SSG5 Firmware



  • I have not checked the firmware updates for our SSG5 for a while.  I did so over the weekend and found that there have been a few updates since 5.4r3a which is on our box.  I was going to update to 5.4r8, however, on reading the release notes, I notice some known issues on site to site VPNS and traffic drops on VIPs.  The SSG5 is our main box to the Internet.  R7 does have some issues as well apparently, but nothing that will affect our setup.

    Any opinions out there for the best version for a SSG5?  Many thanks!

    DWhite


  • Global Moderator

    I would go for 5.4r8, when getting trouble a downgrade takes only a few minutes. Or replace VIP with dst NAT:

    set arp nat-dst (hidden featutre)
    pol from untrust to untrust with nat-dst to internal destination.



  • I have not seen any issues with 5.4r8, but we do not run any VIP’s.  We have lots of site to site VPN’s and client to site VPNs.

    Greg


 

33
Online

38.4k
Users

12.7k
Topics

44.5k
Posts