Results 1 to 7 of 7
  1. #1

    Questions regarding Juniper SSG series

    Hi

    In one of our racks, we now just have two Procurve (J4900B) switches, and run software firewalls on our CentOS servers. We are now looking towards a hardware firewall to ease managment and reduce load on our servers.

    One of our suppliers reccomends the SSG140 from Juniper, and it seems to cover our needs. The SSG320 however seems to have more features, like layer3 routing. Could this device replace our Procurve switches, and act as a firewall/switch?

    Anyone familiar with these devices and have some input on what to choose? How does the anti-ddos and bruteforce attack functions work out, do they hold up? Anyone tested the Deep Inpspection Signature module? Is it worth having for a ISP/Webhost?

    Thanks!

  2. #2
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    747
    The SSG (a notch up the regular Netscreens) is indeed a good box. I'm not sure about replacing the switches, but for us, we use the firewall to route between the different subnets that are connected behind the firewall. The anti-ddos holds up faily decently for low-to-medium attacks, and the DPI is pretty good also. We've been using the Netscreen line for about 7 years and this year made the move to SSG when it came out - in short, we like it and it works well for us. The antivirus and antispam (RBL) is a live-saver also.
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

  3. #3
    Thanks for your feedback.

    Are you using the SSG in a hosting enviroment or in a office enviroment? What do you feel about the webGUI, is it good enough for day to day basics?

  4. #4
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    747
    We use it in a hosting environment - The webGUI is pretty straight-forward, needless to say, it can get complex if you want it to. But its gets the day-to-day small issues out. The only bummber (if you will) is the session limitation. You'd have to go to an SSG 550 device to get like 128,000 sessions, something whcih was readily available on the Netscreen 204/208 devices... doe remember, when turning on DPI, your session values are halved.
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

  5. #5
    Ok, thanks!

  6. #6

    Questions regarding Juniper SSG series

    Quote Originally Posted by Babushka99 View Post
    The SSG (a notch up the regular Netscreens) is indeed a good box. I'm not sure about replacing the switches, but for us, we use the firewall to route between the different subnets that are connected behind the firewall. The anti-ddos holds up faily decently for low-to-medium attacks, and the DPI is pretty good also. We've been using the Netscreen line for about 7 years and this year made the move to SSG when it came out - in short, we like it and it works well for us. The antivirus and antispam (RBL) is a live-saver also.
    Have a look at:
    http://www.juniper.net/solutions/lit...efs/351267.pdf
    and
    http://www.stockhouse.com/news/news....newsid=6256101

    SSG or IPG need to be complemented with DDoS mitigation.

  7. #7
    Join Date
    Aug 2004
    Location
    Karachi, Pakistan
    Posts
    747
    That is true - I never cited you can forego DDoS mitigation devices - but within the Juniper boxes themselves - they have adequate DDoS protection, however, it is for low-to-medium pps/bandwidth, etc. type of attacks.
    "I drink too much. The last time I gave a urine sample it had an olive in it. ".
    Rodney Dangerfield (from "I Get No Respect!").

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •