Solved

Need advice regarding performance of a Netscreen firewall

Posted on 2014-07-23
4
405 Views
Last Modified: 2014-07-24
Hello Experts,

I have some questions I am primarily looking for advice on.  We recently set up another remote office as part of our company network, and d/t the high costs of bringing fiber infrastructure to the site, we opted for a wireless WAN internet connection, at least for now.  The provider has related that they are able to provide a connection up to 50 x 50 Mbps, and we have contracted with them for a 30 x 30.
 
After the install, I tested the speed at their POE block with my laptop and found the speed to be fairly close to the 30 x 30.  I have a Netscreen SSG5 (256 MB) firewall in place at that office, and on the LAN side of the firewall I am seeing speed closer to 20 x 20 at best.  In talking with one of the engineers for the provider about this, he is telling me that this is completely d/t our firewall, and that Netscreen firewalls are "sub-standard" in his opinion (and words).  He is recommending that we instead install a Mikrotik router \ firewall device, provided by his company.  He has gone on to say "I am not sure what they do in their Ethernet port programming, but whatever it is, they have it messed up across their whole product line from the low end stuff to their high end switches" when referring to Netscreen devices.  I don't have extensive experience with multiple firewall products or enterprise routing and switching equipment, but I have worked with Netscreen firewalls for a number of years now and and typically understand them to be capable, if not robust.  This is the first time I have run into this issue.  Again, I agree that the speed on the LAN side of the firewall is slower, but I am trying to find out if his claims have any merit, or if it may be d/t the fact that the firewall in place is an older model.  The remote office in question has about 15 users, and the firewall is configured with two site to site vpn tunnels.
 
Has anyone heard or know of any similar claims regarding Netscreen devices?
Does anyone have any experience with Mikrotik devices, and if so, can substantiate his claims of them performing far superior to the Netscreen firewalls?

I may also have an opportunity to try out a Netscreen SRX firewall as a proof of concept trial, and was thinking about trying it at that site to see if the speeds are any better.  Does anyone have any information or advice regarding the performance of the SRX line vs the SSG line?

Thanks very much,

Russ
0
Comment
Question by:rdillion
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 500 total points
ID: 40215504
I had to replace an SSG5 with an SRX240H2 because of low throughput with the former.
I hasten to add that the issue was email delivery from our ISP through the SSG5.
We are using Antivirus scanning on email, among other traffic, and this was proven to cause the blockages.
Without it turned on, we were fine.  With it turned on some things plainly did not work.
My hypothesis is that the SSG5 has been overwhelmed by ever-evolving 3rd party antivirus implementations.
The SRX240 seems to be doing fine....
0
 

Author Comment

by:rdillion
ID: 40217204
Thanks very much for the info fmarshall, I appreciate you taking the time.  As this question is not generating any further response, I'll award the points.  I am curious if you've ever heard of Mikrotik, and if so, have any opinions on their devices?

Thanks again,

Russ
0
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 40217760
Yes, I've heard of Mikrotik but have never used the equipment.  I tend to associate their devices with wireless relays, etc. but that may only be because that's where I've seen it used.
0
 

Author Comment

by:rdillion
ID: 40217778
ok, thanks again
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question