[Chugalug] OT: Favorite Enterprise Firewalls?

Nick Smith nick at nicksmith.us
Wed Apr 17 14:45:56 UTC 2013

What about brocade stuff?

I have no experience with them, but i know our vendor likes to try to push
them on us when we order cisco gear, stating that they are alot less
expensive than cisco and you dont have to deal with smartnet.

Ive never touched one, but it might be worth looking into.


I guess they are cisco competitor.

On Wed, Apr 17, 2013 at 10:42 AM, Dave Brockman <dave at brockmans.com> wrote:

> On 4/17/2013 10:10 AM, Jason Brown wrote:
> > I have to plug pfSense. ("Enterprise" is a bullshit buzzword to me).
> While I agree with your sentiments.....
> > I have never understood the 24/7 parts replacement / repair requirement
> > that IT departments insist on. It is MUCH easier to just have hot
> > redundant hardware than to continually pay for that kind of support.
> There are failover options available on Cisco kit at least.  It's harder
> to buy that second $20k, $40k, $80k unit however.  And often "support"
> with firewalls is not actually support, but subscriptions to their
> Anti-virus signatures, Anti-SPAM signatures, IPS/IDS signatures, botnet
> traffic filter licenses, etc etc etc.  Did you see support in that list?
>  Me neither.
> > No matter how good your support contract, hardware WILL fail, expect it
> > and make failover seamless. It saves me a lot of headache. 4 Hours is
> > way more downtime than I am comfortable with. 4 minutes is way too long
> > for me.  4 seconds I can deal with.
> A much wiser man than myself once told me this:  "I can decrease your
> downtime directly proportional to the size of your wallet, it's up to
> you and your wallet to determine how much downtime you can actually
> afford."
> > For those people that want it, pfSense also provides the 24/7 support at
> > a reasonable price. I have not used it personally.
> > https://portal.pfsense.org/index.php/support-subscription
> pfsense (and BSD's IPSec stack) have shortcomings compared to other OS
> offerings.  Specifically, NAT before IPsec is not an option, so
> connecting overlapping subnets via pfsense is not possible.  There are
> also issues with UDP traffic (specifically Microsoft AD traffic from
> workstation to servers) across VPNs.  Not a big deal to make a registry
> change to one remote workstation.  Huge pain in the ass to make the same
> change to 100 remote workstations.
> You have to be aware of a products limitations as well as its
> capabilities.  And not all carpentry work requires a standard claw
> hammer.  Sometimes you need an utility knife too....
> Regards,
> dtb
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

Nick Smith
nick at nicksmith dot us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130417/e4fc6510/attachment.html>

More information about the Chugalug mailing list