Thought I would throw in my 2 cents (being devalued as I type):
Some battles you will never win. When given the option, the bean
counters will always take the path with the least resistance and the
least responsibility. Remember the old adage: "No one ever got fired
buying Big Blue"? That mindset still exists. If you happen to be lucky
enough to work at a place where they care about cost savings while
having a very good product (openbsd/pf) to guard their networks, then,
hurray! Most people don't have that luxury. I've been forced to
install CP on WinNT4 because the admins had "Domain knowledge with
NT". That's a horrible argument: the admins had no clue as to how a
packet filter worked (or a simple routing protocol for that matter),
much less a stateful (or proxy) firewall.
I can't tell you the number of places I've been that won't use open
source because of the finger pointing. Oddly enough, I've seen more
managers buy into the RedHat/SuSE/Mandrake arguments, only because
they are more "buzzworthy". Again, horrible arguments. When asked
why/how netfilter is "superior", they almost always choke up and spout
magazine article garbage.
That being said, generate your arguments, and present the facts. If
they don't bite; don't beat your head into the wall. The only thing
that accomplishes is dents and headaches :-)
Ultimately, you will always be blamed - regardless of the platform you
choose. If the {PIX|netscreen|FW1} takes a dump at 3:00PM, you will
get chewed out, not Cisco, Juniper/Netscreen, CP, etc.
PIX is not a bad firewall if you already have the infrastructure.
However, I would avoid using CiscoWorks - it's an ugly, expensive
solution (IMHO).
-Mike
On Thu, 23 Sep 2004 02:44:03 -0500, eric <[EMAIL PROTECTED]> wrote:
> On Wed, 2004-09-22 at 20:39:55 -0600, [EMAIL PROTECTED] proclaimed...
>
> > And my reply to you, Kevin, would be to *fix* the problem rather
> > than hanging you hat on having a target to blame.
>
> Apparently you've never had a job where you've worked with more than
> 3 people who are "managers" or "directors." There is no rationality
> in anyone above clue-level. That said: it's difficult enough keeping
> a job these days, so sometimes we must set aside our personal
> desires in hopes that, eventually, the correct, best solution can be
> introduced to open minds.
>
