Juniper/NetScreen deal bears fruit

SSG 520 has security, routing features that could give Cisco gear a good run.

Network World has exclusively tested Juniper's SSG 520, a security and routing platform available this week that is the first new fruit from the company's purchase of NetScreen 21 months ago.

Our test results show the device has impressive speed - it supports T-3s and Gigabit Ethernet WAN ports - at a relatively low price, a package that could more than adequately meet the firewall, security and routing needs of the branch offices for which it is designed.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Network World has exclusively tested Juniper's SSG 520, a security and routing platform available this week that is the first new fruit from the company's purchase of NetScreen 21 months ago.

Our test results show the device has impressive speed - it supports T-3s and Gigabit Ethernet WAN ports - at a relatively low price, a package that could more than adequately meet the firewall, security and routing needs of the branch offices for which it is designed.

The SSG 520 and its bigger brother, the SSG 550, represent the first serious threat to Cisco's 2000/3000 routers -- the most successful family of products Cisco has ever launched.

We tested the SSG 520 in our lab, replacing both a Cisco 3745 WAN router and an existing Juniper (NetScreen-208) firewall on one of our DS-3 connections to the Internet. The SSG 520 has everything we've come to expect from Juniper's firewall family, including enterprise-class firewall capabilities, centralized management and deep-packet inspection. Although our tests show that even the low-end SSG 520 can handle a DS-3 with ease, the dynamic routing features of the SSG 520 are still focused on branch offices.

	SECURE SERVICES GATEWAY 520 OVERALL RATING 4.1 Company: Juniper Networks Cost: Basic price with 1GB RAM and four fixed 10/100/1000Mbps interfaces, $6,500. Price as tested, $18,000 (including one DS-3 interface and two extra Gigabit Ethernet interfaces.) Pros: High speed; small form factor; outstanding price/performance; six slots offer good interface flexibility; comfortable ScreenOS interface for firewall and VPN. Cons: Fast enough for the data center, but the routing capabilities don’t fit that environment. The breakdown    Firewall features 35% 4.5 Hardware performance and flexibility 25% 4.5 WAN and dynamic routing management 15% 3 Scalability and suitability for enterprise deployment15% 4 Management integration and manageability10% 3.5 TOTAL SCORE  4.1 Scoring Key: 5: Exceptional; 4: Very good; 3: Average; 2: Below average; 1: Consistently subpar

Click to see:

Juniper's goal for the SSG line is to replace both WAN routers and firewalls at regional and branch offices (see an analysis of the SSG positioning). The SSG 520 can do that with power to spare. With four Gigabit Ethernet ports built into the base chassis, and LAN-to-LAN throughput of nearly 2Gbps, the SSG 520 can replace a network's edge router, edge firewall and internal firewall, simplifying topologies, increasing uptime and easing the burden of remote management. Although the hardware looks and performs like a data-center firewall, Juniper's price of $6,500 definitely targets this box at the midrange, updating the aging NetScreen-204 and -208 product lines.

All of the capabilities common to ScreenOS firewalls are included, such as Web-based and centralized policy control, packet filtering and an intrusion-prevention system (IPS), as well as very flexible site-to-site VPN services. What is missing are new features added with versions 5.2 and 5.3, specifically virus scanning. Juniper says it will be adding virus scanning - along with anti-spyware, key-logger and adware protection - into the SSG later this year with the release of Version 5.4 of ScreenOS.

What is different about the SSG is the hardware with its WAN interfaces. In this release, Juniper is making available six cards, including four-port 10/100Mbps Ethernet cards, copper and fiber one-port Gigabit Ethernet cards, two-port serial and T-1/E-1 cards and a DS-3 card. All of the cards are reasonably priced, in the $500 to $1,500 range, except for the DS-3 card, at a stratospheric $8,500.