LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-22-2008, 11:31 AM   #1
mlewis
Member
 
Registered: Mar 2006
Posts: 172

Rep: Reputation: 16
Juniper Netscreen vs Open Source?


I've been evaluating a Juniper NetScreen SSG-20 for a few weeks now.
I'm happy with the device but am a little concerned about the ongoing costs of ownership. I don't mind paying but I want to get value for that payment.

For example, any and all additional services such as spam, virus, security auditing, everything, has an additional yearly maintenance cost.

On the other hand, there are so many well developed, very mature firewall products out there which are open source, which include many of these features, at less of a yearly cost. It simply sounds better to put my money into an open source project, supporting it through a support contract any time I can.

What are your thoughts on this? And, if you are using or have used an SSG, do you know of an open source solution which walks and talks just like the ScreenOS? I ask this because I am trying this after now moving away from Watchguard so would want the learning curve to be as little as possible considering the trouble we went through in converting for this trial.

Thanks for any help you can offer.

Mike
 
Old 07-22-2008, 02:58 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Check out
http://www.linuxquestions.org/questi...liance-652856/

SSG is one of the "top-tier" commercial products, certainly much more well-regarded than WatchGuard. Juniper are well-known for building very high-throughput devices, so if performance is a primary concern it's unlikely that you'd be able to build something from scratch that would rival it. I guess it depends on what your main criteria are.
 
Old 07-22-2008, 03:23 PM   #3
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
I have a Checkpoint UTM-1 for my firewall, It has all those capabilities as well. but I use external appliances for inline SPAM, AV, and Content Filtering, etc.. Products from Barracuda, and Fortinet are built on OSS base with their custom front ends.

Yes I could build similar functionality with all Open Source products, but it's easier for me to pay a subscription fee and have the units kept up to date automatically with minimal interaction from me. I have too much to do already to worry about tweaking things. and a single phone call gets me a replacement appliance overnight if it fails.

I also don't like putting all that load on my firewall.. Offload that work to another server or appliance.

I guess what I am saying is yes you can get the functionality with open source, if you have the time to tweak and admin those boxes as well. I never did get Spamassassin to filter as well as the Barracuda Spam firewall, although I'm sure others have.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Global Summit of Open Source Leaders Releases Free Online Report on State of Commercial Open Source LXer Syndicated Linux News 0 05-04-2007 08:46 AM
LXer: Krugle offers code search engine for open source, with open source LXer Syndicated Linux News 0 02-27-2007 08:04 AM
LXer: Open Source Geospatial Foundation Selects Tyler Mitchell, Open Source Advocate, as Executive Director LXer Syndicated Linux News 0 10-19-2006 09:54 PM
OpenVPN and Juniper Netscreen 25 or Watchguard Firebox X700 saavik Linux - Networking 2 08-24-2006 06:50 AM
LXer: Open-source router firm looks to take on Cisco, Juniper LXer Syndicated Linux News 0 02-26-2006 12:01 AM


All times are GMT -5. The time now is 09:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration