How we tested he Juniper Secure Services Gateway 520.We tested the Juniper Secure Services Gateway 520 by putting it into production in our Tucson, Ariz., lab on an Internet DS3 connection supplied through MCI. We brought up the SSG 520 on the DS3 and then started up a BGP session with the MCI network.Because the SSG family can’t handle a full Internet feed, we asked MCI to limit our BGP session to a subset of the full routing table, about 1,000 entries. Then we attached the SSG to our external network and brought it into the OSPF routing fabric with our other LAN and WAN routers. We tested route redistribution by sending the BGP entries into the OSPF side and verifying that our Cisco, Lucent, Nokia, and Extreme routers could all successfully peer with the SSG 520.We then added the SSG 520 to Juniper’s management system, NetScreen Security Manager, running on a Linux server in our network. Although we accomplished the initial configuration with a combination of the Juniper CLI and Web-based GUI, we used NetScreen Security Manager for all our other configuration tasks. To test the firewall side of the SSG 520, we moved our security policy upstream from internal routers and pushed it all to the SSG 520. Then we let the SSG 520 act as the firewall for our entire network. Because the SSG 520 uses the well-tested ScreenOS v5.1 for its firewall, we didn’t do any specific firewall-security tests. However, we tuned up our IDS sensor inside the firewall to make sure that nothing got through that shouldn’t have.After a week of testing in production, we pulled the SSG 520 out of service and put it to the Spirent torture test. Using four Spirent Avalanche/Reflector appliances, we stress-tested the SSG 520 with HTTP traffic across four gigabit copper interfaces. We ran three main sets of tests, designed to measure TCP connection rate, steady-state HTTP throughput with short connections, and LAN-to-LAN throughput with long-lived connections.In each case, we ran the tests twice, once with a firewall policy and then again including Juniper’s intrusion-prevention system, which they call “Deep Inspection.” For the IPS part of the test, we used HTTP streams and enabled all of the HTTP critical and major signature and protocol anomaly rules.Return to Juniper Clear Choice Test Related content news Broadcom to lay off over 1,200 VMware employees as deal closes The closing of VMware’s $69 billion acquisition by Broadcom will lead to layoffs, with 1,267 VMware workers set to lose their jobs at the start of the new year. By Jon Gold Dec 01, 2023 3 mins Technology Industry Technology Industry Markets news analysis Cisco joins $10M funding round for Aviz Networks' enterprise SONiC drive Investment news follows a partnership between the vendors aimed at delivering an enterprise-grade SONiC offering for customers interested in the open-source network operating system. By Michael Cooney Dec 01, 2023 3 mins Network Management Software Industry Networking news Cisco CCNA and AWS cloud networking rank among highest paying IT certifications Cloud expertise and security know-how remain critical in building today’s networks, and these skills pay top dollar, according to Skillsoft’s annual ranking of the most valuable IT certifications. Demand for talent continues to outweigh s By Denise Dubie Nov 30, 2023 7 mins Certifications Network Security Networking news Mainframe modernization gets a boost from Kyndryl, AWS collaboration Kyndryl and AWS have expanded their partnership to help enterprise customers simplify and accelerate their mainframe modernization initiatives. By Michael Cooney Nov 30, 2023 4 mins Mainframes Cloud Computing Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe