Educause Security Discussion mailing list archives
Re: Juniper Firewalls
From: "Lovaas,Steven" <Steven.Lovaas () COLOSTATE EDU>
Date: Fri, 7 Dec 2007 14:20:10 -0700
We've been standardizing internally on the Juniper SSG line. I concur that transparent can be a little more difficult, partially because the documentation on transparent mode is less complete. But it does make the deployment easy, since you don't have to change anyone's addressing. Also (and this may have changed in the most recent OS) I believe that Active-Active HA is only supported with routed mode. Steve ============================================ Steven Lovaas, MSIA, CISSP IT Security Manager Academic Computing & Network Services Colorado State University 970-297-3707 Steven.Lovaas () ColoState EDU ============================================ -----Original Message----- From: John Kemp [mailto:kemp () NETWORK-SERVICES UOREGON EDU] Sent: Thursday, December 06, 2007 4:39 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Juniper Firewalls Clark, Joseph K wrote:
How many segments? 3-4 Segments Transparent or routed Still testing both methods to determine what will be the best fit for our environment. I am currently leaning toward routed due to the load balancing option.
Yes, definitely.
From a management standpoint, it becomes a bear
to even identify machine locations when you have that many segments and you are transparent. The other place it gets you is VPN termination. Some of it you can't do, and in general it gets much harder if you are transparent. 2 cents. /jgk
Current thread:
- Juniper Firewalls Clark, Joseph K (Dec 06)
- <Possible follow-ups>
- Re: Juniper Firewalls jkaftan (Dec 06)
- Re: Juniper Firewalls Clark, Joseph K (Dec 06)
- Re: Juniper Firewalls John Kemp (Dec 06)
- Re: Juniper Firewalls Marsh, Todd (Dec 06)
- Re: Juniper Firewalls Clark, Joseph K (Dec 06)
- Re: Juniper Firewalls John Kemp (Dec 06)
- Re: Juniper Firewalls Lovaas,Steven (Dec 07)