Wednesday, June 14, 2006

Netscreen 5GT Firewall

Yesterday I spent most of the day in the lab working with a Juniper/Netscreen 5GT firewall. We're looking at it for a possible two box solution for our hospitality Internet service. It's a potentially easier to configure alternative to Cisco's low end boxen, like their 1811.

The 5GTs come in a few flavors but we're evaluating the lowest end box. Compared with out current setup -- and SMC8013 cable modem router -- it's still quite powerful. Like the Ciscos, the Netscreen can be configured via the CLI, but it also has a very nice web GUI.

Juniper gave me a second box to play with and suggested I take it home. I'm working on getting a second cable modem for home and then I'll be able to leave my existing modem and Vonage router unmolested, while I put my network behind the 5GT. Since I generally have an IMAP connection running between my laptop and during the day, I plan on testing the VPN feature of the 5GT by setting it up as a VPN endpoint then getting my email through a VPN tunnel. This will give me an idea of the stablility of the box's VPN termination features. The unit I took home also has wireless, so I'll be able to see how that well feature works compared with my current Netgear consumer-grade WAP.

No comments: