10-30-2006 01:33 PM - edited 02-21-2020 01:16 AM
hi would like to hear comments from everybody here as to what they feel abt netscreen ssg as compared to asa. people blinded by cisco may not post. this is for people who are open to compare the technologies offered by both the vendors in the firewall platforms.
regards
sebastan
10-30-2006 03:20 PM
I have used both, so will offer my comments.
I find the Netscreen CLI language (especially NAT configuration) to be more intuitive and simpler to use than the ASA CLI. The GUI is worlds better than the Cisco GUI, although the Cisco GUI is much better than it used to be.
Many of the SSG series accept plug-in cards (PIM and mini-PIM) for adding T1/E1, ADSL, ISDN, and serial WAN connectivity.
The Juniper JTAC is good, but not as good as the Cisco TAC. There are far more on-line resources and help forums available for the PIX/ASA than the Netscreen SSG.
10-31-2006 08:37 AM
I am a fan of Cisco PIX/ASA. However, in one of the GSM projects we used NetScreen because it used to support GTP while PIX 6.x used not and ASA was not in the market yet.
We faced several occasions when the NetScreen reboots and flushes all the configuration. Out of Six firewalls they change two in six months. Their CPU used to easily hit the 70% eventhough we were just using firewalls rules and VPNs.
As for the GUI is good however the ASA is pretty similar to it and has more troubleshooting cababilities.
Another issue that we faced is their interface negotiation problem with the Cisco Switches where setting them to 100 Full was not as good as setting them to Auto on both sides.
Regards,
10-31-2006 01:11 PM
I manage several NetScreens that predominantly do VPN and their logging is the pits you can't troubleshoot very well based on the log files. I also think that the ASA is easier to set up for management and the fact that the new ASDM for 7.0(2) actually allows you to filter the log entries for troubleshooting is WAY better. The routing and the VLAN configuration on the NetScreen is ok but their interpretation of VLANS and routes is a little obscure. They have however been very stable. I also think that Cisco's QOS is better and you can really be granular with it on the Tunnels in pre-classifying traffic and it appends the QOS markings to the IPSEC headers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide