Use QoS for the VoIP. That should be easy enough to setup in the policy...
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Exploiting Technology for Business Advantage...* * * On Tue, Jan 4, 2011 at 1:23 PM, Ben Schorr <[email protected]> wrote: > Looks like we’ve got it settled now – there are one or two little things. > We’d like to be able to tweak the IPSEC tunnel to improve VOIP performance > across it for example. But otherwise I think we’ve got it all working for > the basic services. Definitely a LOT to learn though. > > > > Ben M. Schorr > Chief Executive Officer > ______________________________________________ > *Roland Schorr & Tower > *www.rolandschorr.com > [email protected] > > > > *From:* Kramer, Jack [mailto:[email protected]] > *Sent:* Tuesday, January 04, 2011 11:19 > > *To:* NT System Admin Issues > *Subject:* Re: Small/Mid Firewall? > > > > Definitely been in your shoes – my first SSG-5 is a little over a year and > a half old now and setting that thing up was an experience to end all > experiences. You may benefit from trying it on the command line – simple > policies make a lot more sense written out. Also swing for Tier-2 support as > the Tier-1 people vary wildly in quality. > > > > If you're still having problems make sure you try another firmware version > for the device – I had ipsec issues with the client who got the device for > about a month until I tried one of the later releases and then poof, all > fixed overnight. > > > > ---- > Jack Kramer > Computer Systems Specialist > University Relations, Michigan State University > w: 517-884-1231 / c: 248-635-4955 > > > > *From: *Ben Schorr <[email protected]> > *Reply-To: *NT System Admin Issues <[email protected]> > *Date: *Fri, 31 Dec 2010 12:41:35 -0500 > *To: *NT System Admin Issues <[email protected]> > > *Subject: *RE: Small/Mid Firewall? > > > > Well I think part of the frustration is that appears that to create a > simple port forward that sends all incoming traffic on a specific port to an > internal server (for example) requires 17 different “policies” and > “interfaces” and “zones”. I’m exaggerating a bit, yes, but the Juniper > seems very powerful and ridiculously complex. We’re not trying to do > anything fancy and it’s taken more than 2 days to get it even half working > and that’s with more than an hour of a Juniper support engineer remoting > into it and working on it themselves. > > > > The old SnapGear 580s (before McAfee bought SnapGear at least) could be set > up for this in 15 minutes or so. Even a newbie could figure out how to set > up a basic port forward fairly quickly. > > > > I suspect we’ll like the Juniper…once we get a thousand pages or so deeper > into the documentation and figure out how to actually make the damned thing > do anything useful. > > > > We have one IPSEC tunnel created with it (created by the Juniper > engineer). The dashboard on the “Home” Screen says it’s “Inactive/Unused” > but the VPN monitor lists it as “Active”. Ummm….o.k. > > > > This morning my day started with a phone call from one of the local users > telling me they can’t even get on the web. Good grief. > > > > Ben M. Schorr > Chief Executive Officer > ______________________________________________ > *Roland Schorr & Tower > *www.rolandschorr.com > [email protected] > > > > *From:* Erik Goldoff [mailto:[email protected] <[email protected]>] > *Sent:* Friday, December 31, 2010 5:20 AM > *To:* NT System Admin Issues > *Subject:* RE: Small/Mid Firewall? > > > > I agree with Andrew … I’ve been configuring the Juniper ‘screens for years > now, including the 5GT and SSG 5 that replaced it. > > Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and > different from Checkpoint. > > I wonder if extensive knowledge of some other brand of firewall is what is > causing your minions problems with the Juniper. > > > > *Erik Goldoff* > > *IT Consultant* > > *Systems, Networks, & Security * > > ' Security is an ongoing process, not a one time event ! ' > > *From:* Ben Schorr [mailto:[email protected]] > *Sent:* Friday, December 31, 2010 1:16 AM > *To:* NT System Admin Issues > *Subject:* RE: Small/Mid Firewall? > > > > Well, to be fair **I** haven’t looked at it yet myself. It’s been in the > hands of two of my junior people; at least one of whom is generally very > capable and has deployed several other firewall/routers of other vendors in > the past. But he’s spent the better part of all day trying to get the > Juniper working and finally has resorted to having Juniper tech support > remote in and try to get it working. > > > > Apparently even the Juniper support person has spent quite a bit of time > wrestling with it to only mixed results. It gives me some pause that even a > Juniper support engineer would struggle with getting this unit configured. > But I’ve still got 2200 more pages of the manual to read so… > > > > > > Ben M. Schorr > Chief Executive Officer > ______________________________________________ > *Roland Schorr & Tower > *www.rolandschorr.com > [email protected] > > > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Thursday, December 30, 2010 8:15 PM > *To:* NT System Admin Issues > *Subject:* Re: Small/Mid Firewall? > > > > Really? IPSec VPNs are one of the easiest things to configure on those > devices. > > > > In fairness, however, I've been using Netscreen devices since Feb 2000, so > that might simply be familiarity talking. > > > > The VPN wizard is very straightforward > > > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Exploiting Technology for Business Advantage...* > * * > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
