Aaron,
I too had a strange experience with a F5 Sales Rep, he was actually drunk
when he came to demo the Product Line, he was also 45mins late. Could this
be the same guy?
HC
Aaron Turner <[EMAIL PROTECTED]> on 07/17/2000 02:41:25 PM
To: Robert MacDonald <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED] (bcc: Harry Chu/SIAC)
Subject: Re: [FW1] F5's Big/IP load balancing and HA
Well, unfortunately I had a bad sales experiance with F5 once that left a
bad taste in my mouth. I've been told that this person is no longer
employed there and they don't condone that sort of thing, but it was
enough to turn me away when I was making my purchasing decision. Since
then, we've been using RadWare products (WSD, WSD-DS, and WSD-NP) for over
two years and have been very happy with both the hardware and the company
behind it. As such, I have really no idea what the
capabilities/limitations of the Big/IP are other than they're bigger (4RU
vs 1RU) and require seperate hardware for distributed load-balancing which
the WSD does not.
I'm sure they're are a lot of people here that run F5 products and are
very happy with them too.
Regardless, I'd be very hesitant to use a Big/IP with Firewall-1 becuase
it is not OPSEC certified. I realize getting certified will take some
money and effort on F5's part. But if they're not willing to put forth
what is necessary to show that they are commited to the Checkpoint
platform when their competitors like Alteon and RadWare are, why should I
bother tell F5 to get their act together? If I was an existing F5
customer that would be a different story, but I'm not.
While I have no doubt that F5 stands firmly behind their products, I would
have to question their ability to support firewall load balancing-
especially VPN support. Firewall-1 installations aren't as common as
Cisco switches and routers, so their techs are less likely to be able to
help me debug problems I might encounter. I'm sure they have Cisco
products in house for testing/debugging/QA but do they have Firewall-1?
Anyways, for the record, I don't use any hardware based firewall load
balancer. Our firewall's have 9-13 ports which makes software based
solutions far more cost effective.
--
Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
Security Engineer Vicinity Corp.
Cell: 408-314-9874 http://www.vicinity.com
On Mon, 17 Jul 2000, Robert MacDonald wrote:
> Aaron,
>
> Re-reading my post, it appears that I stated my
> thoughts wrong.
>
> With business the way it is, if a vendor doesn't need
> to implement an option, they don't and won't
> spend $$ on it. F5 has not needed or has had
> enough requests to interoperate with OPSEC,
> so they haven't persued becoming a
> partner(my opinion of course.)
>
> If you(or any others) feel that interoperability is a
> must, then tell F5. If they get enough responses,
> they may persue it(as any vendor might).
>
> As for support, any vendor who truely stands behind
> their product, will be willing to make it work in most
> situations. I have already had good support with F5
> and in a particular problem, it was a Cisco
> configuration issue. They gave me the correct
> syntax and helped me test to verify the fix.
>
> I bought an F5, because I had a need for that
> product and not the interoperability. Conversely,
> I needed a product that would read/accept
> FW1 log information. I chose WebTrends
> for the very reason that it was certified to work
> with CP(not to mention, it does what I need it to
> do.)
>
> btw, what options would you like to see F5
> implement that aren't there? Just curiosity.
>
> Thanks Aaron.
> Robert
> (p.s. I do agree with your last paragraph, and I
> wouldn't buy a product that did X, just so I
> could make it do Z.)
>
> >>> Aaron Turner <[EMAIL PROTECTED]> 7/17/00 1:14:59 PM >>>
> >
> >If there isn't a need for a great deal of interoperability then why
hasn't
> >F5 gotten the certification? They aren't even listed as a partner last
I
> >checked. Maybe it does work great, but it indicates to me that F5
doesn't
> >feel for whatever reason (technical or otherwise) that they want to
> >support the Big/IP product in a Firewall-1 environment. What happens if
> >it doesn't work right out of the box and you need help? Who's going to
> >support the hardware/configuration?
> >
> >RadWare on the otherhand has a dedicated box for load balancing web
> >servers (the WSD) and another series of hardware for firewalls
> >(FireProof).
> >
> >I'm not saying it won't work. Just in my experiance don't by hardware
> >with the intent of doing something with it that the vendors own
marketing
> >department doesn't think you should use it for. YMMV of course.
> >
> >--
> >Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
> >Security Engineer Vicinity Corp.
> >Cell: 408-314-9874 http://www.vicinity.com
> >
> >On Mon, 17 Jul 2000, Robert MacDonald wrote:
> >
> >>
> >> Why? The need for interoperability. Currently there isn't
> >> much(that I'm aware of).
> >>
> >> If the two never interacted(directly), then OPSEC
> >> compliance is not that important.
> >>
> >> And just like firewalls, buying a load balancer is
> >> dependent on your requirements. The 'best' is the
> >> one that fits for you.
> >>
> >> Robert
> >>
> >> - -
> >> Robert P. MacDonald, Network Engineer
> >> e-Business Infrastructure
> >> G o r d o n F o o d S e r v i c e
> >> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
> >>
> >> >>> Aaron Turner <[EMAIL PROTECTED]> 7/13/00 7:02:02 PM >>>
> >> >
> >> >I'd point out that the Fireproof is OPSEC certified and the Big/IP is
not.
> >> >One has to wonder why that is... With that said, I've heard some
good
> >> >things about the Fireproof and I like RadWare in general (we've got a
> >> >bunch of their WSD-NP's).
> >> >
> >> >--
> >> >Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
> >> >Security Engineer Vicinity Corp.
> >> >Cell: 408-314-9874 http://www.vicinity.com
> >> >
> >> >On Thu, 13 Jul 2000, Ivan Fox wrote:
> >> >
> >> >> F5's Big/IP was recommended to us instead of RadWare's Fireproof.
> >> >>
> >> >> Any comments/pointers about these two products are appreciated.
> >> >>
> >> >> Thanks,
> >> >>
> >> >> Ivan
>
>
>
===========================================================================
=====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
===========================================================================
=====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
