cuc888
asked on
netscreen 5xt 10-user vs unlimilted users
is there a big difference between netscreen 5xt 10-user and unlimited user 5xt? is the difference of how many ip addresses in trusted interfaces it or something else?
i have netscreen 5xt 10-user model and i wonder if this is good enough for my webserver and mail server.
i have netscreen 5xt 10-user model and i wonder if this is good enough for my webserver and mail server.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i've found out the difference in a hard way, i had it connected and run and only 10 internal users at a time can connect. As i originally thought it had something to do with the numbers of policies i could create.
ASKER
i am looking to upgrade to Netscreen SSG-5, any comments on this one?
Well, for 2 servers and 2 workstations, 100 polices should be MORE than enough.....
the 10 user limit ONLY applies to User objects, and those are only needed if they need to authenticate to the NS.
Now if you have more than 10 IP's (workstations) on the inside, you might want to go to the unlimited. or a different modle like you said.
I haven't looked at the SSG's to closely. I have a meeting with Juniper latter today. I will ask and let you know :)
the 10 user limit ONLY applies to User objects, and those are only needed if they need to authenticate to the NS.
Now if you have more than 10 IP's (workstations) on the inside, you might want to go to the unlimited. or a different modle like you said.
I haven't looked at the SSG's to closely. I have a meeting with Juniper latter today. I will ask and let you know :)
SSG-5 series are 5xt/gt on some SERIOUS sterariods. And about the same price. SHould be a good deal, I am probably going to migrate all my 5series to them as I get money.
Your talking double the throughput for the same price, and ability for more indepth routing, etc etc looks good I'm sold.
Your talking double the throughput for the same price, and ability for more indepth routing, etc etc looks good I'm sold.
ASKER
thanks.i just got it SSG-5 today and it works great. here is one problem i have and have not figured out. i need to connect to a couple machines on another network 172.31.6.1. i then connect one of their network cable to one of the trusted port on SSG-5. under Objects > Addresses > List > Trust: i added 172.31.6.20/32, 172.31.6.20 is the machine i would like to make connection to. i then created a policy from Trust to Trust > destination address is the machine i would like to connect. this does not work at all. i know there has to be more than just this simple configuration.
any help to solve this connection?
secondly, my end users actually do pick up the other network dhcp ip address instead of my SSG-5 dhcp ip. how to solve this problem also?
any help to solve this connection?
secondly, my end users actually do pick up the other network dhcp ip address instead of my SSG-5 dhcp ip. how to solve this problem also?
The NetScreen-5GT Series is available in licensing options to support different numbers
of users.
Licensing Options Description
10 user Product license Limits capacity to 10 concurrent users
Plus Product license Increases capacity to an unlimited number of users
Extended Product license Increases sessions and VPN tunnel capacities to 4000 and 25 respectively. Adds a DMZ zone and HA lite (no session synchronization)