Sounds like a valid option, but I am sure they would rather just
hire a hardcore microsoft person and then just use the cisco
support to fix whatever problems they have.
Someone should start a PF pay for support program =)
Take money and give management people the warm fuzzy feelings.
I wish I
On 20/09/2004, M Raju [EMAIL PROTECTED] wrote To [EMAIL PROTECTED]:
Anyone running OpenBSD PF as the primary firewall for large mid-large
orgranizations? If so what type of hardware, setup, etc. Just
curious..
case 1: replace PIX by OpenBSD on a 1.1ghz el-cheapo-19 PC --
doubled that
On Sep 23, 2004, at 9:29 AM, Michael Clark wrote:
If I was not here they would have no one to work on it.
Awesome logic. Why does the company do anything at all, then?
Well, it can be a telling point. For my part, I alleviated my Managing
Director's concerns about implementing OBSD + pf
-Original Message-
From: Greg Hennessy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 22, 2004 4:06 PM
To: [EMAIL PROTECTED]
Subject: Re: OpenBSD PF in the Enterprise?
On 22 Sep 2004 09:52:26 -0700, [EMAIL PROTECTED] (Kevin) wrote:
They are installed, working and a sunk
On Thursday 23 September 2004 08:29, Michael Clark wrote:
The service from cisco is very good.
Given what one has to pay to get it, one would hope so.
I think the major reason I do not currently have PF in my workplace is
because I am the only person that can support it. If I was not here
On 24 Sep 2004 01:31:14 -0700, [EMAIL PROTECTED] (Shawn K.
Quinn) wrote:
I think the major reason I do not currently have PF in my workplace is
because I am the only person that can support it. If I was not here
they would have no one to work on it.
They could hire someone else to support
-Original Message-
From: Greg Hennessy [mailto:[EMAIL PROTECTED]
Sent: Friday, September 24, 2004 5:52 AM
To: [EMAIL PROTECTED]
Subject: Re: OpenBSD PF in the Enterprise?
On 24 Sep 2004 01:31:14 -0700, [EMAIL PROTECTED] (Shawn K.
Quinn) wrote:
I think the major reason I do
Michael Clark writes:
The service from cisco is very good. I think the major reason I do not
currently have PF in my workplace is because I am the only person that can
support it. If I was not here they would have no one to work on it. With
the cisco support any one that can type can eventually
Kevin writes:
I'm sort of in the same boat. I have a strong case for replacing
multiple PIX failover pairs with OpenBSD on Dell, but I'm holding back
from making that recommendation solely because of the rational fear
that, lacking someone to hang the blame on, when problems do come
up, the only
On Wed, 2004-09-22 at 20:39:55 -0600, [EMAIL PROTECTED] proclaimed...
And my reply to you, Kevin, would be to *fix* the problem rather
than hanging you hat on having a target to blame.
Apparently you've never had a job where you've worked with more than
3 people who are managers or directors.
Thought I would throw in my 2 cents (being devalued as I type):
Some battles you will never win. When given the option, the bean
counters will always take the path with the least resistance and the
least responsibility. Remember the old adage: No one ever got fired
buying Big Blue? That mindset
On Tue, 21 Sep 2004 10:54:50 -0600, [EMAIL PROTECTED] wrote:
Russell Fulton writes:
On Tue, 2004-09-21 at 09:37, Nick Buraglio wrote:
They also said that in large enterprise there
is a need to have a responsible party for software and hardware.
My stock answer to this argument is And
Kevin wrote:
I'm sort of in the same boat. I have a strong case for replacing
multiple PIX failover pairs with OpenBSD on Dell, but I'm holding back
from making that recommendation solely because of the rational fear
that, lacking someone to hang the blame on, when problems do come
up, the only
On 21 Sep 2004 23:20:32 -0700, [EMAIL PROTECTED] (Kevin) wrote:
I'm sort of in the same boat. I have a strong case for replacing
multiple PIX failover pairs with OpenBSD on Dell,
They are installed, working and a sunk cost.
Why would you waste money replacing them ?
greg
--
On Wed, 22 Sep 2004, Greg Hennessy wrote:
I'm sort of in the same boat. I have a strong case for replacing
multiple PIX failover pairs with OpenBSD on Dell,
They are installed, working and a sunk cost.
Why would you waste money replacing them ?
In many cases, the cost of s/w
On Wed, 22 Sep 2004 10:08:07 +0100, Greg Hennessy [EMAIL PROTECTED] wrote:
On 21 Sep 2004 23:20:32 -0700, [EMAIL PROTECTED] (Kevin) wrote:
I'm sort of in the same boat. I have a strong case for replacing
multiple PIX failover pairs with OpenBSD on Dell,
They are installed, working and a
On Wed, Sep 22, 2004 at 11:00:43AM -0500, Kevin wrote:
On Wed, 22 Sep 2004 10:08:07 +0100, Greg Hennessy [EMAIL PROTECTED] wrote:
On 21 Sep 2004 23:20:32 -0700, [EMAIL PROTECTED] (Kevin) wrote:
I'm sort of in the same boat. I have a strong case for replacing
multiple PIX failover pairs
On 22 Sep 2004 09:52:26 -0700, [EMAIL PROTECTED] (Kevin) wrote:
They are installed, working and a sunk cost.
Why would you waste money replacing them ?
Cisco's annual maintenance fee for each PIX is about equal to our cost
for a Dell to replace it. The annual cost for a Dell hardware
On Sep 20, 2004, at 5:37 PM, Nick Buraglio wrote:
They also said that in large enterprise there is a need to have a
responsible party for software and hardware.
I got around that at a previous commercial job when I showed the EULA
to the corporate lawyers, and they told the must have someone we
On Sep 20, 2004, at 4:37 PM, Nick Buraglio wrote:
Back when I used to work for a decent sized insurance company (who
used checkpoint on the nokia boxes) I used to push ipf (as far as I
know pf was not around) and many other open source projects as a cost
savings feature to M$ and other
Russell Fulton writes:
On Tue, 2004-09-21 at 09:37, Nick Buraglio wrote:
They also said that in large enterprise there
is a need to have a responsible party for software and hardware.
My stock answer to this argument is And when did you last get any
satisfactory redress from a software company
Yeah, I used to try to convince them till I was blue in the face. I
finally went back to my little lab and shut up when I realized I was
getting nowhere. Thankfully I currently work in Academia / Research
where opensource is welcomed and M$ has no real foothold.
nb
On Sep 21, 2004, at 11:54
Thanks to everyone for your replies. I am setting up a demo with two
boxes Pentium4 2.8GHZ with 1GB of RAM as a PF (CARP/Pfsync) cluster (I
run soekris at home). Hopefully able to right a case study on
migration. I think we need more documents in case study format from a
business perspective to
Thanks to everyone for your replies. I am setting up a demo with two
boxes Pentium4 2.8GHZ with 1GB of RAM as a PF (CARP/Pfsync) cluster (I
run soekris at home). Hopefully able to right a case study on
migration. I think we need more documents in case study format from a
business perspective
On Mon, 20 Sep 2004, M Raju wrote:
I have been having trouble convincing some suits aka Management for a
1500+ employee company to migrate from Checkpoint to PF. Taking into
fact that the company is the process of debt-restructuring aka
chapter 11, cost-cutting is vital for all IT needs.
Personally, I'm happy with the developers focusing on code.
Absolutely.
On Mon, 20 Sep 2004 14:27:36 -0400 (EDT), [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Thanks to everyone for your replies. I am setting up a demo with two
boxes Pentium4 2.8GHZ with 1GB of RAM as a PF (CARP/Pfsync)
Vadium,
Thanks. I once used FWbuilder to train some of the CLI challenged
Cisco PIX admins who do level-1 support. I need to look at again and
see what has improved for CP. I will be in touch.
_Raju
On Mon, 20 Sep 2004 11:26:12 -0700, Vadim Kurland /r/
[EMAIL PROTECTED] wrote:
Raju,
you
Back when I used to work for a decent sized insurance company (who used
checkpoint on the nokia boxes) I used to push ipf (as far as I know pf
was not around) and many other open source projects as a cost savings
feature to M$ and other commercial products. The answer I always got
from the
Have not had an opportunity to test, but I am curious if the
site-to-site CP VPN will work with OpenBSDs' IPSec implementation.
Unless CP really screwed up the RFC, I would thing it would not be a
problem. Cisco PIX IPSec (both gateway/road warrior) configurations
seem to worth with 3.5 so far.
29 matches
Mail list logo
