Configuring NetScreen Firewalls [Paperback]

OK, so I'm sitting here, reading about setting up my route preferences (I'm on page 289), and the sentence trails off into nowhere--literally, not figuratively. It simply . . . disappears. This book is rife with incomplete sentences (and therefore, thoughts and instructions are left incomplete), misuse of language (affect vs. effect), misspellings, etc. Why is this important? In a technical manual, details matter. So, when I'm reading a technical manual, and it's clear that the author and editors have not paid close attention to detail, the rest of the instructions are suspect.

Here is another example. There is an entire section on Policy-Based VPN Configuration, which is fantastic; however, Juniper has basically stated and written in the solution brief "How Different VPN Approaches Affect Site-to-Site Scalability and Connectivity" that Policy-Based VPN's are the least preferred method of defining a VPN, because of connectivity and reliability issues. This is important because this book does not describe the process for configuring the alternative types of VPN's--route-based or dynamic route-based--but merely lends a paragraph to the former and a sentence fragment to the latter. This is a huge oversight by the authors, and leaves the reader fingering through other manuals to properly configure the device.

A few positive notes, the chapter on the Netscreen product line was helpful and informative, the screen shots helped walk me through several rudimentary procedures, and I found it to be a pretty good review for dusting off my old NCIA certification.

Craig Lockhart, JNCIA-FW, CCSE

I read a lot of books, and while I don't review all of them, I am often compelled to write a review when a book stands out, either for it's clear leadership and technical distinction in the marketplace, or for it's extreme lack thereof. In this case, I was compelled to write the review based on the latter.

Seeing as this is the only Netscreen book on the market, I had high expectations for it. When one looks at the credentials of the numerous authors, it reads like a veritable list of leaders in the Security industry. As such, I was rather excited when I picked up this book. As I began reading this book, I quickly realized that it was not going to meet my expectations. Clearly this book was rushed to market, another sign that the primary concern of many publishers is not in producing quality, but rather quantity. This book suffers from many of the same problems I see with other books on the market with multiple contributing authors, which is that the voice isn't consistent throughout the book. Some chapters have diagrams, screen shots, or CLI commands outlining various procedural steps, whereas these details are noticeably absent in others.

In addition, this book is littered with many errors throughout, both typographical as well as technical. In some cases, as other reviewers point out, sentences simply stop abruptly mid-sentence. The text often refers to diagrams which don't even exist. There are numerous references to find additional information in other chapters which are non-existent.

With regards to technical content, the authors certainly could have added more detail, especially considering the number of authors who contributed to this text. For example, the chapter on Routing does a good job of telling the reader how to enable BGP, but provides no details on how to actually configure a BGP neighbor. Another example is URL filtering which is discussed in the chapter on Attack Detection and Defense. While the authors do a good job of describing the various modes to support URL filtering (redirect vs. integrated), there is no explanation of how redirection actually takes place and no diagrams to provide for comprehensive understanding of the subject matter.

I can't blame the authors entirely for the many flaws in this book, as any decent technical editor should have been able to spot many of these errors prior to publication. One wonders whether the technical editors even read the book as many of the errors are so blatant that it's inconceivable that so many managed to slip through. I'm disappointed in Syngress for publishing a book with so many errors, and this has definitely led me to believe that Syngress does not want to maintain a leadership position of publishing technical content of the highest magnitude, but rather they are only concerned with being the first to market with a particular product.

I will give this book 2 stars in that it is indeed a noble attempt at covering a wide array of topics, as well as for being the only book in the industry which covers this subject matter. I suggest that the authors should examine the possibility of releasing a second edition which may fix these blatant errors, as well as hiring some decent technical editors.

I just got this book second week of January, 2005. This review is written after using the book for one week.

I have been using NetScreen 5GT's for about one year. The book covers all the important topics for using the NetScreen OS. The value of the book is fantastic compared to a consultant at $175 to $200 per hour (US dollars). If you are new to using Netscreen, the book will save lots of time understanding and setting up a OS configuration.

The chapters are setup in a very logical way. The writing and examples are easy to understand and follow. The authors have done a better job than the "official" NetScreen documentation, in creating a book that makes it possible to quickly learn the NetScreen technology.

The list of authors contains the exact type of people you would want to ask a hundred questions of, for setting up a new Netscreen: independent Security Consultants and system engineers who work for Netscreen. (Those hundred questions are answered in this book).

Here is the ultimate compliment I can give the book, to me it is worth more the twice the price I paid for it.