Brian,
> Hmm. Would you really want to be doing anything to 70+ firewalls at one
> time with a script?
Not really. But I don't want to manage 70+ boxes using a command line
interface either. I want something that helps me visualize the network and
look at the rules either summerized for similar objects or in detail for
individual objects. I've read of your CSPM in other posts here so I will
check it out next time I get to look at Cisco products, which should be soon
for client VPN. But so far the best interface I've seen is still the Check
Point GUI and their "centralized" managment station concept is pretty
sensible. It's not perfect and they are (and better be) working hard on it
since so many others are coming out with web based and GUI interfaces of
their own.
> I thought your response was going to be FUD-free until I read this:
>
> At 03:11 PM 9/17/2001 -0700, safieradam wrote:
> >Do a quick survey of postings asking for help on PIX vs. Check Point. A
few
> >years ago PIX seemed to have more problems needing patches and more
people
> >having problems.
>
> I think many will agree this particular observation provides no real basis
> for comparison.
About 4 years ago I made a short lived effort to track a number of firewall
products and count the number of vulnerabilities an resulting patches
reported due to several IP attacks. I no longer have the numbers but the
impression remains that Cisco had more vulnerabilities, patches and cries
for help. The problem with statistics, particularly over a short sampling
period is that they can lie. Or maybe I wasn't looking in the right places.
Back then there was only one firewalls list. But I did look for a several
months and formed an opinion. And the problem with people is that once they
form an opinion it's hard to go back and change your mind. That is why my
comment above had two parts:
a - I suggest that anyone selecting new product do their own survey of a
product's users postings. What kind of questions are the users asking? How
often are they stymied? How often is a patch necessary? Look around a bit
in the users groups and make a note of the things that count for you.
b - I point out that my eval was several years old. I stick by my opinion
that PIX "seemed" to have more problems. Certainly back then when it was a
fairly new product.
I give Cisco credit for one thing that I forgot to mention - when a
vulnerability was found and well known they were reasonably quick to come
out with a patch.
> > Cisco doesn't provide customer support via mail lists. The Cisco
Technical
> Assistance Centers provide global 7x24x365 product support. As Michael
and
> others have pointed out in this forum time and time again that is a huge
> differentiator between Cisco and competitors offerings.
Is Cisco support free? How do I contact them with product configuration and
feature questions?
At my prior employer (Fortune 100) I was told I had to go through our router
architecture engineer and could not contact Cisco directly. On the other
hand I had direct support from the Check Point support center and from an
SE. 24x7x365 is an option. Cisco may not use e-mail (I would not know since
I never had direct support) but you do use the web. Indeed, you get credit
for one of the best sites for on-line manuals and product config and
tutorials. But reading the manuals and tutorials can take a long time to
find an answer to a specific question and does not always answer the
specific question.
I don't want to get into a battle over who or what is best, especially with
a Cisco employee. There are several excellent firewall and VPN products out
there and each should be looked at within the context of your environment
and application. I am reviewing products for a specific purpose for a
current project and have assigned my partner the job of reviewing and
evaluating Cisco, along with others. He is studying for his second Cisco
certification so I expect a thorough evaluation, very detailed discussions
and even demos. I expect both of us to do the same for several other
products and have actual hands on with a final few. I would suggest to
anyone looking at products to look around, make a short list and finally get
some hands on time as part of the selection process.
Adam
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
