RE: [fw-wiz] Netscreen compatibility

• Previous message: Matt Curtin: "Re: [fw-wiz] Off-Topic: Memo of Understanding for Using an Ethical Hacker"
• Maybe in reply to: ROUMEGOUX Pierre: "[fw-wiz] Netscreen compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Pierre.ROUMEGOUX@criltechnology.com, firewall-wizards@honor.icsalabs.com
Date: Thu, 26 Aug 2004 08:31:33 -0400

>
> I wonder if new Netscreen 5GTE are compatible with old
> Netscreen 10 or 5XP regarding VPN IPSec Tunnel.

Pierre,

To my knowledge there is no Netscreen model 5GTE, but there is a model 5GT.

I have been using these devices for some time now and they interoperate
extremely well both among members of the product family and with other
vendors.
My experience does not allow me to answer your specific question
of whether a 5GT will make a VPN with a Netscreeen 10, but I am certain it
will.

I do know from experience that the 5GT can make VPN with the model 5, the
model 5XP,
and the 200 series models very easily.

>
> Apparently, VPN IPSec Tunnel may be different from one
> construster to another (at last the interpretation of the
> standard IPSec). It seems that Microsoft IPSec client doesn't
> work well with Netscreen IPSec. Your opinion ?
>

Yes, different vendors often use different default Phase 1 and Phase 2
parameters.

What is nice about Netscreen VPN products is that it is very easy for one to
create a
Phase 1 and Phase 2 proposal which will work with almost any other vendor.
I have
created VPNs from Netscreens to Cisco Pix and to Symantec firewalls and
appliances. Other folks have wider positive experience.

Specifically to your question regarding interoperability with Microsoft, I
point you to the following
mailing list archives:

http://www.qorbit.net/nn/index.html

In the last week or so, there has been an extensive thread regarding how to
set up a VPN using the MS native
client to a Netscreen. This thread had some very good instructions in it.

If you are new to Netscreens, you might want to subscribe to the nn mailing
list and also visit the Netscreen Forum at

http://www.netscreenforum.com

Good luck and regards,

Bruce
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Matt Curtin: "Re: [fw-wiz] Off-Topic: Memo of Understanding for Using an Ethical Hacker"
• Maybe in reply to: ROUMEGOUX Pierre: "[fw-wiz] Netscreen compatibility"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Virus risk via VPN ... Netscreens Firewall will look into Java/ActiveX and even URLs if you want. ... > sent from the VPN gateway/firewall that checks the client pc to be sure ... > I know Nortel Contivity will support tunnel guard capability in the near ... (comp.security.firewalls) RE: [fw-wiz] Netscreen compatibility ... Question regarding interoperability with Microsoft: I think I will buy Netscreen client licences ... I do know from experience that the 5GT can make VPN with the model 5, ... Specifically to your question regarding interoperability with Microsoft, ... If you are new to Netscreens, you might want to subscribe to the nn mailing ... (Firewall-Wizards) Re: PIX 506E vs NetScreen 5XP/5XT ... the firewall and the VPN client. ... > I work for reseller that sells both Cisco and NetScreen. ... Both the OS, VPN Client, and ICMP support. ... >> because its a Cisco and seems solid, but I like the Netscreens because ... (comp.security.firewalls) Re: monitoring # of vpn at netscreen ... I have never been able to get Netscreens MIB's to work. ... download from their site and look in the MIB to get the OID ... > We have some Netscreen for vpn access from Internet. ... (comp.security.firewalls) RE: What firewall? ... Subject: What firewall? ... One of our clients is pushing 30-40mb/s through ... a HA set of NetScreens and we have nothing but success with these devices. ... VPN using around 10mb/s of traffic. ... (Security-Basics)