Hi Eric, SSG should be available for another couple of years. Juniper likes to say ScreenOS's roadmap is full of things do be done till the end of the next year.
However I wouldn't say SSG has so much better featureset. In routing SRX is far far beyond. You can even have packet-mode instances with MPLS, reachable through a internal tunnel. Just like mature routers. >From security point of view — embedded IPS, NAT pools not linked to any direct networks, very granular per zone or interface stateful filters for control plane destined traffic, some more FW things. And of course increased performance/price ratio. JUNOS itself. As for me, the major weaknesses are: — NHRP, which allows auto-connect IPSec VPNs, is not supported. A workaround is possible here if you want an SRX to be a hub for SSG spokes. — IP tracking is not supported for very basic dual-homing. Sure, workarounds are possible. — Reverse path next-hop is always chosen with reverse route lookup. Not to much important. An ER exists for this though no idea whether someone cares of it. -- Pavel 2010/5/8 Eric Helm <helmw...@ruraltel.net> > Hi, > > Has anyone heard what Juniper's plan is moving forward with the SSG > platform? The SSG still has a much better feature set than the SRX, but > is seems that marketing is pushing people to the SRX. I am looking to > roll-out of approximately 200-300 VPN tunnels and trying to decide what > platform to go with between the two. SSG is more appealing because of > some of its feature set and proven stability. I just don't want to be > buying equipment that is slated to be phased out sometime in the future. > > Thanks in advance, > > /Eric > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp