On 8/15/12 10:08 AM, Majdi S. Abbas wrote:
On Wed, Aug 15, 2012 at 09:53:07AM -0700, joel jaeggli wrote:
I'm generally down on the idea of putting a stateful firewall in
front of a service that accepts unsolicited incoming connections, it
will tend to be the least scalable item in the path.
That's okay, anyone that does this is quickly going to turn off
the involved ALG, as well as all the TCP state checks. They may even
wind up in packet mode.
yeah agree, and it should do small packet up to a point, after which
it's unsuitable, but until then.
Not that a 210 is super scalable to begin with... but now that
the J-series has effectively been turned into the SRX line I suspect
this is more common than we think.
At least for Juniper's customers,
given the obvious gap in the product line.
--msa
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
