?
Solved

Juniper Networks Netscreen Support for Multiple ISP's

Posted on 2007-08-09
5
Medium Priority
?
2,674 Views
Last Modified: 2013-11-16
I am considering the purchase of a Juniper Networks Netscreen-25. However, after reading through the documentation I'm still slightly confused about some of the Netscreen's capabilities. So here's my question:

I'd like the ability to support multiple ISP's. We currently have a T-1 supporting our office of about 25 people. The T-1 also supports a IPSEC VPN with our remote office. Generally, the T-1 works well - but it gets bogged down with "junk" traffic (YouTube, internet radio, etc...). We're in advertising so, believe it our not, YouTube and similar sites are actually work-related when performing research and what not - blocking them isn't an option.

Is it possible, with the Netscreen-25 to use multiple ISP's (T-1 for mission critical application traffic, etc... and Cable or DSL for web browsing)? Are the routing capabilities of the Netscreen-25 able to utilize these multiple connections? I'd rather not have multiple gateways on my LAN, I'd like all clients to point to the Netscreen and have it handle the routing. Specifically:

1. Can the Netscreen send traffic to a specified gateway/ ISP based on protocol? (http to one ISP, and SMTP to another ISP for example)
2. Can the Netscreen route traffic to a specified gateway/ ISP based on source IP address? (192.168.0.2 would use the T-1, all other hosts would use the cable connection)

Also, I'd like to know how complicated implementing any of the above mentioned scenarios would be.
0
Comment
Question by:david_brunelle
  • 3
  • 2
5 Comments
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 19665328
From the juniper 25 Datasheet, it only supports source based routing. It means that you can route traffic based on the source, and not protocol.
You need policy based routing.
I would recommend Cisco ASA 55xx
0
 

Author Comment

by:david_brunelle
ID: 19665385
Source based routing could prove to work fine for what I'm trying to accomplish, as long as the Netscreen does it well, and it's easy to configure. Even after years of assisting in the administration of Cisco products, I still feel that the IOS and the command line in particular, requires too much specific knowledge and consumes too much time.

I've been receiving the impression that managing the Netscreen is a bit less complex, and more intuitive. Any more specific experience about implementing source based routing and multiple ISP's on the Netscreen?
0
 
LVL 7

Accepted Solution

by:
knightrider2k2 earned 375 total points
ID: 19666020
I have never configured source based routing on a netscreen. I am logged into a netscreen right now and I can say it is very simple.
You just provide ip address/subnet mask and then the gateway. Thats it.
0
 

Author Comment

by:david_brunelle
ID: 19666086
Thanks Knightrider - additionally, it appears that as of ScreenOS 5.4 the NetScreen will support policy-based-routing. There's some info on policy-based-routing here: http://www.juniper.net/techpubs/software/screenos/screenos5.4.0/index.html in the Concepts & Examples ScreenOS Reference Guide: Vol 7.

Can you confirm that setting up PBR is really as simple as it sounds? Also - how would you rate your experience with Netscreen?
0
 
LVL 7

Expert Comment

by:knightrider2k2
ID: 19666240
Hello David

Netscreen is a reliable device and handles traffic very good. And from the command reference of netscreen, PBR looks easy to configure.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question