Educause Security Discussion mailing list archives

Re: juniper srx 3400/3600 vs. cisco asa 5580

From: "Julian Y. Koh" <kohster () NORTHWESTERN EDU>
Date: Wed, 19 May 2010 10:39:20 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We replaced an old Netscreen 5200 pair with a pair of SRX3400's last
August.  We also have a pair of FWSM's that we are in the process of
replacing with a pair of SRX5600's.

Overall life has been good.  People always hated the ASDM interface for GUI
management for the FWSM's, and we were already familiar with CLI JunOS.
The SRX GUI is decent, but the code level that we're running the SRX3400's
doesn't allocate enough memory to load up our full ruleset, so we need to
update.  That will make examining rules a lot easier than via the CLI, but
the GUI has a limitation that you can't put in comments for rules like you
can via the JunOS "annotate" option.  Since the comments are a key
component of our change management process, we'll probably still continue
to use the CLI to actually implement changes.


-----BEGIN PGP SIGNATURE-----
Version: 9.9.1.287

wj8DBQFL9AYmDlQHnMkeAWMRAkILAKCncBQRwXGeoVgS2jqiwAC1CEH13QCfe8Bd
Nvr29VfQx9ZxMjjhlJlGzKM=
=Xu/I
-----END PGP SIGNATURE-----

--
Julian Y. Koh                         <mailto:kohster () northwestern edu>
Manager, Network Transport                         <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

Current thread:

juniper srx 3400/3600 vs. cisco asa 5580 Michael Renne (May 19)
- <Possible follow-ups>
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Razi Ahmad (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Julian Y. Koh (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Mike Patterson (May 19)
- Re: juniper srx 3400/3600 vs. cisco asa 5580 Dexter Caldwell (May 19)