Hi all,
Does anyone have any experience with these? I don't really have any real practical experience with Junipers, there is a piece going for sale for around $50.

What are these like? Do they compare to ASAs?

_________________
"Right actions in the future are the best apologies for bad actions in the past."

I've got extensive experience with them. they are great.

They run ScreenOS which all the bigger Netscreens run. They also run the latest 6.3.0 version as well.

They are a little old now, but we still have a few hundred in the field. Datasheet here: http://www.google.co.uk/url?sa=t&rct=j& ... 4TXEzzpIqw

If you get it, just console on and set the username and password to the serial number. Then press 'Y' twice. That factory resets the box

_________________
www.mellowd.co.uk/ccie/

Cheers Darren, was hoping you would respond!
I'll try and get hold of it. Does it do remote access VPN out the box or is it a licensable feature? (e.g. IPSEC or SSL)

Edit: I couldn't see SSL is supported.

_________________
"Right actions in the future are the best apologies for bad actions in the past."

They can do 10 IPSec tunnels out of the box. That can be a mix of site-to-site or user dial-in IPSec. They can do 25 with a license. They don't do SSL

And as I noted in the other thread, these devices are the only ones I use the GUI for. The GUI is extremely easy to use.

_________________
www.mellowd.co.uk/ccie/

Cheers I just want something to play with

_________________
"Right actions in the future are the best apologies for bad actions in the past."

If you do console on to reset it, then you can access the gui.

As far as I remember the default will enable a dhcp server in the 192.168.0.0/24 range on all the trust ports. You then log in with netscreen/netscreen

_________________
www.mellowd.co.uk/ccie/

Let me know when you get it if you'd like to test some site to site tunnels as I have a few test firewalls with public IPs.

the only problem is that you're now in another time zone

_________________
www.mellowd.co.uk/ccie/

I fucking hate ScreenOS. I'm working on a migration from SSG to ASA and it's hell.

_________________
http://blog.alwaysthenetwork.com

How does screenos compare to junos? I haven't had to use it at work yet.

_________________
- Pete

I have been hunting eBay for ages to get a reasonably priced SRX210H, no luck still to pricy.

Looking to add a Juniper to the mix for labs and what not, i hear so many good things about Juniper.

_________________
There is no Motivation like self Motivation.

Remember if you worry you die, if you don't worry you still die.

wtf? You are prolly the first person I have ever heard say anything like that.

The benefit to ScreenOS in my experiences is its pretty damn easy and almost anyone can work with it. The cli is crap but the GUI is pretty nice. Where I used to work we switched over to SRX's which are all about cli and the GUI isnt the best not that it bothered me working with Junos in the past. But I feel the Netscreens are great especially for their age.

_________________
"I will prepare and some day my chance will come." - Abraham Lincoln
http://danielhertzberg.wordpress.com - I blog about networks!

On another note, the SA's are great, they use IVE OS though

If only they actually ran a routing protocol

_________________
www.mellowd.co.uk/ccie/

What interested me is that its tiny, cheap and has a few features I could play around with. I bought it in the end. Just need to source a PSU as it does not come with one, although the seller said he is waiting on a delivery of some and would charge $15, or I could get a generic one as they are common providing it's 12v.
Reason I bought it is that the house I am staying in has a Belkin ADSL2+ router running .11n . Their router locks up entirely when a few people are using the internet through it. It's only doing basic NAT, the firewall has been disabled. I have a Cisco Linksys coming to replace it (fingers crossed! 0_o ) Was trying to get an 877W but there pretty expensive over here.

_________________
"Right actions in the future are the best apologies for bad actions in the past."

Didn't realise they didn't. That said, I suppose statics will suffice for most implementations, with the SA most likely being sat between the internet and the LAN. Default out to the tinterweb and RFC1918 to the inside...

I can see a bit of rate limiting in your favour coming on here...

I have two NetScreen's that I haven't touched, maybe on the to-do list while I do CCNA: Sec for some fun..... that is after CCNA. Mine are the 5XT model though, and I don't have power supplies for them.

The problem is I think that the router cannot hold a decent nat transltion table. If I open Utorrent, it's basically say goodbye to the internet every 10 minutes.

_________________
"Right actions in the future are the best apologies for bad actions in the past."

The netscreen will allow you to rate-limit per policy. And it'll allow your upload and download rates to be different. So very easy to have a policy matching torrent traffic and limiting it to certain bandwidth

To port-forwad you need to create a VIP

_________________
www.mellowd.co.uk/ccie/

I'll have a play (: Thanks for the tips!

_________________
"Right actions in the future are the best apologies for bad actions in the past."