I believe the SSG's are now discontinued as Juniper moved away from ScreenOS to their SRX platform which is, to my understanding, a combination of JUNOS and some remnants of ScreenOS.
Either way Juniper and Fortinet boxes are rock solid in my experience. On Thu, Aug 4, 2011 at 10:38 AM, David Lum <david....@nwea.org> wrote: > And now I need to choose a firewall. Holy crap there are a multitude of > options, not the least of which are the various UTM (Unified Threat > Management) options and reporting options. > > What kind of features do you guys find are key and are there any features > you thought you'd use but really don't? > > Dave > > -----Original Message----- > From: David Lum [mailto:david....@nwea.org] > Sent: Thursday, August 04, 2011 6:08 AM > To: NT System Admin Issues > Subject: RE: SMB firewall (was RE: VLAN N00b) > > Yep, what you describe is exactly what I was envisioning, thanks! (BTW Dell > also calls it tagging). Now to decide on a firewall. I called my client last > night and she was already onboard with my thinking "go ahead and buy it or > send me a link and I'll order it". > > I love clients that trust you enough that all you need to do is explain the > concept and benefits and they're ready to pull the trigger, weird telling > them "uh, I'm not ready to buy anything as I need to decide on the exact > product..." :-). > > It's also nice is knowing steering them to a managed switch 3 years ago is > going to pay off with this little project. > > Dave > > -----Original Message----- > From: Ben Scott [mailto:mailvor...@gmail.com] > Sent: Thursday, August 04, 2011 5:34 AM > To: NT System Admin Issues > Subject: Re: SMB firewall (was RE: VLAN N00b) > > On Wed, Aug 3, 2011 at 4:42 PM, David Lum <david....@nwea.org> wrote: > > So ideally in your opinion the firewall would effectively give > > each VLAN (each VLAN defined by 802.1Q tags) it's own > > DHCP scope and thus their own IP settings, correct? > > More or less. > > I would separate your desired access groups into separate networks. > > Conceptually, start with the idea that you have each group on a > different physical switch, each with its own DHCP server, and its own > > > <snip> > > So upgrade the concept to a firewall that understands 802.1Q VLAN > tags. Only one cable from the switch to the firewall. Each separate > VLAN gets associated with that single cable, and the switch and > firewall use 802.1Q VLAN tags to know which isolated network a given > frame is for. > > Only the switch port connected to the firewall emits or expects > frames with VLAN tags. (I believe Cisco calls this a "VLAN trunk > port"; HP calls it "tagged"; I dunno what Dell calls it.) All the > other switch ports are on a single VLAN ("untagged" in HP-speak), and > just act like separate switches for the nodes which aren't aware of > the other networks. > > Make sense? > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin