Re: Best VPN Appliance
On Mar 18, 2010, at 5:17 AM, Dawood Iqbal wrote: The problem i'm facing so far is MAC OS X compatibility. The demo box i had for Juniper was not able to run Network Connect on MAC OS 10.5.8. We use an SA700 (lowest-end model) and I use NC regularly form my Mac, but I am running 10.6.2. I did not have trouble running NC when I was on 10.5 however, but that was several months ago. The biggest trick on the Mac is figuring out how to use a client-side certificate properly... From your experience from F5, Juniper and Barracuda, which one will be best in terms of; Speaking only from my experience with the Juniper product: 1) Support When dealing with configuring and troubleshooting the appliance itself, JTAC has been pretty helpful when I've had to call on them. However, it has been hard getting help when dealing with client issues (Bob's PC won't establish tunnel properly, host checker issues, etc.). 2) Resiliency We don't do HA as we only have a handful of users, so I can't speak to this. 3) Security It's good enough for us, and we have lots of rules we have to follow (financial institution). Authentication is hooked into our Active Directory, so passwords are managed from there. We require a client-side certificate issued from a private CA, which works well, even recognizes and enforces certificate revocation lists. 4) Scalability See #2. We have a max of maybe five concurrent users, and that's a rare occurrence. 5) Manageability Set it and forget it. Only thing I have to do is load ESAP updates occasionally (host checker engine definitions). There are a couple useful SNMP oid's but they're not documented very well.
Comcast DNS
Anyone else having problems doing recursive lookups on Comcast's DNS servers?
Re: Qwest Issues?
No problems here On Nov 24, 2008, at 4:01 PM, [EMAIL PROTECTED] wrote: Anyone else seeing Qwest issues? Lost routing at about 2:09PM CST Route back dies at cer-core-01.inet.qwest.net
Re: Cisco vs Adtran vs Juniper
On Jul 18, 2008, at 10:49 AM, Eric Van Tol wrote: I'm looking for some constructive feedback on **real world** experiences please... We're split pretty evenly between Cisco and Juniper boxes and are happy with both. It all really depends on the services you want to sell or support for your customers, as each box can do different things. I've been using both these boxes for a while, the SSGs in particular, so I'll chime in. Eric is right, the WebUI for ScreenOS is not very good, but it's far better than any of the interfaces I've seen on any other security devices. It has its quirks, but it does get the job done. I have no complaints about the SSG hardware, you get decent port density across the line and 90% of the functionality you will want is there out of the box with no additional licensing required (stateful firewall, IPSec, all routing protocols, etc). Don't bother with the Antivirus and Antispam on ScreenOS, it sucks and Juniper knows it. The web filtering works pretty well, though. They're very flexible with regards to interoperability with other vendors (even Cisco). I've connected one to just about every vendor imaginable and there is always a way to make it work. If you're looking for a cheap router/firewall/VPN box, then the SSGs from Juniper are the way to go right now. JunOS Enhanced Services could make our lives even better too... Both Cisco and Juniper offer great options for this. CPE from both is typically very solid. Juniper has the added benefit of being able to convert their J-series boxes to Netscreen SSG firewalls and the cards are interchangeable between the security/J-series platforms. Of course, this does cost you in license fees. NAT on the J-series is a pain to set up and unfortunately, the default 256M flash on them is just too small to support an easy JUNOS upgrade. What he said -- with the J series you get JunOS and now JunOS Enhanced Services, so you get a full-fledged firewall as well. No need to convert them to ScreenOS (unless you need a feature that hasn't been ported from ScreenOS to JunOS ES yet). The only thing I really don't like in the J series is the lack of a non rack mount form factor. A lot of small and branch offices don't necessarily have racks and it can be cumbersome to convince someone they need a 19 wide noisebox to be their router. More on JunOS ES: http://www.juniper.net/techpubs/software/junos-es/ Regards, M
Re: Line rate gigabit router/switch options
I think a J series would be the way to go as well. Even the 4350 claims 1Gbps+ forwarding. To give you an idea of cost, a J4350 will list about $5k J6350 will list about $10.5k. The 8-port GigE PIMs list at $1800 per, 16-port GigE PIM (dual height) at $3000. Of course, those are list prices... M On Jul 17, 2008, at 3:02 PM, Paul Kelly :: Blacknight wrote: Hi Matthew, The Juniper J6350 boxes are both cost effective and are claimed to do line 2Gbit/s of IMIX traffic I think. We've several deployed between multitple DCs in Dublin and a load of J4350 at different layers. Stick 2GB of ram into each one and they'll go a long way. Paul Paul Kelly Technical Director Blacknight Internet Solutions ltd Hosting, Colocation, Dedicated servers IP Transit Services Tel: +353 (0) 59 9183072 Lo-call: 1850 929 929 DDI: +353 (0) 59 9183091 e-mail: [EMAIL PROTECTED] web: http://www.blacknight.ie Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park, Sleaty Road, Graiguecullen, Carlow, Ireland Company No.: 370845 -Original Message- From: Matthew Huff [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2008 8:21 PM To: 'nanog@nanog.org' Subject: Line rate gigabit router/switch options We have a pair of cisco 7204VXR routers connecting to STFI receiving market data. At peak periods micro-bursts of unicast and multicast data overrun the Ethernet fifo buffer due to the 7200 being a cpu based router. A 7600 router would be a good replacement but it isn't cost effective. We need BGP, rip, pim multicast and netflow. Since the connections are all metro Ethernet, Cisco has suggested looking at the 3750 switch platform that does BGP since all of the packets are hardware switched, but it doesn't due L3 netflow. I've been doing cisco for too long and was wondering what the cost effective options are with other vendors or even other possible cisco solutions. Matthew Huff | One Manhattanville Rd OTA Management LLC | Purchase, NY 10577 www.ox.com | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-460-4139
