you don't need to do anything other than firewalling, no reason not to stick with an ssg.
-
03-27-2011, 09:49 PM #11Master of the Truth
- Join Date
- Mar 2006
- Location
- Reston, VA
- Posts
- 3,131
The SRX can be used in two modes, flow and per-packet, per packet mode the lower end SRX's can make great CPE/NID devices and peal off mpls, i.e handle L2VPN just fine and dandy and are very very inexpensive.
Bang for the buck the SRX has by far more capacity/throughput vs its competitorsYellow Fiber Networks
http://www.yellowfiber.net : Managed Solutions - Colocation - Network Services IPv4/IPv6
Ashburn/Denver/NYC/Dallas/Chicago Markets Served zak@yellowfiber.net
-
03-27-2011, 11:07 PM #12Web Hosting Master
- Join Date
- Jun 2006
- Location
- Calgary, Alberta
- Posts
- 688
How do the SRX's compare to the Cisco counter parts?
-
03-28-2011, 09:21 AM #13Web Hosting Master
- Join Date
- Aug 2009
- Location
- Orlando, FL
- Posts
- 1,063
-=SKULLBOX.NET=-
Similar Threads
-
Juniper and Cisco
By darkflow in forum Web Hosting HardwareReplies: 2Last Post: 10-31-2010, 12:12 PM -
Juniper University - L3 Stackables - Juniper EX4200 vs. Cisco 3750G/E/X
By JH GLCOMP in forum Other Web Hosting Related OffersReplies: 2Last Post: 08-09-2010, 12:18 PM -
Juniper or Cisco
By brendanm in forum Hosting Security and TechnologyReplies: 16Last Post: 01-11-2004, 09:52 AM -
Dedicated Network: Juniper Rtr, 48 port Cisco, Firewall, AV & 42U w/ 10 mb/s $1199/mo
By chavvon in forum Dedicated Hosting OffersReplies: 4Last Post: 10-10-2002, 11:53 AM