LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-01-2008, 10:32 AM   #1
mlewis
Member
 
Registered: Mar 2006
Posts: 187

Rep: Reputation: 16
ScreenOS vs Open Source?


Hey folks,

I am evaluating a netscreen ssg-20 device and wondering about choices.

It's been a real nightmare switching over from watchguard to the netscreen for this eval but for the most part, things are working well. I very much wanted something which could handle multiple WANs, fail over, and do load balancing. So far, load balancing has pretty much been disabled because it seems to conflict with a lot of things but hey, fail over is there.

Support has been great for the most part but it took them a WEEK of screwing around and changing each others settings to finally hear me when I kept telling them that I had created my own policy. I kept asking them if it might be conflicting and sure enough, it was. Aside from that, they have been very good.

The unit will cost me about $1200.00 or so plus various additional things such as IDS and spam protection. The thing is, when I looked at open source projects, those things are all inclusive. For example, they will be using Kaperski (sp?) as their spam solution. Seems silly of me to put money into the Juniper pocket when I might be able to buy a killer piece of hardware for much less, use open source and pay support for that and still get the ability to call in as needed. I save money and I put money into something good, choices.

So, I'm looking for thoughts on this, from others who have gone through this process. I did try pfsense and a couple of others on commodity hardware but was never able to get things working 100%. The hardware would always screw up in some way or another and the firewall would stop responding. I have to believe it was the hardware and not the software as some of this software is so well developed and mature these days.

Now that I've gotten used to ScreenOS, is there something just like it out there that is open source? Your input is valued so that I can make the right decision.

Mike
 
Old 08-01-2008, 04:50 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
$1200 is ridiculously cheap for that kind of functionality. You'll spend more than that in labor to configure another solution to block spam and viruses. Be aware though, such "all in one" solutions really don't do a great job at everything. The Juniper kit is great for packet filtering and built-in IDS, but the real-time anti-virus and anti-spam functionality is a bit limited. Typically that protection is deployed as a separate solution for most organizations and provides a lot higher level of protection. However if your budget is limited, the Juniper solution could be a good way to go just to get some basic protection for e-mail.
 
Old 08-01-2008, 06:18 PM   #3
mlewis
Member
 
Registered: Mar 2006
Posts: 187

Original Poster
Rep: Reputation: 16
Finally got them to give me an eval anti-spam license. After installing it, I can't believe they are charing $250.00 year for this. There's nothing there, it's just a white list and a black list with RBL!
 
Old 08-01-2008, 06:25 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Quote:
Originally Posted by mlewis View Post
Finally got them to give me an eval anti-spam license. After installing it, I can't believe they are charing $250.00 year for this. There's nothing there, it's just a white list and a black list with RBL!
Well, that's about what a yearly RBL subscription costs

Like I said, the anti-spam and anti-virus aren't that deep on devices like this because they have to scan packets in real-time and cannot afford to add latency. Dedicated devices do a much more thorough job (at much higher cost).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Open source on campus: The Stanford Open Source Lab LXer Syndicated Linux News 0 02-12-2008 05:00 PM
LXer: Global Summit of Open Source Leaders Releases Free Online Report on State of Commercial Open Source LXer Syndicated Linux News 0 05-04-2007 08:46 AM
LXer: Open Source coders caught stealing Open Source code LXer Syndicated Linux News 1 04-06-2007 07:08 AM
LXer: Krugle offers code search engine for open source, with open source LXer Syndicated Linux News 0 02-27-2007 08:04 AM
LXer: Open Source Geospatial Foundation Selects Tyler Mitchell, Open Source Advocate, as Executive Director LXer Syndicated Linux News 0 10-19-2006 09:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:33 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration