Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
3
Replies

netscreen ssg versus asa

sebastan_bach
Level 4
Level 4

‎10-30-2006 01:33 PM - edited ‎02-21-2020 01:16 AM

hi would like to hear comments from everybody here as to what they feel abt netscreen ssg as compared to asa. people blinded by cisco may not post. this is for people who are open to compare the technologies offered by both the vendors in the firewall platforms.

regards

sebastan

0 Helpful
3 Replies 3

spottedowl
Level 1
Level 1

‎10-30-2006 03:20 PM

I have used both, so will offer my comments.

I find the Netscreen CLI language (especially NAT configuration) to be more intuitive and simpler to use than the ASA CLI. The GUI is worlds better than the Cisco GUI, although the Cisco GUI is much better than it used to be.

Many of the SSG series accept plug-in cards (PIM and mini-PIM) for adding T1/E1, ADSL, ISDN, and serial WAN connectivity.

The Juniper JTAC is good, but not as good as the Cisco TAC. There are far more on-line resources and help forums available for the PIX/ASA than the Netscreen SSG.

0 Helpful

m-haddad
Level 5
Level 5
In response to spottedowl

‎10-31-2006 08:37 AM

I am a fan of Cisco PIX/ASA. However, in one of the GSM projects we used NetScreen because it used to support GTP while PIX 6.x used not and ASA was not in the market yet.

We faced several occasions when the NetScreen reboots and flushes all the configuration. Out of Six firewalls they change two in six months. Their CPU used to easily hit the 70% eventhough we were just using firewalls rules and VPNs.

As for the GUI is good however the ASA is pretty similar to it and has more troubleshooting cababilities.

Another issue that we faced is their interface negotiation problem with the Cisco Switches where setting them to 100 Full was not as good as setting them to Auto on both sides.

Regards,

0 Helpful

bob.bartlett
Level 1
Level 1

‎10-31-2006 01:11 PM

I manage several NetScreens that predominantly do VPN and their logging is the pits you can't troubleshoot very well based on the log files. I also think that the ASA is easier to set up for management and the fact that the new ASDM for 7.0(2) actually allows you to filter the log entries for troubleshooting is WAY better. The routing and the VLAN configuration on the NetScreen is ok but their interpretation of VLANS and routes is a little obscure. They have however been very stable. I also think that Cisco's QOS is better and you can really be granular with it on the Tunnels in pre-classifying traffic and it appends the QOS markings to the IPSEC headers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card