Full Text

Network World has exclusively tested Juniper's SSG 520, a security and routine platform available this week that is the first new fruit from the company's purchase of NetScreen 21 months aco.

Our test results show the device has impressive speed - it supports T-3s and Gigabit Ethernet WAN ports - at a relatively low price, a package that could more than adequately meet the firewall,security and routing needs of branch offices.

The SSG 520 and its bigger brother, the SSG 550, represent the first serious threat to Cisco's 2000/3000 series routers - the most successful family of products Cisco has ever launched.

We tested the SSG 520 in our lab, replacing both a Cisco 3745 WAN router and an existing Juniper (NetScreen-208) firewall on one of our DS-3 connections to the Internet. The SSG 520 has everything we've come to expect from Juniper's firewall family, including enterprise-class firewall capabilities, centralized management and deep-packet inspection. Although our tests show that even the low-end SSG 520 can handle a DS-3 with ease, the dynamic routing features of the SSG 520 are still focused on branch offices.

Juniper's goal for the SSG line is to replace both WAN routers and firewalls at regional and branch offices (see an analysis of the SSG positioning at www.nww.com, DocFinder: 2031).The SSG 520 can do that with power to spare. With four Gigabit Ethernet ports built into the base chassis, and LAN-to-LAN throughput of nearly 2Gbps, the SSG 520 can replace a network's edge router, edge firewall and internal firewall, simplifying topologies, increasing uptime and easing the burden of remote management. Although the hardware looks and performs like a data center firewall, Juniper's price of $6,500 definitely targets this box at the midrange, updating the aging NetScreen-204 and -208 product lines.

All of the capabilities common to ScreenOS firewalls are included, such as Web-based and centralized policy control, packet filtering, and an intrusion-prevention system (IPS), as well as very flexible site-to-site VPN services.What is missing are new features added with versions 5.2 and...