Routing
Routing

Netscreen 5GT Screening

04.18.11   |  
‎04-18-2011 07:11 PM

Hi there,

 

I'm a bit new to the screening aspect of the 5GT.

 

Is there a need to put any screen protection on any zones, except the Untrust zone?

We have VPN tunnels too and am just wondering if I should screen protection on the VPN zone as well.

 

Thanks,

3 REPLIES
Routing

Re: Netscreen 5GT Screening

04.18.11   |  
‎04-18-2011 07:52 PM

Hi,

 

I typically don't see Screen used for zones other than Untrust and DMZ.  However, if you're using a custom zones (i.e. VPN) to terminate customer VPN's, then you may want to consider it as an added layer of protection.  I would use caution though when making changes.  I would tweak a little at a time and test.

 

John

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Routing

Re: Netscreen 5GT Screening

04.18.11   |  
‎04-18-2011 07:55 PM

Hi John,

 

Thanks for that.  It's because we currently have screen used for Untrust, V1-Untrust and VPN.

 

Just wondering, would turning off the screen for VPN will speed up our VPN link, without the extra layer of screening?

 

We use IPSec VPNs, so not sure if the added protection is required, or not.

 

Thanks,

 

Edwin

 

Routing

Re: Netscreen 5GT Screening

04.18.11   |  
‎04-18-2011 08:02 PM

Hi,

 

I don't think you would notice a change in performance.  However, if you don' require the added security I would disable it.  Just one more thing to troubleshoot in the event of an issue.

 

John

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.