ScreenOS 5.3r3 is out!!!



  • yippee



  • Where can I download the actual ScreenOS? Someone a link please



  • Hi,
    I have netscreen 208 with screen0S.5.3.0r3.I still have issue when add any policies it needs rebooting. I did research on Juniper and found out this isses 24449 wasn corrected in ScreenOS 4.0… already. What you think I need to do to correct this problem?

    thanks
    🙂



  • does anyone have a ns-500 5.3 screen os . ohh god i tried to find out the price for the yearly subscription of the screenos for ns-500 a partner said that it will cost around 9000 $$$$$$$$$$$$$$$$$$$$$$$4. it’s  really expensive. i hate one thing abt my policy. my box is 3 yrs old and the subcription has not been renewed. thye are saying that i will have to upgrade from the last date of valid subscription. means i will have to pay 3 years yearly subscription. that’s really bad. can someone help with it. plsssssssssssssss.

    regards

    sebastan



  • hi buddy. ofcourse yes in ssl arena netscreen has won many awards .people say even checkpoint connectra is very good. i have a report in which they tested checkpoint’s connectra,cisco vpn concentrator and netscreen ssl. they tested with some 17 attacks and checkpoint stopped all of them all the attacks were at application layer netscreen did stop a few ones and cisco stopped only one. very poor for cisco.if u want i can post the test report here. as far firewalling chcekpoint and netscreen are far better than pix or asa. i have worked a lot on pix but serisouly i have started with netscreen and feel they are far better of than cisco. their virtual firewalls. doesn;t support routing,vpns and support for multicast traffic. it can only support the same old natting in the box and nothing else. what do u say. see ya

    regards

    sebastan



  • After many discussions with support engineers, and having worked with Netscreen since 2001,  it seems Juniper did not force the same level of QA on Netscreen when they acquired them that went into JunOS. Netscreen has many versions of code out;  most of us only see 5.xrx, but they have many sub-releases of code for specific customers. This is part of the problem. Also, Juniper has been in full-bore acquisition mode lately in the last 2 years, and if you’ve ever gone through an M&A, then you know that many of the business processes suffer, including loss of personnel.  I anticipate stability in the product line in 5.4 when the code becomes a main release for all ScreenOS hardware products. I think Juniper is also committed to producing standard releases at set times and not rushing versions out the door just to satisfy a feature request. If you are familiar with the the other Netscreen product: SSL VPN, you’ve probably seen a huge difference in code since last year(more features and stability), probably due to the fact that SSL VPN is what’s hot and they have a nice lead in this arena. Firewall/VPN appliances are all becoming pretty similiar. Everyone is trying to do the same thing now (Traffic shaping, layer 7 inspection, AV, Web filtering, spyware detection, VSYS, routing,  etc…). Personally, having worked with the big 3 (Checkpoint, Cisco and Netscreen), there is not a clear winner; they all screw up things differently. I am not completely happy with ScreenOS,  but for me it’s the best for the features it offers and its security posture(zone-based firewalling and virtual routers).



  • @rf:

    I am beginning to think their software QA process is nearly nonexistent, or it just tests simple things and not advanced configurations or more exotic (but nevertheless plausible, possible, and common) failure modes.

    agree 100%



  • I am beginning to think their software QA process is nearly nonexistent, or it just tests simple things and not advanced configurations or more exotic (but nevertheless plausible, possible, and common) failure modes.



  • ok luder thanks for ur reply. we all a re eagelrly waiting for the latest release. hey luder i have a doubt regarding the idp 10 and 100 which are already end of sale. can u pls help me on that. i have posted it in the idp forum. see ya waiting for ur reply.

    regards

    sebastan



  • @sebastan_bach:

    hi luder what is the bug u found yesterday. are u screenos tester or a programmer. yeah it’a a from a long time netscreen is has not come up with a stable screenos. we have to look for the release notes when working on it. i think they should not be like cisco just brining in new features without proper testing .

    regards

    sebastan

    i am neither, just a designer and implementor trying to get what seems a basic idea to work… and just been walking the 5.2 / 5.3 OS minefield. I always check the release notes, but they are being continually updated 🙂



  • in regards to CIsco at least by the release (IOS code) you know it not fully tested (ie main release or pre release), whereas juniper just release one version
    without any testing it seems latelty.



  • i have downgrade to ScreenOS Version 5.3.0r1 < it works at best, the ScreenOS Version 5.3.0r3 do not run over 1 week, the device can not make new sessions only the ping works a.s.o. We have now to wait for a new version…… (I have a NS-5GT-ADSL)

    cu Peter



  • hi pete i truly agree with u ab the cisco ios train. it production that’s whay people use aold cisco ios and don’t run behind the new ios features.i reall hope the netsreen os gets stable as u say from the 5.4 series. i fell netscreen should now focus more on unified architecture .endpoint security and one box solutions also . what do u say abt that pete. it;s always good to read ur views . waiting for ur views. see ya and keep us updated buddy.

    regards

    sebastan



  • hopefully you’ll start seeing more stability from 5.4 and on. The last not so buggy release I’ve worked with was pre-5.0. Too many different product lines running different versions of code leads to disparity and poor QA. I know that 5.4 is basically a major rewrite to merge all the products together under the same release. It should actually be labeled as 6.0. Netscreen was falling into the Cisco IOS trap, where new features were added without regard to QA and testing. I can’t remember how many times I’ve upgraded Cisco routers because something was broken. Usually the first response you get from Cisco TAC these days is “this is a known bug, please upgrade to 12.x(xxT)jyz4yktr2” When the code release starts looking like a preshared-key for a VPN Tunnel you know you’ve got problems.



  • hi luder what is the bug u found yesterday. are u screenos tester or a programmer. yeah it’a a from a long time netscreen is has not come up with a stable screenos. we have to look for the release notes when working on it. i think they should not be like cisco just brining in new features without proper testing .

    regards

    sebastan



  • with all the hassles i have had in the 5.2+ range i would not upgrade to any until 5.4 (and tested it).

    I have had code patches re written for me in regards to major flaws. Even now i still have juniper looking
    at code for a issue which i found yesterday.  :x


  • Global Moderator

    I wish it were so easy 🙂

    Have a read of this thread



  • can’t you just use the command “set interface adsl phy link-down” to shut down the ADSL interface? I don’t use the ADSL wireless model, just the Untrust model.


  • Global Moderator

    junipoint: Do you know if we can shut down interfaces on the 5GT with this release?  It’s annoying in one box I have to have the ADSL line flapping all the time (as it’s unplugged and not in use)



  • basically in 5.4 almost everything you could want from a wireless firewall is configurable, especially if you have the extended key. Also, 5.4 is a universal release for all platforms: 5gt, ssg, ISG, and other NS platforms.


 

37
Online

38.4k
Users

12.7k
Topics

44.5k
Posts