Netscreen 5GT Screening

eyapp · ‎04-18-2011

Hi there,

I'm a bit new to the screening aspect of the 5GT.

Is there a need to put any screen protection on any zones, except the Untrust zone?

We have VPN tunnels too and am just wondering if I should screen protection on the VPN zone as well.

Thanks,

firewall72 · ‎05-04-2008

Hi,

I typically don't see Screen used for zones other than Untrust and DMZ. However, if you're using a custom zones (i.e. VPN) to terminate customer VPN's, then you may want to consider it as an added layer of protection. I would use caution though when making changes. I would tweak a little at a time and test.

John

John Judge
JNCIS-SEC, JNCIS-ENT, JNCIA-IDP, JNCIA-JUNOS

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.

eyapp · ‎04-18-2011

Hi John,

Thanks for that. It's because we currently have screen used for Untrust, V1-Untrust and VPN.

Just wondering, would turning off the screen for VPN will speed up our VPN link, without the extra layer of screening?

We use IPSec VPNs, so not sure if the added protection is required, or not.

Thanks,

Edwin

firewall72 · ‎05-04-2008

Hi,

I don't think you would notice a change in performance. However, if you don' require the added security I would disable it. Just one more thing to troubleshoot in the event of an issue.

John

John Judge
JNCIS-SEC, JNCIS-ENT, JNCIA-IDP, JNCIA-JUNOS

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.

Netscreen 5GT Screening

Re: Netscreen 5GT Screening

Re: Netscreen 5GT Screening

Re: Netscreen 5GT Screening