Hey all,
I'm interested in getting a 'branch' class firewall / router at home -- these are more expensive than what most people are willing to install at home, but as I'm learning more about enterprise networking I think it would be useful to have a lab environment at home and having a device that offers fine grained control and VPN access to my home server and VMs would be nice.
At this point I think I'm split between getting a Cisco ASA 5505 or a Juniper SRX210. Any advice you guys have to offer would be appreciated.
Pros for the ASA:
* I already use Cisco gear at work so I'm somewhat familiar with their operating system. This also means that having an ASA at home would be a good lab setup in that it will give me additional experience that will be useful at my day job.
* Having some experience with IOS means I should be able to get this up and running quickly.
* There are lots of good resources available on configuring these things, and probably a better 'community' around them than what's available for Juniper's offerings.
Cons for the ASA:
* The 5505 is a bit dated and close to end of life.
* No gigabit ports
* Licensing is pretty bad. The base license only allows for 10 connected devices and 2 VLANs. Licenses to extend this functionality are expensive, and since I'd probably have to buy one of these things used from eBay, I wouldn't have access to software updates.
Pros for the SRX:
* More features for roughly the same cost (used)
* More recent hardware
* 2 gigabit ports
* No artifical limit on number of connected devices or VLANs
* Licensing is slightly better, but still not great (still have to pay for software updates)
Cons for the SRX:
* I have no experience with JunOS, so I'm not sure how steep the learning curve will be.
* I don't currently use JunOS at work, so the experience I gain won't be relevant to my job right now (but could be useful in the future)
* It's hard to even find a decent review of this device, so I doubt it's very widely used (at least compared to the ASA).
* I'm not sure how well the VPN solution will work -- I expect it will work on Windows but I use Windows, Mac and Linux and would want to be certain that dynamic (not site to site) VPN would work for all the platforms I use.
While I've also considered pfSense, which would be a much cheaper option (open source), I'm not interested in using it for a lab setup right now. I've used pfSense quite a bit and I like it a lot, but it's not really used anywhere in enterprise environments. Cisco and Juniper are, which means that getting more experience with either of these platforms would be a good career move.
Thoughts?
I'm interested in getting a 'branch' class firewall / router at home -- these are more expensive than what most people are willing to install at home, but as I'm learning more about enterprise networking I think it would be useful to have a lab environment at home and having a device that offers fine grained control and VPN access to my home server and VMs would be nice.
At this point I think I'm split between getting a Cisco ASA 5505 or a Juniper SRX210. Any advice you guys have to offer would be appreciated.
Pros for the ASA:
* I already use Cisco gear at work so I'm somewhat familiar with their operating system. This also means that having an ASA at home would be a good lab setup in that it will give me additional experience that will be useful at my day job.
* Having some experience with IOS means I should be able to get this up and running quickly.
* There are lots of good resources available on configuring these things, and probably a better 'community' around them than what's available for Juniper's offerings.
Cons for the ASA:
* The 5505 is a bit dated and close to end of life.
* No gigabit ports
* Licensing is pretty bad. The base license only allows for 10 connected devices and 2 VLANs. Licenses to extend this functionality are expensive, and since I'd probably have to buy one of these things used from eBay, I wouldn't have access to software updates.
Pros for the SRX:
* More features for roughly the same cost (used)
* More recent hardware
* 2 gigabit ports
* No artifical limit on number of connected devices or VLANs
* Licensing is slightly better, but still not great (still have to pay for software updates)
Cons for the SRX:
* I have no experience with JunOS, so I'm not sure how steep the learning curve will be.
* I don't currently use JunOS at work, so the experience I gain won't be relevant to my job right now (but could be useful in the future)
* It's hard to even find a decent review of this device, so I doubt it's very widely used (at least compared to the ASA).
* I'm not sure how well the VPN solution will work -- I expect it will work on Windows but I use Windows, Mac and Linux and would want to be certain that dynamic (not site to site) VPN would work for all the platforms I use.
While I've also considered pfSense, which would be a much cheaper option (open source), I'm not interested in using it for a lab setup right now. I've used pfSense quite a bit and I like it a lot, but it's not really used anywhere in enterprise environments. Cisco and Juniper are, which means that getting more experience with either of these platforms would be a good career move.
Thoughts?