Hi I’m Mario, you may have heard of me from such threads as the Watchguard X750E review and DIY Firewalls. Today I’m finally going to post my review/thoughts on the Juniper SSG20, since it has to go back to Juniper today or tomorrow. It sucks when you have to do actual work. Or a sick for a few days. AS usual, pictures tell the bulk of the story: Click to view full size! Click to view full size! And since this time, I can take the case apart, we have these pictures! Note this is the wireless model, with the daughter board for the AP here: Click to view full size! Also the processor is an Intel IXP455 processor, running at 400MHZ, with 265MB RAM. Click to view full size! The RAM is user upgradeable, via a panel on the base of the unit: Click to view full size! To have the extra functionality, (UTM, DI etc.) the “hi-memory” option must be installed. The reality is you don’t buy a device like this and not have the UTM stuff enabled. Click to view full size! Note at the back the single USB port and Kensington lock slot. The USB port is for configuration backup only as far as I am aware. My unit didn’t come with rack ears, so I don’t know how sturdy they are. The SSG20 has a very basic, but functional case, I really like that you can get to it very easily. Power supply is a 12volt 3.3amp brick. Interfaces: Click to view full size! Firstly, Juniper has a unique approach to routing compared to anything else I use/have used before. It breaks its rules down like this: Virtual routers, Zones Interfaces Policy It gives you much more flexibility than a “traditional” router, for example routing many networks over the one unit, with complete separation of traffic. The easiest way to explain this is by example. Create one virtual router, called “trust-vr”, then 2 “zones “trust” for the cold side, (LAN) and “untrust” for the hot side (WAN). Then you can assign interfaces to the zones and then finally set policies for data going from the different zones. You can then expand on this with many zones, for example creating a DMZ zone or an intranet zone, then assigning interfaces to it. The advantage here is, one the zones are created, you can easily change interfaces assigned to the zones, without having to recreate your rules. This can be further expanded with the use of multiple virtual routers. This model can have up to 4 virtual routers I believe, so you can split up the unit in many ways. I’ll stop here for a second. A few important things to know: the SSG series are being phased out; replaced by the SRX series, one of which I have to finish my review of, the SRX210. Just as important, I believe they are phasing out the Screen OS system that runs on the SSG series, and moving everything to their JunOS product/operating system. So let’s move on with Screen OS, in its command-line form. The way you build commands in Screen OS is a bit like DOS, one command, many arguments. In comparision to IOS or JOS (JunOS), where you have menus to navigate, here you build the command from one “set” statement. Example: Code: SSG20->set interface ethernet0/1 ip 192.168.80.1 255.255.255.0 Will set the interface 0/1 to the IP address 192.168.80.1, rather than having to navigate to interface with a configure command, then an interface command. I personally don’t like it as it slows you down when you are doing multiple things to the same interface, like setting a DHCP server for example, as you have to type the initial commands first every time. The SSG20 also has an “exec” set of commands, to execute different functions: Click to view full size! And again, you build the commands the same way you do with the “set” commands. You can also dump out the config to text and then batch it in. On to the web interface! Home screen: Click to view full size! The biggest problem that I have with this unit it right here: the web interface is entirely Java based, and is S-L-O-W. No matter what browser I use, it’s very slow to respond to input. Interface main screen: Click to view full size! This is where you can assign the physical interface to a virtual router and then a zone. In this case the “untrust-vr” is in a down state, so the zone in null. Click to view full size! There are a few wizards that can help you through the config process of basic NAT and VPN, which is great to get it up and running quickly. Click to view full size! Web filtering can be done internally, or a redirect service to another server. SurfControl is pretty easy to set up, and there is a default set of filters in place. My gripe here is while you can choose what category but not not anything more defined than that, other than manual URL block/allow. Overall, the router is average. The fact its EOL means I wouldn’t recommend you buy one. I don’t like the web interface and the UTM side is lacking granularity. As a router/firewall, performance is really good, and the complexity of the rules you can set up is a standout. One you get your head around the ScreenOS commands the CLI is a much faster way to configure the router. Thanks for reading, and comments are always welcome! I do apologise for the delay/brief nature of this review, by myself at work and sick means no time for routers.