Paul, Check the datasheets available on the Juniper site for details on the amount of load these boxes can handle. For just raw FW performance the SSG-140 should easily be able to handle the 20-50 Mbps load you intend to throw at it. One of the nice things that I really like about these boxes is that you can selectively enable which traffic you intend to do perform Anti-Virus and Anti-Spam, rather than all traffic, so if you do your policies correctly you can choose to do Anti-Spam only for SMTP traffic, or AV for SMTP attachments, http, and ftp for example. Similarly you can choose to enable the IDS functions (which for an SSG-140 is really just basic signature matching) for only certain types of traffic. If you choose your configuration wisely you should be able to scale the box to meet your needs.
If you can spend a little more you might opt for the SSG 320M which would give you the flexibility to upgrade to JUNOS-ES in the future, should you wish to do so. On 3/6/09, Paul Stewart <p...@paulstewart.org> wrote: > Hi folks.. new to the list and looking for some real-world feedback on SSG > boxes and how they handle load. Perhaps this isn't the proper use for the > box or maybe it works just fine. > > > > We're a service provider that has a small server farm. The traffic on this > server farm is 20Mb/s on average with occasional peaks up to 50Mb/s. > > > > Our first requirement is a good firewall. Then on the ports still exposed > we're looking for packet inspection (IDS) with the idea that when certain > levels of signatures are hit then those packets will be dropped. I believe > at this point that an SSG can handle this.. We're considering an SSG-140 at > this point. > > > > Now, turn on anti-spam and anti-virus - since these servers behind it handle > substantial amounts of email traffic I was wondering if the SSG could "zap > the obvious stuff" before it hits these servers (when also perform > anti-virus and anti-spam).. the theory being that the obvious stuff wouldn't > ever make it to the box...? > > > > If I have the design concept correctly, these boxes are really designed more > for small to large office deployments and not data center deployment. But > with the traffic levels mentioned above, has anyone deployed something > similar? > > > > Thanks, > > > > Paul > > > > > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Sent from Gmail for mobile | mobile.google.com Stefan Fouant Stay the patient course. Of little worth is your ire. The network is down. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp