View Poll Results: Firewall: Cisco vs Juniper

Voters
15. You may not vote on this poll
  • Cisco ASA 5510 with Security Plus license

    6 40.00%
  • Juniper SSG-140

    9 60.00%
Results 1 to 16 of 16
  1. #1
    Join Date
    Oct 2003
    Location
    Hanoi
    Posts
    4,306

    ASA 5510 SEC vs SSG-140

    We are going to deploy a pair of firewall (redundant setup), and considering either Cisco ASA 5510 with Security Plus license or Juniper SSG-140

    Which one do you recommend please?

  2. #2
    Join Date
    Feb 2011
    Posts
    580
    Netscreen works really well in a cluster. The only thing that I found to be affected so far when doing a failover is BGP because the routes are flapping as it reconnects. Everything else works so smooth you don't even know there was a failover event and you are on a backup unit now. Configuration syncs up automatically too. Highly recommended. Also check out SSG-320M which is a nice setup when combined with 8 port or 16 switch modules, but costs quite a bit more than SSG-140.

  3. #3
    Join Date
    Jan 2003
    Location
    Chicago, IL
    Posts
    6,889
    What are the planned uses, what exactly are you needing/trying to do?
    Karl Zimmerman - Steadfast: Managed Dedicated Servers and Premium Colocation
    karl @ steadfast.net - Sales/Support: 312-602-2689
    Cloud Hosting, Managed Dedicated Servers, Chicago Colocation, and New Jersey Colocation
    Now Open in New Jersey! - Contact us for New Jersey colocation or dedicated servers

  4. #4
    Join Date
    Aug 2009
    Location
    Orlando, FL
    Posts
    1,063
    I love ScreenOS and the SSG platform. I second DMDM's suggestion of the SSG-320 with a 16 port module. I have two of them with that configuration. They work great.

    The Cisco ASA line is great as well. I just prefer the SSG because I like the interface better and personally have more expierence using the SSG over the ASA, but they can play nice together if they need to.

  5. #5
    Join Date
    Feb 2003
    Location
    NY
    Posts
    11,521
    Huge Cisco Systems fan ... so they get the vote.

  6. #6
    Join Date
    Mar 2006
    Location
    Reston, VA
    Posts
    3,132

  7. #7
    Join Date
    May 2006
    Location
    NJ, USA
    Posts
    6,456
    I hear the Junipers are fantastic for firewall things, but as Spudstr said, Cisco's are known for their VPN.
    simplywww: directadmin and cpanel hosting that will rock your socks
    Need some work done in a datacenter in the NYC area? NYC Remote Hands can do it.

    Follow my "deals" Twitter for hardware specials.. @dougysdeals

  8. #8
    Join Date
    Nov 2005
    Posts
    1,224
    +1 for Juniper.

    I've used bridge and tree, and both are fine products-- but I've been happier with the latter. IMO the Juniper interface beats Cisco hands down, although that's probably a matter of personal taste.

    As for reliability, our Juniper kit just works. The Cisco gear I used to run could be a bit flaky, particularly when trying to maintain a tunnel between Tampa and Chicago. It would randomly stop passing traffic for no reason we or AT&T (we were connecting to a customer's AT&T-managed VPN) could determine. I've never experienced Juniper weirdness, although I'm sure there are horror stories in both camps.

    As always, YMMV.
    Last edited by Sekweta; 03-08-2011 at 03:27 PM.

  9. #9
    Join Date
    Nov 2005
    Location
    Knoxville, TN
    Posts
    223
    Cisco 5510's here. Have several in our DC - multiple VPN's, BGP environment, multiple VLAN's, etc. We maintain several VPN tunnels between TN - FL and TN - MA, and never have problems at all.

    Juniper makes a great product though. I don't think you can go wrong with the two choices you're looking at.

  10. #10
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    988
    Quote Originally Posted by Spudstr View Post
    If you plan on SSL VPN users then go with the cisco, otherwise the SSG140 is a wonderful device.
    The SSL VPN on the Cisco's can't touch the Juniper SA series SSL VPN, but if you're looking for a combined device, yeah it works.

    The SSG is a stronger box for most things, but the ASA will live on wheras the SSG series is being phased out.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  11. #11
    Join Date
    Feb 2011
    Posts
    580
    Quote Originally Posted by appliedops View Post
    The SSG is a stronger box for most things, but the ASA will live on wheras the SSG series is being phased out.
    I am personally not worried about their phase out ideas. Lots of customers have ScreenOS in huge volumes and lots are buying it now. For example compare Juniper's forums for ScreenOS and for anything else- you'll see the difference in volume. We just spent close to $15k on new ScreenOS devices and are planning up to another $10k next quarter. The platform is rock solid, dependable and very capable. I am sure three years from now this platform will still be well supported. However after 10 years of relying on ScreenOS we no longer call support- ever. It is that good.

    P.S. I still use my first Netscreen 5 at home. Not SSG-5, not 5GT, not 5XP, but the original Netscreen 5 which only had two ports and if my memory is right those were not even FastEthernet

  12. #12
    Join Date
    Oct 2003
    Location
    Hanoi
    Posts
    4,306
    No special purposes here. Howver, we need to protect for some VoIP customers. Is there any trouble for VoIP through those kind of firewall?

  13. #13
    Join Date
    Aug 2009
    Location
    Orlando, FL
    Posts
    1,063
    Quote Originally Posted by appliedops View Post
    The SSL VPN on the Cisco's can't touch the Juniper SA series SSL VPN, but if you're looking for a combined device, yeah it works.

    The SSG is a stronger box for most things, but the ASA will live on wheras the SSG series is being phased out.
    This is spot on! While the SSG doesn't have integrated VPN, the SA series is hands down better than Cisco. I actually have both, and the Cisco does work great, but it doesn't have the features the Juniper does.

    They are both great choices. You are talking about (arguably) the two top networking companies in the world. As others have said, I love the Juniper interface.

    Yes, the SSG platform is on it's way out. Though I believe most of them (maybe not the netscreen line) are supported until 2015.

  14. #14
    Join Date
    Mar 2006
    Location
    Reston, VA
    Posts
    3,132
    Quote Originally Posted by skullbox View Post
    Yes, the SSG platform is on it's way out. Though I believe most of them (maybe not the netscreen line) are supported until 2015.

    the SSG's recently came out a few years ago, the old netscreens were originally aquired by the now maker of Fortinet. SSG's wont be going anywhere anytime soon the older netscreen models will more than likely.. or atleast until the SRX line gets certified for DOJ/military stuff. They might be good now but thats why juniper has been keeping the netscreen/SSG's around.. due to the gov certs they obtained for that product line.

  15. #15
    Join Date
    Feb 2011
    Posts
    580
    Quote Originally Posted by skullbox View Post
    This is spot on! While the SSG doesn't have integrated VPN, the SA series is hands down better than Cisco.
    Just to be clear, the reference here is at SSL VPN not being supported by ScreenOS. ScreenOS has great IPSEC VPN capability- very flexible and solid, great for use in site-to-site configurations.

  16. #16
    Join Date
    Dec 2005
    Location
    NYC
    Posts
    428
    Quote Originally Posted by gate2vn View Post
    No special purposes here. Howver, we need to protect for some VoIP customers. Is there any trouble for VoIP through those kind of firewall?
    Nope none. We've deployed countless ASA's with voip running through them and had nothing but happy customers.

    Clearly im slightly biased but I would go with the ASA's. We've found a couple environments where the more features that are used on the SSG's have had some pretty big performance hits whereas with the ASA's there wasnt any noticeable difference when migrated. Doesnt sound like you'd be using it but the SSL VPN's on the ASA's is unmatched. When paired with a solution such as 2 factor SMS authentication or RSA securid auth you get a very extensible solution.
    Edge 1, LLC
    http://www.edge1.net | 800.392.2349
    Cisco SMARTnet & Licensing Specialists | Datacenter/Network Design & Management Consulting | Cisco New & Certified Refurb Equipment Sales

Similar Threads

  1. Re: Cisco ASA 5510
    By canfone in forum Employment / Job Offers
    Replies: 3
    Last Post: 10-08-2010, 05:55 PM
  2. 2x Cisco ASA 5510
    By FAZO in forum Dedicated Server
    Replies: 4
    Last Post: 08-30-2010, 08:50 AM
  3. Configuring a ASA 5510 for hosting
    By truenegative in forum Colocation and Data Centers
    Replies: 8
    Last Post: 09-28-2009, 02:40 PM
  4. Employing ASA 5510 SP
    By mrservon in forum Hosting Security and Technology
    Replies: 4
    Last Post: 06-25-2008, 12:09 PM
  5. Firewall - Cisco ASA 5510 and meltdown?
    By daveu in forum Dedicated Server
    Replies: 2
    Last Post: 09-28-2007, 01:43 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •