Management
Reply
Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Want some examples why NSM is a piece of junk?

If you liked ScreenOS you might want to check out Fortinet. It was founded by the ScreenOS guys who left the company (Netscreen) when Juniper bought them. Very capable firewalls. Another very very good choice is Palo Alto Networks (founded by Nik Zur, who also played a key role in Netscreen and actually is one of the inventors of stateful packet inspection). Both very good choices that eat Check Point firewalls for breakfast.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Jickfoo
Posts: 397
Registered: ‎11-06-2007
0

Re: Want some examples why NSM is a piece of junk?

Yes, I own PAs. using them for our inside layer and threat and spyware detection. Love the PAs but again , not very strong on logging and management.

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Want some examples why NSM is a piece of junk?

check out SPLUNK if you haven't. you'll love it. it's the best logging solution I ever worked with. it's not cheap though :smileysad:
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Jickfoo
Posts: 397
Registered: ‎11-06-2007
0

Re: Want some examples why NSM is a piece of junk?

I have, same boat, cant afford it

Visitor
ub-djp
Posts: 2
Registered: ‎05-27-2008
0

Re: Want some examples why NSM is a piece of junk?

 

Out of all the enterprise software I've ever used, NSM has to have the worst track record of bugs ever!  Does Juniper even test this product before they ship it or do they expect their customers to act as QA for them?

 

We've recently upgraded from 2011.1 to 2012.1 -- if you're thinking about this, DON'T DO IT.  In the past two weeks, I've documented the following gems:

 

1. NSM used to ignore options set on predefined objects when it didn't have the option to change it. No longer! Now, if you have an inactivity timer set on a predefined object on an SRX, NSM won't update the device. In our case, we had an inactivity timer set on the junos-ssh service object...  their support tech workaround was to replace the predefined SSH object with a custom one.  Thank, great advice... I'll update 300 rules b/c you shipped buggy software... even using "replace with...", this is ridiculous.

 

2. NSM flat out fails to do a delta config on certain older versions of screenos... we get an obscure message. Juniper sent me a schema update...  haven't tested it yet. I guess they don't have older screenos devices in their test lab!

 

3. Device server is crashing every 15-20 minutes. Haven't seen this before, must be a new HA "feature" -- I bet Juniper can spin this turd as some sort of HA feature!

 

4. Even slower -- Everytime I upgrade NSM, I swear that there's no possible way they could make the client interface any slower...  well, they've outdone themselves once more on this release!  The good news is that you can run a delta config and have time to run to starbucks for a coffee while you'r waiting for it to finish.

 

I've got 2 nice things to say:

 

1. They updated the icon -- it's so prettty now.

 

2. Their support staff are phenominal people -- patient and willing to go the distance to fix the absolute garbage product that their developers have shipped. It's a shame really, they should have the developers field these calls some time, they might learn some respect for other people's time.

 

 

 

 

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Want some examples why NSM is a piece of junk?

The worst thing you can do if you have to use NSM is to upgrade to the newest version. Always stay with the recommended one. Doesn't make things much better, but the recent 2011.4s[x] releases seem to be the most stable ones yet. Also, take a look at Space. It doesn't work with ScreenOS yet, but it will in the future. Much better product.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Visitor
CEBU
Posts: 2
Registered: ‎11-30-2011
0

Re: Want some examples why NSM is a piece of junk?

Does Space works stable with SRX devices?

I use NSM only for real time traffic monitoring and reporting. Can i do same with Space?

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Want some examples why NSM is a piece of junk?

Not sure whether Space is stable or not, I haven't used it in production. But from what I saw in the lab, it seems very capable and less bug ridden than NSM. As for reporting: No. Space does not have included logging so there is no real reporting. You'd have to wait until they include logging into the product (which might never happen) or go to Juniper's full blown logging and reporting product called STRM.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Trusted Contributor
Jickfoo
Posts: 397
Registered: ‎11-06-2007
0

Re: Want some examples why NSM is a piece of junk?

I thought it was high time I revisited my favorite thread.

 

I'm struggling with NSM again and was wondering if Space is ready for prime time yet.

 

I need Rule Groups. Dont ask why, I just need them. It makes it a lot easier for me to understand the polocy as a whole.

 

Is Space worth it yet ? What do I need for hardware ?

 

Thanks,
Justin

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Want some examples why NSM is a piece of junk?

If you can live without logging (Space does not have a logging module!) and without support for legacy devices (ScreenOS, IDP), I would give it a shot. Haven't looked at it in a long time so can't say anything about the rule groups.
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.