Virtual systems and unified architecture enterprise models

  • i ahev worked on cisoc pix a lot. now the latest one supports virtual systems just like out netscreen boxes. but they are still lacking allowing routing protocols and vpns in virtual systems. but very soon they will be upgrading their ios to that so it matches with netscreen virtual systems and checkpoint’s VSX gateways. and the best part is it’s available on a enterprise level box which cost only around 6,000 $ with default 3 virtual systems in it. plsu the asa has support for integrating ips in it and has bulit in support for web-vpn.netscreen has seperate boxes for all of them idp and ssl is concerned. i guess they should comeup with boxes that have integrated solution at enterprise level . they should integrate virtual systems atleast in the 208 or 204 series. this is where cisco kills netscreen.evenif someone buys a ISG series having idp in it still for ssl vpns they have to buy a new box.i feel checkpoint is the only one right now who is having a total unified architecture cisco has already started moving towards it why netscreen is left behind. all suggestions welcomed.


  • hi frac u mean to say the job market for juniper is not so good as compared to cisco and checkpoint right. are u working for a solution provider . i have just started studying for netscreen now. mght need ur help for sure with issues. i hope u can help me out. see ya and bye buddy.


  • Engineer

    Hi sebastan,

    i did both exams (the prof one is a hard one, you realy need to have worked with the product)

    I passed all exams, only need to do the IDP one and then i have all juniper security product certf.

    Well where i life we are looking for more juniper knowledge and have a hard time to find it. (looking for 1 years now and didn’t find any real good one)


  • hi frac thanks for views over this. i worked a lot on cisoc products. i have just started with netscreen . i have bought a netscreen 500 along with a 5-gt for finishing my jncia and jnics . have u done ur netscreen certifications. but tell me frankly is there a demand in the security market for netscreen certified professionals. i have no idea abt it. and good to know u buddy. got a msn or yahoo id. so we can chat. we can be good friends. bye waiting for ur reply. see ya


  • Engineer

    hi sebastan,

    Well on firewall Checkpoint and netscreen are one of the best i think. Were i like Netscreen more because of nice VPN options (dyn routing, etc). Also if you have a problem it is easy to find it with all the nice debugs you can run on a netscreen (not so nice on checkpoint).

    cisco was always behind, and yes the will/are a big player here. And will become better and better, but for now i have the feeling they still are a bit behind. The ASA is a good step, but is new so will have to prove himself.

    Checkpoint is good for basic firewall, but for the IDS/IDP function i like the IDP of netscreen more (you realy have to work with one they are amazing).

    for the DI (netscreen) and the smartdefense (checkpoint) part. I think that the netscreen point of view is better, because you can enable and choose what to check on a per policy bases. with checkpoint it is enabled or disabled on a global bases (so for all the traffic).


  • hi frac what u said is right. but u know that cisco is a big shark in the industry.till now he was actually taking the plunge in the security market. but it will . now since all the firewalls have started going for the unified architecture like checkpoint even cisco has completed it’s task of a getting a one box solution. even cost wise netscreen is more expensive than cisco is. since u have worked on all the firewalls. which one u have found the best of all. but i feel where application security is concerned checkpoint has more options to configure minute details . what’s ur opinion . see ya good to have someone talking over this topic. see ya frac


  • Engineer


    i think this is a smart move of netscreen. I don’t believe in god boxes.
    i work with netscreen/checkpoint/cisco.

    first of all netscreen has a idp function in his appliances (DI) this is better then other implemented it, because it works on policy bases and not on gobal bases like a checkpoint does it.

    Ok the SSL is maybe something they are missing in the mid-range, but with the new SSG boxes they will be able to implement it for the mid-range (not the full blown, but checkpoint and cisco don’t have that also).

    Speaking of cisco:

    1. ASA is new (not proven tech (pix sucked big time => i call it a advanced router))
    2. SSL on the concentrator was poor very poor (will it be the same on the ASA?)
    3. IDP on cisco is new (not proven tech)

    The IDP and SSL appliances of netscreen were and are the best in the market (onesecure/neoteris), so i rather have 3 boxes that do there job then one box that does it all but poor/not_good.

    Maybe someone has an other idea?