juniper firewall/vpn recommendations

[dalearyous]

need to deploy a firewall at a remote site with always on VPN capabilities. it doesn't have to have extreme features but must be rock solid and perform well. i have not dealt with Juniper in forever but that is the standard that is being given to me. i would like things like traffic control, policy management, NAT options, a mobile SSL VPN connection when necessary, VOIP, and maybe some sort of logging/monitoring. i am normally used to watchguard and some cisco stuff.

what do you guys recommend model wise in the juniper world?

 

[Nate7311]

We'll need some details for proper sizing.
Internet pipe?
Devices behind the FW?
UTM features?
Budget?

 

[Rose Ab]

I would highly recommend the Juniper SSG 5 products. They run about $400-$500 depending on where you purchase. These are rock solid units that we use in one of our mission critical applications linking multiple offices with differing connection speeds. They NEVER go down...literally...we have had them running for years without so much as a bit of problem from the device. We have had the connection go down due to the ISP but never the Junipers. We do not update the firmware very often as they don't recommend it unless you need the new options. This keeps them more stable and secure. We purchase some of the additional options for traffic scanning and filtering but this adds minimal costs. We have tried and used pretty much everything out there and with the exception of the Sophos UTM with RED boxes these are probably the easiest and most trouble free we have found.

 

[dalearyous]

the pipe at the remote location is only 5/1

not a lot of traffic will be sent over the VPN but it will be constant 24/7

not terribly worried about UTM features. 90% of the time there won't even be users at the remote location

no real budget

i am leaning towards SSG140

We'll need some details for proper sizing.
Internet pipe?
Devices behind the FW?
UTM features?
Budget?

 

[berky]

I don't think you're going to get SSL VPN capability with any of the Juniper FW products. They have a separate product line for that (SA series).

The SSG line (netscreens) are definitely a solid box, but be warned.... Juniper as a whole will push you to the SRX line, and have essentially stopped development on the netscreen stuff (I'm pretty sure they are only doing security updates and the like... not much in terms of new features)

That being said, the SRX's are pretty solid as well. You may want to talk to a Juniper rep to help you determine which one will fit your needs the best.

 

[Nate7311]

I don't think you're going to get SSL VPN capability with any of the Juniper FW products. They have a separate product line for that (SA series).

The SSG line (netscreens) are definitely a solid box, but be warned.... Juniper as a whole will push you to the SRX line, and have essentially stopped development on the netscreen stuff (I'm pretty sure they are only doing security updates and the like... not much in terms of new features)

That being said, the SRX's are pretty solid as well. You may want to talk to a Juniper rep to help you determine which one will fit your needs the best.

^ What he said. Without the SSL VPN requirement, the SSG5 would be perfect.

 

[dalearyous]

spoke with someone at Juniper, they recommended the SRX210 ... its half the price of the SSG 140 so i am sold.

 

[Berg0]

I deploy SRX100's everywhere. they're solid.

 

[Liquidkristal]

on a 5/1 connection the SRX100 will serve that no problem at all, a 210 is overkill

 

[Mackintire]

SRX is the way to go.

SSG5? I think there are sellers on e-bay selling that for under $100.

 

[dalearyous]

we have to comply with certain industry standards and security and have multiple WANs. its extremely regulated so the SRX 210 is overkill but thats ok.