re: Anyone here have their CCNA?

(no message)

Check out/test Aruba next time you guys are looking to improve/update your network infrastructure. You'll be surprised when you compare it to Cisco.

With all due respect to those loyal to Cisco, the company is slipping IMHO

quote:

---

i vote Palo as well... i've played with every next gen firewall out there for the most part and Palo is currently at the top of the list for me.

---

Worst part about the oil downturn. I don't bother playing with new toys because I know we won't spend the money

quote:

---

You'll be surprised when you compare it to Cisco.

With all due respect to those loyal to Cisco, the company is slipping IMHO

---

cisco is so damn overrated in everything they sell. wireless? rather go with aruba. firewall? rather go with Palo Alto, Fortinet or SW. Edge switches? dell, extreme, aruba all do the same for 60% of the price.

so overrated.... except for their 9ks baws.

Personally, I haven't gotten my hands on Aruba or Palo Alto. I have dealt with Sonicwalls, and I rather deal with an ASA. That said, that might be a biased opinion just simply because I'm so familiar with ASAs and unfamiliar with Sonicwalls. I've dealt with Cisco, Juniper, Adtran, and Brocade for routing and switching. I've found that Juniper works just as well, but costs just as much (until you're a Juniper partner). I fricking hate Brocades and Adtran. We call them Brokeade and Sadtran. I've seen OSPF stop working altogether on a Brocade FCX648S by simply configuring a new VLAN interface. Had to reboot the son of a bitch.

For firewalls, we have previously used ASAs but are moving to Juniper SRX platform as we slowly migrate off of an older infrastructure. I have a love/hate relationship with the SRXs, so far...I love the security zones, gives you lots of control and flexibility. We have had lots of bugginess with them, though, and to get a beefier SRX costs quite a bit.

The ASR9Ks are boss. IOS-XR is great, also. The only problem with the ASR9K is upgrading can be a bit of a real bitch at times, although they're making it a smoother process as time goes on.

quote:

---

Personally, I haven't gotten my hands on Aruba or Palo Alto. I have dealt with Sonicwalls, and I rather deal with an ASA

---

my problem with the ASA is that it hasn't changed or improved in the last 10 years. they added the ASDM for those who can't CLI (no offense intended.) it lets you make a NAT and open a port to an IP and that's it.

sonicwall, palo, and fortinet have all realized the fact that ports are incredibly insecure and moved on to application visibility along with LDAP integration. you allow applications OR ports to the right users OR IPs. Also the IPS module was completely worthless to even a power user unless you had time to sit and eliminate false positives all day long. PAN, SW, and Fortinet include malware, IPS, and (semi-crappy) URL filtering built into the box.

Cisco didn't even try to develop something, just bought Sourcefire and made people put in a module, buy another appliance, and try to sell a bunch of UCS servers to support it.

quote:

---

I demo'd one for about 3 months. I really wasn't overly impressed. I definitely thought the DPI on a SonicWALL was much more intensified than on the Palo Alto

---

I'm on the other end of the spectrum. I think a PAN firewall was probably the greatest purchase I've made in the past 3+ years. Everything seems easier than any other firewall I'd used, from basic log viewing, to setting up L2L VPN's, security rules, NAT rules, etc. The AD integration is pretty sweet too, as well as being able to view behavioral blocks (SMTP brute force attempts, for example) and blocking incoming traffic from entire countries without having to actually specify the IP ranges.