.

certificationkits

<<

nicklauscombs

User avatar

Newbie
Newbie

Posts: 28

Joined: Mon May 23, 2011 9:02 pm

Location: Virginia

Post Fri May 25, 2012 9:31 am

Re: certificationkits

chrisj wrote:Kind of hi-jacking the thread, but any recommendations on what and where to get Juniper firewalls to learn on?


SRX100 is the cheapest you can pick up new they sit around 600 or 700 bucks.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri May 25, 2012 9:57 am

Re: certificationkits

nicklauscombs wrote:
chrisj wrote:Kind of hi-jacking the thread, but any recommendations on what and where to get Juniper firewalls to learn on?


SRX100 is the cheapest you can pick up new they sit around 600 or 700 bucks.


SRX is not the cheapest you can get, and the SRX is an altogether different platform from the SSG series. If you wanted to learn say ScreenOS on the Juniper side, you can pick up an older NS25 (http://www.ebay.com/itm/Lot-of-2-Junipe ... 3375948cb6) which will run the latest versions of ScreenOS.

SRX' are more router gateways and run JunOS and if you haven't dealt with JunOS before, will give you a headache. For more on the pros/cons see the following thread: http://www.gossamer-threads.com/lists/nsp/juniper/23125

As for ASAs I try to avoid them. Checkpoint, same applies. However, since you want to tinker around, different story. VMWare had/has a checkpoint appliance you can fiddle with. It is not the same as say maintaining something like a Nokia IP series running checkpoint, but will get you familiar with it.
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Fri May 25, 2012 10:33 am

Re: certificationkits

Why don't you like ASAs?
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri May 25, 2012 10:56 am

Re: certificationkits

ASAs mungle "non-Cisco" VoIP so horrible. They have their pluses but NAT isn't one of them. I have seen them break their own Cisco Cube deployments as well. Overall they have been more of a headache then a lifesaver/help. Cisco does things really well when an entire infrastructure is Cisco down. They just don't play well with others
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Fri May 25, 2012 11:25 am

Re: certificationkits

What is your favorite firewall brand or solution?
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri May 25, 2012 12:30 pm

Re: certificationkits

It depends, for high availability, I love Stonegates. They have the ability to keep a VoIP call up and running even if one provider on an interface goes down. I favor Juniper over Cisco because overall they play better with most equipment outside of their own brand. I also like Palo Alto, but they can be pricey. End of the day though, in a managed security service arena, one gets used to them all. So I have no issue dealing with most. I do have my preference when I am the designer.
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Sat May 26, 2012 7:32 am

Re: certificationkits

sil wrote:ASAs mungle "non-Cisco" VoIP so horrible. They have their pluses but NAT isn't one of them. I have seen them break their own Cisco Cube deployments as well. Overall they have been more of a headache then a lifesaver/help. Cisco does things really well when an entire infrastructure is Cisco down. They just don't play well with others


It is funny you say that since I had a tough time with IPSEC tunnels with cisco/checkpoint and cisco/watchguard.  The phases were identical yet I still had to troubleshoot for ages.  I will eventually have to set up the same with some SSG's but hopefully will have a better experience. 

The last time I messed with Checkpoint, I learned with R60-R70 on servers.  I never messed with their appliances.  I think Sil is right, there are a lot of VMware appliance to learn from as far as firewalls too. 
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com
<<

knwminus

User avatar

Full Member
Full Member

Posts: 100

Joined: Thu Feb 25, 2010 11:26 pm

Post Sat May 26, 2012 8:06 am

Re: certificationkits

@Sil


@Sil

I am a shocked you didn't mention iptables of pf. Do you not like open source firewalls in the enterprise?
Last edited by knwminus on Sat May 26, 2012 8:08 am, edited 1 time in total.
A+ N+ CCNA CCNA:S CNSS 4011 Security+

Next Up: CCNP CCNP:S
<<

bbel121

Newbie
Newbie

Posts: 1

Joined: Wed Jul 18, 2012 9:55 am

Post Wed Jul 18, 2012 10:06 am

Re: certificationkits

I have had experiences with CertificationKits and ebay.  It ended up costing me more to purchase all the pieces seperately on ebay when you factor in shipping and then i found i got units with wrong memory that would not support some of the features i needed and did not have ios to do some of the commands i needed either.  Luckily this was when I just started with a basic 2 router kit.  The other big difference I found with CertificationKits is you don't have to spend hours trying to figure out all the little peices you need.  I don't know about you, but for me my time is valuable and ordering things from 15 different ebayers and tracking them was a PIA.  CertificationKits also included lots of very valuable study materials like their lab workbook, a cram type sheet and a subnetting workbook that really helped me understand subnetting.  Those books had to be worth $30 to $40 each and the cram sheet I would guess $10.  So when I took all that into consideration CertificationKits was basically the same price as eBay and a lot less hassle.  BTW, they helped me upgrade the kit I already had and I probably shot them 5 or 6 questions on concepts that were not making sense to me and they answered all the questions within an hour or so.  So that also made me very happy.
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Thu Jul 19, 2012 5:36 am

Re: certificationkits

welcome to the forums I guess?!  ::) Nothing suspicious here.

ANyway, I just briefly saw the discussion above, I would love to see someone give a tutorial on playing around with a few firewalls, virtual appliances or not. Anyone up to the challenge?
sectestanalysis.blogspot.com/‎
Previous

Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software