hi would like to hear comments from everybody here as to what they feel abt netscreen ssg as compared to asa. people blinded by cisco may not post. this is for people who are open to compare the technologies offered by both the vendors in the firewall platforms.
I find the Netscreen CLI language (especially NAT configuration) to be more intuitive and simpler to use than the ASA CLI. The GUI is worlds better than the Cisco GUI, although the Cisco GUI is much better than it used to be.
Many of the SSG series accept plug-in cards (PIM and mini-PIM) for adding T1/E1, ADSL, ISDN, and serial WAN connectivity.
The Juniper JTAC is good, but not as good as the Cisco TAC. There are far more on-line resources and help forums available for the PIX/ASA than the Netscreen SSG.
I am a fan of Cisco PIX/ASA. However, in one of the GSM projects we used NetScreen because it used to support GTP while PIX 6.x used not and ASA was not in the market yet.
We faced several occasions when the NetScreen reboots and flushes all the configuration. Out of Six firewalls they change two in six months. Their CPU used to easily hit the 70% eventhough we were just using firewalls rules and VPNs.
As for the GUI is good however the ASA is pretty similar to it and has more troubleshooting cababilities.
Another issue that we faced is their interface negotiation problem with the Cisco Switches where setting them to 100 Full was not as good as setting them to Auto on both sides.
I manage several NetScreens that predominantly do VPN and their logging is the pits you can't troubleshoot very well based on the log files. I also think that the ASA is easier to set up for management and the fact that the new ASDM for 7.0(2) actually allows you to filter the log entries for troubleshooting is WAY better. The routing and the VLAN configuration on the NetScreen is ok but their interpretation of VLANS and routes is a little obscure. They have however been very stable. I also think that Cisco's QOS is better and you can really be granular with it on the Tunnels in pre-classifying traffic and it appends the QOS markings to the IPSEC headers.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...