[Chugalug] OT: Favorite Enterprise Firewalls?

Jason Brown lists at masterforge.com
Wed Apr 17 21:00:13 UTC 2013

On 04/17/2013 10:50 AM, Bret McHone wrote:
> The term "Enterprise" is as much political as it is technical. Sure, I 
> could grab a couple PE2950s that i've decommissioned and put PFSense 
> on it and it would probably outperform a lot of what's out there. 
> However, if something breaks it falls on me 100%. I am one of two 
> people that support our entire infrastructure. That includes wired & 
> wireless LAN, Virtualization, storage, etc.. It all falls on me. I'm a 
> bit of a jack of all trades, but a master of none so vendor 
> relationships are actually pretty dang important to me.
If you need one of the product, and have high availability concerns, 
then you need two of the product. It does not matter who makes it, or 
what the support contract is.
> I actually do use PFSense as a firewall for my public access network. 
> It's a good system and I think it works well, but that back-end 
> support and local "feet on the street" support just isn't there.
I think the back-end support is there, if you pay for it. Just like 
other vendor support. (Even the "feet on the street". Just ping this 
list for example).
> My Brocade and Enterasys vendors have actually come on-site and helped 
> me out at no extra cost with various migrations. Our Brocade engineer 
> actually drove over from Nashville to help me out at 2AM during our 
> switch migration from nortel passport 8610 to the MLX a few years back 
> just to give me an extra set of hands and troubleshoot a couple simple 
> network configuration issues..
You paid for it, whether it was an extra charge or not. If that's cool 
with you, it's cool with me.
> Your input is appreciated and you are welcome to your opinions, but we 
> do differ in what we think of "Enterprise" equipment.
I differ with a lot of people on a lot of things but the main point I 
wanted to make is not "pfSense saves the world" or "Never buy the big 
guys". Not at all, my point is that redundant infrastructure trumps 
vendors support / on site warranties.  A hot fail-over or load balance 
configuration (should) always provide better availability. If you can do 
both? Awesome!

I do still feel that the term "Enterprise" lost it's meaning long ago. 
Google "Enterprise Edition" for hundreds of pages of examples where that 
just means: "We left out feature x so we could add a zero to the price" 
and nothing more.


> -Bret
> On Wed, Apr 17, 2013 at 10:10 AM, Jason Brown <lists at masterforge.com 
> <mailto:lists at masterforge.com>> wrote:
>     I have to plug pfSense. ("Enterprise" is a bullshit buzzword to me).
>     I have never understood the 24/7 parts replacement / repair
>     requirement that IT departments insist on. It is MUCH easier to
>     just have hot redundant hardware than to continually pay for that
>     kind of support.
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130417/901e5c34/attachment-0001.html>

More information about the Chugalug mailing list