On Tue, Dec 06, 2011 at 01:44:05PM -0800, Jonathan Lassoff wrote:
Cramming every little feature under the sun into one appliance makes for
great glossy brochures and Powerpoint decks, but I just don't think it's
practical.
1. It's an excellent way to create a single point-of-failure.
2. I
On Thu, Jan 05, 2012 at 10:22:55AM -0500, Rich Kulawiec wrote:
On Tue, Dec 06, 2011 at 01:44:05PM -0800, Jonathan Lassoff wrote:
Cramming every little feature under the sun into one appliance makes for
great glossy brochures and Powerpoint decks, but I just don't think it's
practical.
1.
Some firewall vendors are proposing to collapse all Internet edge functions
into a single device (border router, firewall, IPS, caching engine, proxy,
etc.). A general Internet edge design principle has been the defense in depth
concept. Is anyone collapsing all Internet edge functions into one
I personally have not seen it done in large environments. Hardware isn't
there yet. I've seen it done in small business environments. Not a fan
of the idea.
-Hammer-
I was a normal American nerd
-Jack Herer
On 12/06/2011 03:16 PM, Holmes,David A wrote:
Some firewall vendors are proposing
I have seen at quite a few of our customers locations, starting out with a
lofty goal of putting everything in a single box (UTM) and turning every single
option on.
In ~ 30% of the firms who do so it works out ok (not great, but it works). In
the majority, the customer winds up turning
They're proposing that so you buy their device, not renew support on
your existing ones :-D
Personally we just went through this w/ Palo Alto Networks. We bought
a handful of their all-in-one firewalls simply for their web-filtering
functionality (replacing Bluecoats). They pitched repetitively
I would argue that collapsing all of your policy evaluation and routing for
a size/zone/area/whatever into one box is actually somewhat detrimental to
stability (and consequently, security to a certain extent).
Cramming every little feature under the sun into one appliance makes for
great glossy
On Tue, 6 Dec 2011, Holmes,David A wrote:
Some firewall vendors are proposing to collapse all Internet edge
functions into a single device (border router, firewall, IPS, caching
engine, proxy, etc.). A general Internet edge design principle has been
the defense in depth concept. Is anyone
On 12/06/2011 11:16 AM, Holmes,David A wrote:
Some firewall vendors are proposing to collapse all Internet edge functions into a single
device (border router, firewall, IPS, caching engine, proxy, etc.). A general Internet
edge design principle has been the defense in depth concept. Is anyone
To echo what James has already said..
I would say it's possible on the low/medium size enterprise network
market. With that stated 70-80% of the time it's not designed
correctly or a vendor issue pops up causing them to disable the
feature.
Careful planning must be done ahead of time. When
On Tue, 6 Dec 2011, Holmes,David A wrote:
Some firewall vendors are proposing to collapse all Internet edge
functions into a single device (border router, firewall, IPS, caching
engine, proxy, etc.). A general Internet edge design principle has been
the defense in depth concept. Is anyone
On Dec 7, 2011, at 6:20 AM, Robert Brockway wrote:
This is completely separate to whether servers should even have a firewall or
IPS in front of them. That's another (interesting) discussion :)
http://www.nanog.org/meetings/nanog48/presentations/Monday/Kaeo_FilterTrend_ISPSec_N48.pdf
We've been fairly against centralizing functions, even
though marketing scripts suggest it is worth doing.
Not security-related per se, but for smaller PoP's, we'll
collapse P/PE functions into a single box. As others have
mentioned, this makes sense when scale is small.
But on a large scale,
On Wednesday, December 07, 2011 11:58:59 AM Mark Tinka
wrote:
But on a large scale, we've not been one to buy into
multi- chassis-type arrangements.
s/multi-chassis-type/logical routers.
Mark.
signature.asc
Description: This is a digitally signed message part.
14 matches
Mail list logo
