Thanks Alex, we're waist deep in trying to figure out the already-purchased Juniper though so I don't really have the resources to devote to learning yet another solution.
Maybe for the next one. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com <http://www.rolandschorr.com/> b...@rolandschorr.com <mailto:b...@rolandschorr.com> From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Friday, December 31, 2010 11:12 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? For a nice free SME firewall, I might look at Smoothwall express http://www.smoothwall.org/ Alex From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 12:42 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different "policies" and "interfaces" and "zones". I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the "Home" Screen says it's "Inactive/Unused" but the VPN monitor lists it as "Active". Ummm....o.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com <http://www.rolandschorr.com/> b...@rolandschorr.com <mailto:b...@rolandschorr.com> From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer ______________________________________________ Roland Schorr & Tower www.rolandschorr.com <http://www.rolandschorr.com/> b...@rolandschorr.com <mailto:b...@rolandschorr.com> From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
