SRX Services Gateway
Reply
Visitor
Terminator_kkt
Posts: 5
Registered: ‎10-02-2009
0
Accepted Solution

SRX 240 vs SSG550M

[ Edited ]

I need to compare the SSG 550M ( full subscription ) with the SRX240 (Full subscription). Can you hepl me to indicate which is the best? I'm also wondering whether the IDP of SRX 240 or the IDP of SSG 550M is better? I'm a sales executive and I need take an advice about this matter. Please help me!

 

 

Message Edited by Terminator_kkt on 10-02-2009 11:11 PM
Contributor
joekim1113
Posts: 45
Registered: ‎08-07-2008

Re: SRX 240 vs SSG550M

the SSG550M ( screenos) are using Deep inspection. a watered down version of the full IDP signature sets you get from a stand alone IDP or from the SRX's.

 

The SRX also doesn't require NSM for IDP which is a plus . But if you don't use nsm you don't get all the nice reporting. IDP Policy managment is also a bit easier via NSM. 

 

That being said, if your customer are use to ScreenOS, SRX might be a bit of a suprise as the interface and cli are completely different. 

 

SSG is more feature rich and a bit more stable with all the industry certs CC, FIPS etc and has been in production longer with more external validation. 

 

The SRX doesnt have 100% feature parity to screenos (ssg/ISG/NS) but its getting there. 

 

Bottom line if your customer requires a full IDP signature go w/ SRX. If they are use to screenos or have a deathgrip on screenos and use features taht are not in the SRX just yet then SSG. 

 

Joe

 

 

JNCIS-ES
JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-UAC;
JNCIA-EX
JNCIA-IDP
Juniper Elite Partner Enterprise Solutions Provider & Service Provider Infrastructure
Operate & Implement Specialist
www.novadatacom.com

Hit the Kudos button if my info helps. :smileyhappy:
and if this worked for you please flag my post as an "Accepted Solution" so others can benefit.
Visitor
Terminator_kkt
Posts: 5
Registered: ‎10-02-2009
0

Re: SRX 240 vs SSG550M

 

Hi Joe Kim, thanks for your reply. I agree that the IDP of SSG does not perform as good as the stand alone IDP does. However, can you explain for me about the difference between the performance of an SSG's IDP and performance of a stand alone IDP ?You said that " if my customer requires full IDP--> go with SRX", does it mean that the IDP of SRX is stronger than the IDP of SSG? If so, what is the basic difference?

Contributor
joekim1113
Posts: 45
Registered: ‎08-07-2008
0

Re: SRX 240 vs SSG550M

First of all, SSG doesn't do true IDP, it does deep inspection ( again watered down sub set of the entire signature set found on IDP) 

 

As far as performance, the SRX are cheaper and does firewall in addition to IDP. 

 

Low end IDP 75 for example states it can do 150mbps IPS ; IDP 250 up to 300mbps , IDP 800 1 GBps , IDP 8200 10GBps,

 

SRX 210 can do 80 Mbps , SRX 250 can do 250 Mbbps , SRX 650 can do 900mbps.

 

However the standalone IDP also has some advance features not available on the SRX  ( application volume tracking, honeynet,  application policy enforcement, backdoor..) 

 

My recommendation is if you dont' have a need(regulatory,compliance, advance features of IDP) for a dedicated IPS/IDP box or and don't need 1gb~10gb of IPS inspection test out an SRX as it could be a good fit with firewall / vpn capabilities. 

 

 

 

Joe

 

 

JNCIS-ES
JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-UAC;
JNCIA-EX
JNCIA-IDP
Juniper Elite Partner Enterprise Solutions Provider & Service Provider Infrastructure
Operate & Implement Specialist
www.novadatacom.com

Hit the Kudos button if my info helps. :smileyhappy:
and if this worked for you please flag my post as an "Accepted Solution" so others can benefit.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.