Juniper Netscreen vs Open Source?

[mprog]

I've been evaluating a Juniper NetScreen SSG-20 for a few weeks now.
I'm happy with the device but am a little concerned about the ongoing costs of ownership. I don't mind paying but I want to get value for that payment.

For example, any and all additional services such as spam, virus, security auditing, everything, has an additional yearly maintenance cost.

On the other hand, there are so many well developed, very mature firewall products out there which are open source, which include many of these features, at less of a yearly cost. It simply sounds better to put my money into an open source project, supporting it through a support contract any time I can.

What are your thoughts on this? And, if you are using or have used an SSG, do you know of an open source solution which walks and talks just like the ScreenOS? I ask this because I am trying this after now moving away from Watchguard so would want the learning curve to be as little as possible considering the trouble we went through in converting for this trial.

Thanks for any help you can offer.

Mike

[bigtomrodney]

That looks pretty cool...but I'd be curious about its antivirus offerings. I'm guessing that it would need a feed of virus definitions which leads me to think that it's running someone else's product. And if it's not taking antivirus definition updates then it's no use at all!

Check out Smoothwall. You could run that on some old hardware. It is an extensive offering and you'd get more choice in what it does than running proprietary software/hardware.

Plus since Smoothwall also have a commercial side you can try out the open source and if you need more or would like a 1U router style implementation you can get one from them with the interface you've already tried

[mprog]

>its antivirus offerings. I'm guessing that it would need a feed of virus >definitions which leads me to think that it's running someone else's product. >And if it's not taking antivirus definition updates then it's no use at all!

Yes, exactly, and in fact, they are talking with Kapersky (sp?) so probably looking at integrating something. That's why I'm not all that excited about paying an additional $250/Year for spam protection if it's just something I can run on my own on a blade server and either buy the updates or download them. Heck, I can set up a qmail server as a pre MX server to clean up the mail and probably do better than the firewall.

>Check out Smoothwall. You could run >that on some old hardware. It is an extensive offering and you'd get more >choice in what it does than running proprietary software/hardware.
>Plus since Smoothwall also have a commercial side you can try out the open

I tried both and they didn't work out. The software looks fantastic but even though I tested on good hardware, it's still not the same as the nifty proprietary hardware these firewall manufacturers use. I ended up with all sorts of weird problems.

Either way, the cost of the NetScreen is much more than the cost of a very high end slim server that could run this well so I might still be interested in a software solution. I need it to allow for multi-WAN, ECMP, SIP and have a similar interface to the NetSCreen though as my customers can't handle any more down time thanks to having to learn yet another device.

Mike