We'll I finally got my new Juniper SSG 5 firewall (the replacement model for my old Netscreen 5gt).
I ordered it back in November, originally I was going to get the wireless version but they were still out of stock early this year so I ended up getting the base model (with 256mb of ram).
The main reason for the upgrade was that we'd run out of VPN tunnels (the 5gt did 10). The new version supports 25, plus it upgradeable to 40.
The SSG also has the following advantages over the 5gt (I'm comparing the base model 5gt and SSG 5):
So the device is pretty much double everything that the 5gt is.
It also cost me double. I got the 5gt off ebay for $320, where as the SSG 5 new cost me $640. I got a really good price on it has Bryn was able to sign up as a Juniper reseller, the SSG 5 is about $1200 retail.
The main limitation of the old Netscreen 5gt was the port modes.
The port mode defines what zone (untrust, trust, dmz etc) each ethernet interface is in. Any time you needed to change this you were required to reset the device and config (see below).
Where as the SSG 5 has something called bridge groups allowing you to easily change what zone each interface is in without resetting the device and/or config.
Much more useful if you're playing round with different network topologies (see below).
I've updated some of the IPSEC benchmarks to include both the SSG 5 and an old Netscreen 100 I picked up.