Screen OS

hello guys, just need your opinion what should be a suitable replacement for NS-50?

srx 220  would be a nice choice?

Thank you.

You can compare the specs between the NS50 and the SRX line with these data sheets.  Even the lowest end SRX100 has twice the fast ethernet ports and better perforance than the NS50.

You could go with the SRX210 to upgrade to gig interfaces (only 2) or the SRX240 for all Gig interfaces.

http://www.evolve-online.com/pages/resources/datasheets/juniper-netscreen/25.pdf

http://www.juniper.net/assets/us/en/local/pdf/datasheets/1000265-en.pdf

Thank you Spuluka for your valuable input.

The new Juniper firewall, is it very hard to configure?

Or I can make some reference from my old NS-50 and i am good to go?

The NS-50 that we have was not configure by me from scratch but i'm doing the maintenance and i'm able to make some changes and make it work via the GUI 🙂 

The SRX-210 it comes with the default configuration? and is the GUI quite friendly?

Thanks again.

The SRX series runs Junos which is completely different from the ScreenOS commands on the NS50.  You would basically have to re-write the configuration.

If you want to reuse the current configuration you could look at using an SSG140.  Then you would just need to do a search and replace for the interface names and could import the same configuration from the original device.

Hi Spuluka, thanks for the reply.

I just read somewhere on the net, that JunOS is the best way to go because according to the article I read that ScreenOS might be discontinued.

But the SSG140, is it a good replacement for NS50?

If I will go for JunOS, am i able to keep the device up and running via GUI interface or I need to do it via CLI?

My apology, for asking another question.  Thanks again.

ScreenOS will be discontinued at some point in the future.  By the Juniper end of life policy you are basically guaranteed about 5 years of support for any hardware you purchase.  The SSG140 has no announcement yet and is still for sale.

Juniper announces end of sale six months in advance then offers 5 years of support contracts after that date.  You can see a sample for the SSG5 that announced in summer of 2014 for January end of sale this year and end of support in 2020.

http://kb.juniper.net/resources/sites/CUSTOMERSERVICE/content/live/TECHNICAL_BULLETINS/16000/TSB16486/en_US/TSB16486v2.0.pdf

Junos is the future and will have more and more advanced features as time goes on.

Junos is great for CLI configuration.  The web interface is much better than it has been but still not full featured.  There are just times when going the the CLI for obscure or advanced setups.  

If you go with Junos, I don't think you will regret learning.

There is also a conersion tool on the support site that can take a basic ScreenOS configuration and do a partial conversion to Junos.  You may have to request access to this.

https://i2j.juniper.net/s2j/index.jsp

Thank you so much for your valuable insights.. 🙂

I miss the SSG firewalls.  They were easy to administer and everything just worked. 

There is a ScreenOS to JunOS coverision utility.  Last time I tried to use it (2012) it sucked.  The majority of my config wasn't convertable so I ended up just auditing the policies and writing from scratch on the SSG.

That being said, if everything else in your network is JunOS, it's nice to have the SRX as well.  The lower end models like the 240, 210, 550, and 650 will run circles around the old NS models.

The "high-end" models like the 3400, 3600, etc. operate a little differently.  Things like packet captures and filters are slightly different than the lower end models.