Watchguard X550e vs Juniper srx210 or ssg140
- Thread starter Mr_Orange
- Start date
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
Both the Juniper's are excellent, the SRX range is the future but the SSG is a good unit in it's own right. Depends if you want to run JUNOS (Juniper's high end router OS) on the SRX or ScreenOS (the lower end older firewall OS) on an SSG.
I prefer JUNOS but it's not really for beginners whereas ScreenOS is fairly easy to pick up both in GUI and CLI. For 99.9% of people there's nothing missing in ScreenOS compared to JUNOS I should add, you aren't missing out on features.
The SRX210 is lower end in theory than the SS140 (the SRX210 is the replacement for the SSG20 really) but performance wise they are fairly similar.
Wouldn't touch a watchguard with a barge pole...
I prefer JUNOS but it's not really for beginners whereas ScreenOS is fairly easy to pick up both in GUI and CLI. For 99.9% of people there's nothing missing in ScreenOS compared to JUNOS I should add, you aren't missing out on features.
The SRX210 is lower end in theory than the SS140 (the SRX210 is the replacement for the SSG20 really) but performance wise they are fairly similar.
Wouldn't touch a watchguard with a barge pole...
I'd second avoiding the watchguard. Hideous Devices. the SRX range are pretty good, I've been assessing them for my company. They've made a good stab at making them work well using the GUI so that you can avoid the command line. Its OK (that was on JUNOS 9.4, I believe they might be on 10.0 now), however somethings, like configuring the ADSL pim, wasn't possible in the GUI. Do you need all the UTM features?
Dependant on requirements it might be possible to use a Cisco ISR with the firewall IOS, or if you need a good UTM device, then something like a Fortigate might be better, as the GUI is very well thought out.
Dependant on requirements it might be possible to use a Cisco ISR with the firewall IOS, or if you need a good UTM device, then something like a Fortigate might be better, as the GUI is very well thought out.
Last edited:
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
I'd advise against both actually, the firewall IOS can be utterly illogical at times, it really suffers from being a firewall forced onto a router. The fortigate boxes are excellent on paper and reasonably priced, my main problem is they are temperamental routers and the CLI is the worst I've ever worked with.
JUNOS 10 is out for the the higher end boxes at least, I've got a few scheduled upgrades on our MX480s as a starting point in that direction, nothing major new features wise though.
The GUI will improve, the ScreenOS GUI was missing some major things until it got into v5 really (the second revision after Juniper bought netscreen as I recall).
My opinion is that outside the very high end where checkpoint still has some game, Juniper make the best security appliances available today.
Soldato
- Joined
- 6 Sep 2008
- Posts
- 3,974
- Location
- By the sea, West Sussex
Watchguards are great.....if you stick a small HDD on them and build them as linux servers.
I've got PFSense running on my X1000
I've got PFSense running on my X1000
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
If you wanted that it'd be cheaper just to buy an off the shelf 1U server and install it on that...but I wouldn't touch it for serious firewall duties.
Thanks for your help, it given really me a perspective on things.
We did have a centos box that was configured to do firewall/vpn tasks. However the VPN side of it was unreliable. We have a watchguard firebox on loan and while it is easy to set up it seems to be a bit wobbly. One of my IT suppliers suggested Netgear but I'm not sold on them. Our CRM software company recommends another firebox but I'm siding on the SRX stuff as it will be more expandable for the business and a greater education for me. Apparently the srx210 does have JUNOS 10.
I'm a bit wary that I'll be jumping in at the deep end with juniper but at the end of the day I want the best solution for the company.
We did have a centos box that was configured to do firewall/vpn tasks. However the VPN side of it was unreliable. We have a watchguard firebox on loan and while it is easy to set up it seems to be a bit wobbly. One of my IT suppliers suggested Netgear but I'm not sold on them. Our CRM software company recommends another firebox but I'm siding on the SRX stuff as it will be more expandable for the business and a greater education for me. Apparently the srx210 does have JUNOS 10.
I'm a bit wary that I'll be jumping in at the deep end with juniper but at the end of the day I want the best solution for the company.
Soldato
- Joined
- 6 Sep 2008
- Posts
- 3,974
- Location
- By the sea, West Sussex
I think the OP wants something with support. Why would you buy a firewall appliance and chuck Linux on it
Could you not feel the sarcasm???
Soldato
- Joined
- 6 Sep 2008
- Posts
- 3,974
- Location
- By the sea, West Sussex
I thought that was the unbelievable bit myself.