[Chugalug] OT: Favorite Enterprise Firewalls?

Bret McHone dbmchone at gmail.com
Wed Apr 17 15:16:56 UTC 2013

I honestly haven't even looked to see if Brocade has a firewall.

As far as the switches go...
We have a couple Brocade MLX chassis and four ICX 6610s. They are actually
pretty good equipment and the look and feel of the Brocade command line is
VERY much like the Cisco NX-OS. We had one MLX that had some really funky
& intermittent issues and Brocade ended up shipping us out FULL replacement
of the entire unit. Chassis, power supplies, high speed fabric modules, and
all line cards. No issues since the replacement and our old unit was
shipped to their engineering so they could tear it apart to find the
problem. They also sent their local engineer to help me do the replacement
of the unit.


On Wed, Apr 17, 2013 at 10:45 AM, Nick Smith <nick at nicksmith.us> wrote:

> What about brocade stuff?
> I have no experience with them, but i know our vendor likes to try to push
> them on us when we order cisco gear, stating that they are alot less
> expensive than cisco and you dont have to deal with smartnet.
> Ive never touched one, but it might be worth looking into.
> http://www.brocade.com/index.page
> I guess they are cisco competitor.
> On Wed, Apr 17, 2013 at 10:42 AM, Dave Brockman <dave at brockmans.com>wrote:
>> On 4/17/2013 10:10 AM, Jason Brown wrote:
>> > I have to plug pfSense. ("Enterprise" is a bullshit buzzword to me).
>> While I agree with your sentiments.....
>> > I have never understood the 24/7 parts replacement / repair requirement
>> > that IT departments insist on. It is MUCH easier to just have hot
>> > redundant hardware than to continually pay for that kind of support.
>> There are failover options available on Cisco kit at least.  It's harder
>> to buy that second $20k, $40k, $80k unit however.  And often "support"
>> with firewalls is not actually support, but subscriptions to their
>> Anti-virus signatures, Anti-SPAM signatures, IPS/IDS signatures, botnet
>> traffic filter licenses, etc etc etc.  Did you see support in that list?
>>  Me neither.
>> > No matter how good your support contract, hardware WILL fail, expect it
>> > and make failover seamless. It saves me a lot of headache. 4 Hours is
>> > way more downtime than I am comfortable with. 4 minutes is way too long
>> > for me.  4 seconds I can deal with.
>> A much wiser man than myself once told me this:  "I can decrease your
>> downtime directly proportional to the size of your wallet, it's up to
>> you and your wallet to determine how much downtime you can actually
>> afford."
>> > For those people that want it, pfSense also provides the 24/7 support at
>> > a reasonable price. I have not used it personally.
>> > https://portal.pfsense.org/index.php/support-subscription
>> pfsense (and BSD's IPSec stack) have shortcomings compared to other OS
>> offerings.  Specifically, NAT before IPsec is not an option, so
>> connecting overlapping subnets via pfsense is not possible.  There are
>> also issues with UDP traffic (specifically Microsoft AD traffic from
>> workstation to servers) across VPNs.  Not a big deal to make a registry
>> change to one remote workstation.  Huge pain in the ass to make the same
>> change to 100 remote workstations.
>> You have to be aware of a products limitations as well as its
>> capabilities.  And not all carpentry work requires a standard claw
>> hammer.  Sometimes you need an utility knife too....
>> Regards,
>> dtb
>> _______________________________________________
>> Chugalug mailing list
>> Chugalug at chugalug.org
>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
> --
> --------------
> Nick Smith
> nick at nicksmith dot us
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130417/500b5052/attachment.html>

More information about the Chugalug mailing list