LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ScreenOS vs Open Source? (https://www.linuxquestions.org/questions/linux-security-4/screenos-vs-open-source-659767/)

mlewis 08-01-2008 10:32 AM

ScreenOS vs Open Source?
 
Hey folks,

I am evaluating a netscreen ssg-20 device and wondering about choices.

It's been a real nightmare switching over from watchguard to the netscreen for this eval but for the most part, things are working well. I very much wanted something which could handle multiple WANs, fail over, and do load balancing. So far, load balancing has pretty much been disabled because it seems to conflict with a lot of things but hey, fail over is there.

Support has been great for the most part but it took them a WEEK of screwing around and changing each others settings to finally hear me when I kept telling them that I had created my own policy. I kept asking them if it might be conflicting and sure enough, it was. Aside from that, they have been very good.

The unit will cost me about $1200.00 or so plus various additional things such as IDS and spam protection. The thing is, when I looked at open source projects, those things are all inclusive. For example, they will be using Kaperski (sp?) as their spam solution. Seems silly of me to put money into the Juniper pocket when I might be able to buy a killer piece of hardware for much less, use open source and pay support for that and still get the ability to call in as needed. I save money and I put money into something good, choices.

So, I'm looking for thoughts on this, from others who have gone through this process. I did try pfsense and a couple of others on commodity hardware but was never able to get things working 100%. The hardware would always screw up in some way or another and the firewall would stop responding. I have to believe it was the hardware and not the software as some of this software is so well developed and mature these days.

Now that I've gotten used to ScreenOS, is there something just like it out there that is open source? Your input is valued so that I can make the right decision.

Mike

chort 08-01-2008 04:50 PM

$1200 is ridiculously cheap for that kind of functionality. You'll spend more than that in labor to configure another solution to block spam and viruses. Be aware though, such "all in one" solutions really don't do a great job at everything. The Juniper kit is great for packet filtering and built-in IDS, but the real-time anti-virus and anti-spam functionality is a bit limited. Typically that protection is deployed as a separate solution for most organizations and provides a lot higher level of protection. However if your budget is limited, the Juniper solution could be a good way to go just to get some basic protection for e-mail.

mlewis 08-01-2008 06:18 PM

Finally got them to give me an eval anti-spam license. After installing it, I can't believe they are charing $250.00 year for this. There's nothing there, it's just a white list and a black list with RBL!

chort 08-01-2008 06:25 PM

Quote:

Originally Posted by mlewis (Post 3233731)
Finally got them to give me an eval anti-spam license. After installing it, I can't believe they are charing $250.00 year for this. There's nothing there, it's just a white list and a black list with RBL!

Well, that's about what a yearly RBL subscription costs ;)

Like I said, the anti-spam and anti-virus aren't that deep on devices like this because they have to scan packets in real-time and cannot afford to add latency. Dedicated devices do a much more thorough job (at much higher cost).


All times are GMT -5. The time now is 12:49 PM.