If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(eBay)   Anyone need a firewall/IPS? How about Fark's old one? Guaranteed free of beer/bourbon stains   (cgi.ebay.com) divider line 137
    More: Plug, des, serial numbers, University of Coimbra  
•       •       •

8638 clicks; posted to Main » on 09 Aug 2013 at 11:52 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



137 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest
 
2013-08-09 11:52:33 PM  
/submitter, obviously
 
2013-08-09 11:53:35 PM  
I enjoyed writing your malware signatures.
 
2013-08-09 11:53:35 PM  
Currently using ASA 5520s at work.   They're solid.
 
2013-08-09 11:54:18 PM  
Behind 7 proxies. Don't need one.
 
2013-08-09 11:54:45 PM  
Cisco ASA 5510 adaptive security appliance

I thought you said it was a firewall.
 
2013-08-09 11:55:02 PM  
Fark no. That thing must reek like burbon.
 
2013-08-09 11:55:04 PM  
It works fine, we just needed something (and a failover dupe) that was bigger.
 
2013-08-09 11:56:42 PM  

gingerjet: Cisco ASA 5510 adaptive security appliance

I thought you said it was a firewall.


Which is it, Sir?  You seem to be changing your story...
 
2013-08-09 11:56:42 PM  
Sonicwall super massive user
 
2013-08-09 11:57:14 PM  
No thank you.  I'm pushing for an F5.
 
2013-08-09 11:57:27 PM  
Does it come with a handle of Maker's?
 
2013-08-09 11:58:08 PM  
Wow, I didn't know Fark also had a wireless network called 'Linksys'!
 
2013-08-09 11:58:29 PM  

djh0101010: gingerjet: Cisco ASA 5510 adaptive security appliance

I thought you said it was a firewall.

Which is it, Sir?  You seem to be changing your story...


A router with some lousy filtering filtering capability and completely shiat IPS capability.

/helped beta test the things back in the day
//infosec snob
 
2013-08-09 11:58:54 PM  
Fark got a new, bigger, firewall?  No more flamewars!!!!   Yay!
 
2013-08-09 11:58:57 PM  
Folks should read this before bidding.
 
2013-08-10 12:00:38 AM  
Was that not included in the Buzzfeed deal?
 
2013-08-10 12:00:40 AM  

gingerjet: Cisco ASA 5510 adaptive security appliance

I thought you said it was a firewall.


If you're going to make passive-aggressive statements, just whip out your e-dick since you know you want to. I'm certain there are a lot of applications that need even more, but after seeing DDOS rip through everything and barely make a blip on the CPU of one of these guys, uhhh... i'm wondering where the punchline is. It could be you.
 
2013-08-10 12:01:17 AM  

gingerjet: snob


nailed it.
 
2013-08-10 12:01:57 AM  
Bah, Running a Juniper SRX 220.   Juniper > Cisco
 
2013-08-10 12:02:28 AM  

foo monkey: Fark no. That thing must reek like burbon.


And trolls
 
2013-08-10 12:04:17 AM  
upgrading to the new PRISM compliant model?
 
2013-08-10 12:05:45 AM  

brukmann: gingerjet: Cisco ASA 5510 adaptive security appliance

I thought you said it was a firewall.

If you're going to make passive-aggressive statements, just whip out your e-dick since you know you want to. I'm certain there are a lot of applications that need even more, but after seeing DDOS rip through everything and barely make a blip on the CPU of one of these guys, uhhh... i'm wondering where the punchline is. It could be you.


Dude... chill. You're gonna bust a forehead vein.
 
2013-08-10 12:07:49 AM  
$65 for standard shipping? Is it 100lbs or something?
 
2013-08-10 12:10:15 AM  
A Cisco ASA 5510 firewall, eh. I'll give you $20 for it. Best I can do.

/pawn star
 
2013-08-10 12:10:47 AM  

Tony_Pepperoni: $65 for standard shipping? Is it 100lbs or something?


It must think you're *really* far from Kentucky.  (I think it's closer to 25-30 lbs and I was just gonna do UPS ground.)
 
2013-08-10 12:11:05 AM  

BuckTurgidson: Does it come with a handle of Maker's?


And a lifetime Total Fark subscription?
 
2013-08-10 12:11:19 AM  
Guaranteed free of beer/bourbon stains

Not unless you cleaned it with a flamethrower.
 
2013-08-10 12:11:51 AM  
so is there any top secret fark data onthat sucker? Like drew's annual bourbon budget?
 
2013-08-10 12:13:12 AM  
Once it sells can they remove that yellow deal from the pages?
 
2013-08-10 12:14:59 AM  
 Have you cleaned out the Caturday fur from it?
 
2013-08-10 12:15:30 AM  

Tony_Pepperoni: $65 for standard shipping? Is it 100lbs or something?


When's the last time you shipped something at a UPS Store? I'm so farking pampered by having access to Amazon's corporate account, about $0.45 a pound, but last time I had to ship a 10 ounce package for my dad via UPS it was $19. fark, the item he was returning was $25, I should have just paid him off.

Of course, my average shipment to an Amazon warehouse is 200+ pounds. I think they describe is as "base load rate". As in, this is what it takes to run the whole system.
 
2013-08-10 12:18:55 AM  

Mike: /submitter, obviously


Cool - I've got some stuff I'm thinking about selling on ebay.  I wonder if Fark will greenlight a thread for them.

Maybe if I get imaginative enough.

/one Ronson lighter with US Coast Guard emblem.  It's theoretically possible that Marilyn Monroe once used this as a sex toy or the John F. Kennedy lit a joint with it.  It's not likely, but it's possible.
 
2013-08-10 12:23:31 AM  

redahle: Was that not included in the Buzzfeed deal?


Haha you browse mobile too? Fark be shillin!
 
2013-08-10 12:23:51 AM  
Any piece of equipment that so much of the Politics tab has flowed through is probably so clogged with derp that it will never function properly again.
 
2013-08-10 12:26:37 AM  
img.fark.net
 
2013-08-10 12:26:51 AM  
So Drew decided he doesn't need a firewall anymore, the innertubes are safe now?  Open season!
 
2013-08-10 12:28:45 AM  
I'll stick with my Check Point firewalls.
 
2013-08-10 12:30:18 AM  
Ditch Cisco, go pfSense!
/I'm biased
 
2013-08-10 12:32:17 AM  

gfid: Mike: /submitter, obviously

Cool - I've got some stuff I'm thinking about selling on ebay.  I wonder if Fark will greenlight a thread for them.

Maybe if I get imaginative enough.

/one Ronson lighter with US Coast Guard emblem.  It's theoretically possible that Marilyn Monroe once used this as a sex toy or the John F. Kennedy lit a joint with it.  It's not likely, but it's possible.


TAKE MY GODDAMNED MONEY
 
2013-08-10 12:36:08 AM  
Off to check the resale value of all the netgear switches we have in our equipment closet... Some of it isn't even plugged in.
 
2013-08-10 12:44:43 AM  
Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100)
 
2013-08-10 12:46:19 AM  

Seamer: Off to check the resale value of all the netgear switches we have in our equipment closet... Some of it isn't even plugged in.


Let's see 'em hack that!
 
2013-08-10 12:46:46 AM  
Nice, those are the same units we used for Bank of FSM, very solid.

For web apps I'm a big fan of Imperva, but they're not cheap.
 
2013-08-10 12:49:16 AM  
Whoa. Just think of all the attention whoring that's crossed that puppy.
 
2013-08-10 12:51:19 AM  
Well, I'll ask him, but I don't think he'll be very keen... Uh, he's already got one, you see?
 
2013-08-10 12:52:51 AM  
minimum bid $1,250.00?

$900 used on amazon.com

I suppose someone might consider the historical value
 
2013-08-10 12:55:25 AM  
I checked out the seller ID (24 items bought/sold) and the ratings were all 100% with tons of "great ebay buyer" feedback from some seller called "fleshlight1" so in general I would say this seller is pretty solid.
 
2013-08-10 12:57:59 AM  

Vlad_the_Inaner: $900 used on amazon.com


Probably without the IPS module.
 
2013-08-10 01:09:50 AM  
I just set up my web server today.  I turned on Windows Firewall.  Safe!
 
2013-08-10 01:11:13 AM  

Deveyn: Nice, those are the same units we used for Bank of FSM, very solid.

For web apps I'm a big fan of Imperva, but they're not cheap.


Cisco is beginning the EOL process for the standard ASA, in favor of the ASA-X series.

They are also wrapping IPS into the CX functionality (AKA NextGen Firewalls) in the next year.

Finally getting up to speed on deep inspection; competing with Palo Alto (who they attempted to buy - unsuccessfully).  They did just buy SourceFire, so expect to see something from that.

/Cisco geek
//don't work for Cisco
 
2013-08-10 01:14:28 AM  

deanayer: I checked out the seller ID (24 items bought/sold) and the ratings were all 100% with tons of "great ebay buyer" feedback from some seller called "fleshlight1" so in general I would say this seller is pretty solid.


free_candy_van.jpg
 
2013-08-10 01:27:31 AM  

cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100)


I'm tired out of my mind, babysitting software installs, and you just made me laugh harder than I've laughed all week. Thanks.
 
2013-08-10 01:34:06 AM  

Vlad_the_Inaner: minimum bid $1,250.00?

$900 used on amazon.com

I suppose someone might consider the historical value


The Security Plus license adds a good $250 to it at least.  Not sure if you'd need 20+ vLANs, let alone the ability to route among them, but there you go.

\Set up a lot of 5505s and 5510s in my day.
\\Mostly deal with Cisco and Fortinet.
\\\Now, if that was a 2960s or a 39xx I'd probably buy it...
 
2013-08-10 01:35:21 AM  

Kittypie070: gfid: Mike: /submitter, obviously

Cool - I've got some stuff I'm thinking about selling on ebay.  I wonder if Fark will greenlight a thread for them.

Maybe if I get imaginative enough.

/one Ronson lighter with US Coast Guard emblem.  It's theoretically possible that Marilyn Monroe once used this as a sex toy or the John F. Kennedy lit a joint with it.  It's not likely, but it's possible.

TAKE MY GODDAMNED MONEY


Oh I will.  I've got dozens of lighters, mostly Zippos and Ronsons, but a few no-name brands some of which might even be 100 years old.    Well to be fair, most are from the 1940s and later.  I used to collect them like some people collect baseball cards.  I'm not sure, but I think this US Coast Guard lighter might have come from ebay.  And that's really reaching to say that JFK might have lit a joint with it especially since JFK was in the Navy and not the Coast Guard.  And the only reason to think that Marilyn Monroe might have used it as a sex toy is because it's just old enough to have been around when she was still alive.

But maybe I should make up stories to help sell them anyway.  I've got a Zippo with a Marlboro logo that I'm pretty sure Francis Scott Key used to light his cigarettes as he was composing the Star Spangled Banner.  I'll talk to that Rick guy from Pawn Stars.   I'm pretty sure he has a buddy who knows a lot about lighters.

I know I won't get rich especially since I plan on keeping my most prized lighters.   I like the table lighters made in "Occupied Japan" and I spent $125 for a Zippo once.  WTF was I thinking?  Except for the logo on it, it's exactly the same as a Zippo made yesterday.  Or maybe not - 1955 steel must have been better- and there's always the possibility that a former president used it to light a joint
 
2013-08-10 01:39:06 AM  

deanayer: I checked out the seller ID (24 items bought/sold) and the ratings were all 100% with tons of "great ebay buyer" feedback from some seller called "fleshlight1" so in general I would say this seller is pretty solid.


imgs.xkcd.com

You can do this one in every 30 times and still have a 97% positive feedback.
 
2013-08-10 01:41:57 AM  

oh_please: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100)

I'm tired out of my mind, babysitting software installs, and you just made me laugh harder than I've laughed all week. Thanks.


Oh... I'm glad I made you laugh and I hope your night goes better.  :)  And... just for you... you can have the butt plug for $80.  :D
 
2013-08-10 01:48:07 AM  

cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100)

... $4 washed.
 
2013-08-10 01:50:16 AM  

BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.


Exactly.
 
2013-08-10 01:50:56 AM  
Installing dual f5's this very moment
 
2013-08-10 02:09:25 AM  

OgreMagi: No thank you.  I'm pushing for an F5.


Agreed. Especially for inbound traffic scenarios (i.e. site hosting, etc.).

For "conventional" firewall use cases, I'm partial to Palo Alto or Check Point.

/work for a network-security reseller...
 
2013-08-10 02:21:58 AM  
Just make sure you change the ssh private keys on your F5 gear :)
 
2013-08-10 02:25:44 AM  
Will it keep a Gibson safe from hacking?

/don't know what this thing is, and didn't read the thread.
//best fark user ever
 
2013-08-10 02:27:14 AM  
Ouch. A fark firewall has probably been ridden hard and put away wet.
 
2013-08-10 02:44:09 AM  
Hah! fark you! A decade ago I offered Fark a quad xeon when their server crashed, at the price I paid for it!


(shakes tiny fists) I *stilI* have that thing heating up my basement!
 
2013-08-10 02:52:13 AM  

eCurmudgeon: OgreMagi: No thank you.  I'm pushing for an F5.

Agreed. Especially for inbound traffic scenarios (i.e. site hosting, etc.).

For "conventional" firewall use cases, I'm partial to Palo Alto or Check Point.

/work for a network-security reseller...


You sound like a firewall noob: Someone that thinks a pretty UI means it's a better firewall.
 
2013-08-10 02:57:43 AM  
No deal without

cdn-www.i-am-bored.com
 
2013-08-10 03:04:45 AM  

cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.


Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.
 
2013-08-10 03:09:35 AM  

oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.


Nope. No washing. If I did, the butt plug loses its value. And let me assure you... once it is sold, the plug goes right from my butt strait to the FedX box.  :)
 
2013-08-10 03:11:17 AM  

oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.


Derp, that was the joke...I told you I was tired...
 
2013-08-10 03:14:05 AM  

Landis: Vlad_the_Inaner: minimum bid $1,250.00?

$900 used on amazon.com

I suppose someone might consider the historical value

The Security Plus license adds a good $250 to it at least.  Not sure if you'd need 20+ vLANs, let alone the ability to route among them, but there you go.

\Set up a lot of 5505s and 5510s in my day.
\\Mostly deal with Cisco and Fortinet.
\\\Now, if that was a 2960s or a 39xx I'd probably buy it...


The VLANs come in handy if you're:

A) Using VRFs or VRF-Lite on a small network and want your inter-VRF routing to be filtered or done on a firewall instead screwing around with route-leaking across VRFs. If you set up 5 VLANs on your ASA and map each of those VLANs on your switch to an SVI bound to a VRF, you configure OSPF/EIGRP for each address family to connect to your ASA. The ASA has all the route tables from all your VRFs, and thusly can route between them.

B) You are using your ASA in multicontext mode and/or combined with scenario A. You can burn through VLANs really fast with bridge groups for transparent contexts, or if you're adding lots of sub-interfaces to a routed context.

C) You have a single physical DMZ, but want to create logical zones to separate different types of servers and have their inter-zone traffic arbitrated by a stateful firewall.

D) You have no need for any of the above secure separations and you're using it as a router-on-a-stick... In which case you should be dragged into the town square and publicly executed in front of all the villagers to shame your family for not murdering you in your sleep when you first showed signs of retardation, as well as sacrificing you to the gods of good networking so your death may be: a) used as a warning to others to not be stupid, and b) to have the world's networking sins washed away with the blood of a retard.
 
2013-08-10 03:14:57 AM  

kruxdeux: Installing dual f5's this very moment


Glad to know we're well-loved. Didn't happen to get 2000s or 4000s did you?
 
2013-08-10 03:15:03 AM  

oh_please: oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.

Derp, that was the joke...I told you I was tired...


Tired, huh?  You might want to go to pay pal and buy my butt plug before its gone! :O
/jk. :P
 
2013-08-10 03:20:19 AM  

cowgirl toffee: oh_please: oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.

Derp, that was the joke...I told you I was tired...

Tired, huh?  You might want to go to pay pal and buy my butt plug before its gone! :O
/jk. :P


Wait a minute, are you sure there isn't some way I can email you my bank info? I don't really trust those PayPal folks.
 
2013-08-10 03:28:03 AM  

gadian: Ouch. A fark firewall has probably been ridden hard and put away wet.


Ridden wet & put away hard.
 
2013-08-10 03:28:26 AM  

oh_please: cowgirl toffee: oh_please: oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.

Derp, that was the joke...I told you I was tired...

Tired, huh?  You might want to go to pay pal and buy my butt plug before its gone! :O
/jk. :P

Wait a minute, are you sure there isn't some way I can email you my bank info? I don't really trust those PayPal folks.


Eh... just send a check.
 
2013-08-10 03:31:12 AM  
Mike I remember when you were posting individual sticks of RAM and almost no starting bids...

/slowly shuffles in to the lunchroom with his walker.
 
2013-08-10 03:32:39 AM  

Cubansaltyballs: You sound like a firewall noob: Someone that thinks a pretty UI means it's a better firewall.


Really? As opposed to...

www.troll.me
 
2013-08-10 03:36:47 AM  

eCurmudgeon: Cubansaltyballs: You sound like a firewall noob: Someone that thinks a pretty UI means it's a better firewall.

Really? As opposed to...


As opposed to someone who knows the UI of a firewall or any other piece of technology has f*ck-all to do with how 'good' it is. It's sort of like a kid who doesn't 'really' know what makes something good or bad, so they just default to the shiniest one.
 
2013-08-10 03:40:33 AM  
Not a bad deal for the ASA with the SSM card and SEC+ license. Worked on all flavors of firewalls for the last 10 years and Cisco and Juniper are definitely leading the field in the enterprise devices. SRX is juniper's saving grace because the netscreens are ok at best.  Checkpoint's UTM firewalls are JUNK and the Gaia bootloader is horrendous.

Cisco>Juniper>Checkpoint....Anything else is non enterprise crap that is only good for basic functions like NAT and Access-lists.

Just curious, Are you sticking with Cisco or moving on to SRX ?

/senior security engineer
 
2013-08-10 03:42:51 AM  

cowgirl toffee: oh_please: cowgirl toffee: oh_please: oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.

Derp, that was the joke...I told you I was tired...

Tired, huh?  You might want to go to pay pal and buy my butt plug before its gone! :O
/jk. :P

Wait a minute, are you sure there isn't some way I can email you my bank info? I don't really trust those PayPal folks.

Eh... just send a check.


Woah, woah, woah...You were promising a butt plug straight from your butt to a FedEx box. If I send a check, that's going to take a day or two to get to you, then take another day or so to clear. I'm doubting that you would actually hold a butt plug that long. Deal's off.
 
2013-08-10 03:45:18 AM  
Does it have any of Drew's skin cells or hair, preferably with intact follicles or other viable DNA samples?  I promise I will only clone him once.
 
2013-08-10 03:45:29 AM  
Cubansaltyballs As opposed to someone who knows the UI of a firewall or any other piece of technology has f*ck-all to do with how 'good' it is. It's sort of like a kid who doesn't 'really' know what makes something good or bad, so they just default to the shiniest one.

Than talk to it using the CLI, I don't care.

Personally, the only thing I use the web interface for is reporting and analytics more than configuration in any case...
 
2013-08-10 03:45:58 AM  

oh_please: cowgirl toffee: oh_please: cowgirl toffee: oh_please: oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.

Derp, that was the joke...I told you I was tired...

Tired, huh?  You might want to go to pay pal and buy my butt plug before its gone! :O
/jk. :P

Wait a minute, are you sure there isn't some way I can email you my bank info? I don't really trust those PayPal folks.

Eh... just send a check.

Woah, woah, woah...You were promising a butt plug straight from your butt to a FedEx box. If I send a check, that's going to take a day or two to get to you, then take another day or so to clear. I'm doubting that you would actually hold a butt plug that long. Deal's off.


I'm telling ya... you have a good deal... and it is firmly secured. :P
 
2013-08-10 03:53:34 AM  

cowgirl toffee: oh_please: cowgirl toffee: oh_please: cowgirl toffee: oh_please: oh_please: cowgirl toffee: BuckTurgidson: cowgirl toffee: Oh... speaking of such... I have a used butt plug for sale if anyone wants it.  ($100) ... $4 washed.

Exactly.

Well, hell, if you're gonna wash it, deal's off. You just lost yourself 80 bucks.

Derp, that was the joke...I told you I was tired...

Tired, huh?  You might want to go to pay pal and buy my butt plug before its gone! :O
/jk. :P

Wait a minute, are you sure there isn't some way I can email you my bank info? I don't really trust those PayPal folks.

Eh... just send a check.

Woah, woah, woah...You were promising a butt plug straight from your butt to a FedEx box. If I send a check, that's going to take a day or two to get to you, then take another day or so to clear. I'm doubting that you would actually hold a butt plug that long. Deal's off.

I'm telling ya... you have a good deal... and it is firmly secured. :P


OK, you win, just because the people I'm working with are starting to wonder what I'm giggling about, and it's probably not a good idea to show them this thread. Two thumbs up and a butt plug for you!
 
2013-08-10 03:56:05 AM  

eCurmudgeon: Cubansaltyballs As opposed to someone who knows the UI of a firewall or any other piece of technology has f*ck-all to do with how 'good' it is. It's sort of like a kid who doesn't 'really' know what makes something good or bad, so they just default to the shiniest one.

Than talk to it using the CLI, I don't care.

Personally, the only thing I use the web interface for is reporting and analytics more than configuration in any case...


Which is the point... PANs and checkpoint are just not very good firewalls. Whenever you see them in use, it's a clear sign someone didn't know sh*t about firewalls and bought the one with the shiny UI.

No serious enterprise with serious and experienced engineers uses PAN for anything that matters, like perimeter defense. They usually use it to monitor traffic, so when one of its processes explodes (and it will, fairly regularly), systems won't go offline. Or, they might use it to segment an internal zone, like a lab from staging, etc.

Seriously, seeing a PAN or Checkpoint is like seeing a grown man playing tee-ball and looking proud that he hit the ball... It's just sad. Also, no real engineer will have any modicum of respect for you. In short, buy a real f*cking firewall and stay away from the kid stuff.
 
2013-08-10 04:01:37 AM  

Cubansaltyballs: Which is the point... PANs and checkpoint are just not very good firewalls. Whenever you see them in use, it's a clear sign someone didn't know sh*t about firewalls and bought the one with the shiny UI.

No serious enterprise with serious and experienced engineers uses PAN for anything that matters, like perimeter defense. They usually use it to monitor traffic, so when one of its processes explodes (and it will, fairly regularly), systems won't go offline. Or, they might use it to segment an internal zone, like a lab from staging, etc.

Seriously, seeing a PAN or Checkpoint is like seeing a grown man playing tee-ball and looking proud that he hit the ball... It's just sad. Also, no real engineer will have any modicum of respect for you. In short, buy a real f*cking firewall and stay away from the kid stuff.


And now you've piqued my curiosity. "[S]erious and experienced engineers" run what? Cisco? Juniper? F5? A10? Custom Linux/BSD networking code?

/not trying to start a fight - suspect we're talking about completely different use cases...
 
2013-08-10 04:12:52 AM  

eCurmudgeon: Cubansaltyballs: Which is the point... PANs and checkpoint are just not very good firewalls. Whenever you see them in use, it's a clear sign someone didn't know sh*t about firewalls and bought the one with the shiny UI.

No serious enterprise with serious and experienced engineers uses PAN for anything that matters, like perimeter defense. They usually use it to monitor traffic, so when one of its processes explodes (and it will, fairly regularly), systems won't go offline. Or, they might use it to segment an internal zone, like a lab from staging, etc.

Seriously, seeing a PAN or Checkpoint is like seeing a grown man playing tee-ball and looking proud that he hit the ball... It's just sad. Also, no real engineer will have any modicum of respect for you. In short, buy a real f*cking firewall and stay away from the kid stuff.

And now you've piqued my curiosity. "[S]erious and experienced engineers" run what? Cisco? Juniper? F5? A10? Custom Linux/BSD networking code?

/not trying to start a fight - suspect we're talking about completely different use cases...


The run ASAs and SRXs to do your basic port-filtering/NAT.

When you get into app inspection, usually a separate L7 device like a Big IP ASM or Akamai Kona. Some of that stuff can be done on an SRX, but it really hammers the performance at high speeds. The ASA will do it, but it's clunky and limited in functionality.
 
2013-08-10 04:13:00 AM  
True shops run Cisco and Juniper and the engineers have never seen the GUI
 
2013-08-10 04:21:44 AM  
Cisco ASA? No thanks. Now when they roll out -- and hopefully don't trample -- the Sourcefire IPS/IDS technology in that box, I'll toss some money down.
 
2013-08-10 04:32:41 AM  

Cubansaltyballs: The run ASAs and SRXs to do your basic port-filtering/NAT.

When you get into app inspection, usually a separate L7 device like a Big IP ASM or Akamai Kona. Some of that stuff can be done on an SRX, but it really hammers the performance at high speeds. The ASA will do it, but it's clunky and limited in functionality.


OK... Now we're getting somewhere.

For Internet to DMZ traffic (i.e. external-facing web sites, services, etc.) I'll concur with BIG-IP ASM. For internal to outbound traffic, especially in enterprise environments, it gets a bit more complex. Most of the traffic is going to be TCP/80 and TCP/443, which means having at least some degree of layer-7 inspection is desirable. Also, the ability to integrate with Active Directory and have user-based policies is often important as well. (A lot of customers ask about DLP, and while PAN's "Content-ID" features are, well, OK, I would not recommend them as any sort of replacement for a real DLP solution).

So, it gets into the camps of separate devices for packet filtering/NAT vs. L7 versus having unified Palo Alto or later-generation Check Point enterprise devices. I've seen different places use both approaches successfully.

The UI issue is a red herring. I actually like PAN's web UI for reporting/analytics as well as for quick configuration changes. Check Point's SmartCenter has its share of fans. I've used CLI when it makes sense.

I wish I could give a better answer than "it depends", but it, well, depends...
 
2013-08-10 04:41:57 AM  

eCurmudgeon: Cubansaltyballs: The run ASAs and SRXs to do your basic port-filtering/NAT.

When you get into app inspection, usually a separate L7 device like a Big IP ASM or Akamai Kona. Some of that stuff can be done on an SRX, but it really hammers the performance at high speeds. The ASA will do it, but it's clunky and limited in functionality.

OK... Now we're getting somewhere.

For Internet to DMZ traffic (i.e. external-facing web sites, services, etc.) I'll concur with BIG-IP ASM. For internal to outbound traffic, especially in enterprise environments, it gets a bit more complex. Most of the traffic is going to be TCP/80 and TCP/443, which means having at least some degree of layer-7 inspection is desirable. Also, the ability to integrate with Active Directory and have user-based policies is often important as well. (A lot of customers ask about DLP, and while PAN's "Content-ID" features are, well, OK, I would not recommend them as any sort of replacement for a real DLP solution).

So, it gets into the camps of separate devices for packet filtering/NAT vs. L7 versus having unified Palo Alto or later-generation Check Point enterprise devices. I've seen different places use both approaches successfully.

The UI issue is a red herring. I actually like PAN's web UI for reporting/analytics as well as for quick configuration changes. Check Point's SmartCenter has its share of fans. I've used CLI when it makes sense.

I wish I could give a better answer than "it depends", but it, well, depends...


You sound like a pre-sales engineer...

A lot of inbound traffic has no AD to bind a traffic polic to, so that does jack sh*t for ingress traffic. It does have some applications for separating internal zones, but also has limitations... If the pan can't enumerate AD for any reason, it usually won't know what to do with the traffic.

Also, anyone trying to do L2-L7 filtering on the same box is ignorant or willfully ignorant of how software is actually made, especially at start-ups.

Honestly,I've only seen customers ask about that stuff because they're conditioned by sales/pre-sales people who act like all that stuff is relevant by just repeating buzzwords and marketing verbiage to sell a product... The larger the gp or spiff, the more of the marketing jargon gets repeated.

Honestly, these products are really good for retiring quota, and that's about it.
 
2013-08-10 04:57:38 AM  

Cubansaltyballs: You sound like a pre-sales engineer...

A lot of inbound traffic has no AD to bind a traffic polic to, so that does jack sh*t for ingress traffic. It does have some applications for separating internal zones, but also has limitations... If the pan can't enumerate AD for any reason, it usually won't know what to do with the traffic.

Also, anyone trying to do L2-L7 filtering on the same box is ignorant or willfully ignorant of how software is actually made, especially at

start-ups.

Honestly,I've only seen customers ask about that stuff because they're conditioned by sales/pre-sales people who act like all that stuff is relevant by just repeating buzzwords and marketing verbiage to sell a product... The larger the gp or spiff, the more of the marketing jargon gets repeated.

Honestly, these products are really good for retiring quota, and that's about it.


I'll plead "sorta guilty" here, as I do some pre-sales, but it isn't my primary job.

Again, inbound traffic is a completely different use case, and I would typically recommend different gear (i.e. F5).

As to the separate vs. unified argument, I've dealt with companies that did some rather elaborate bake-offs between different vendors and ultimately selected one of the "poseur vendors" and have been pretty happy with it. So it's hard to say they were conditioned by which vendor had the prettiest UI or took them to the best strip club during the sales cycle...

/again, your mileage will vary. Not valid in all 50 states.
//going to bed...
 
2013-08-10 05:01:18 AM  
...
 
2013-08-10 05:07:06 AM  
So uh.... how do I connect it to my computer?

Does it come with a remote and free lifetime technical support?

/Acting like the retards who I have to deal with on a daily basis at my job.
//Good luck with the sale!
 
2013-08-10 06:33:06 AM  
Wow, the Plug tag used for its original purpose =)
 
2013-08-10 06:35:56 AM  
Go to the bid page & ask a question - that's as close as we'll get to a greenlight
 
2013-08-10 07:04:02 AM  
Geez. We have a geek-dick-waving contest.

:My FW's better than your FW.
 
2013-08-10 07:32:27 AM  

Mike: /submitter, obviously


I'll take it.  Not for THAT price obviously, it's second hand and heavily abused and being sold by an alcoholic so who knows if it even works of if the box that arrives will have this or a tuna sandwich in it.  I'll give you a months TF instead and a picture of my cats ass with lipstick on it that's only slightly soiled.  Deal?
 
2013-08-10 07:36:47 AM  
I really like my Sonicwall 2400 - but I mostly make use of it for the content filtering. The IPS on it is kinda weak, and the interface is annoying.
 
2013-08-10 08:26:17 AM  
kruxdeux  >>    Installing dual f5's this very moment

ArtemisGoldfish > Glad to know we're well-loved. Didn't happen to get 2000s or 4000s did you?

For extremely small values of "well-loved", I guess.  I will never ever buy anything from F5 again and encourage other folks to do likewise.  See, I once worked for a company that had a fleet of BigIP 6800s. They had a little problem with underrrated (400w vs. 425w) power supplies that kept croaking on us... only problem is that the power supply MIB not telling us when the first one died and it was only when the second one started getting flakey and we started getting watchdog resets (and the box rebooting non-stop) that we'd know to replace 'em.  Search the F5 knowledge base for "sol8001" and read between the lines.  This is the tip of the iceberg.

That wasn't the worst part though.  It was the horrible (much worse than the local cable company) experience of dealing with their tech support organization.  They tried to welsh on supporting the devices we'd shipped to our facility in Hong Kong, claiming that they'd only ship the replacement power supplies to the site of original purchase and that shipping and importation were on us, and that they had to charge us full price for the power supplies.  I finally forced the issue after several days' escalation and getting our legal department involved.  When I found out that their AsiaPac support depot was LITERALLY WALKING DISTANCE (3km) from our Hong Kong datacenter, you can imagine what I thought of them.

F---- technology company, would not buy again.  And neither should you.
 
gja [TotalFark]
2013-08-10 08:55:20 AM  
Pfffft. No WONDER Fark.com loads slow sometime.
C'mon Mike old boy.
Get some real-deal throughput.

a248.e.akamai.net
 
2013-08-10 09:16:25 AM  

Fista-Phobia: ...


^ this.
 
2013-08-10 09:30:21 AM  

gja: Pfffft. No WONDER Fark.com loads slow sometime.
C'mon Mike old boy.
Get some real-deal throughput.

[a248.e.akamai.net image 500x255]


Does Fark actually need that kind of throughput though?  Sure every once in a while it's traffic goes through the roof (9/11, some other disaster) but doesn't seem worth going out of your way to cater to a statistical anomaly in your usage.
 
2013-08-10 09:34:18 AM  
So, vodak stains then?
 
2013-08-10 09:38:31 AM  

SpaceBison: [img.fark.net image 640x480]


That's why I'm only offering a months TF subscription and a cat-ass picture.  When Fark goes down we get a text that says quite clearly "We spilt beer on the server again" the important word here is AGAIN, when you combine that knowledge with this picture of one of the Fark staff clearly passed out on a floor (it doesn't look like the flooring of any data centre I've been in, more like a kitchen) surrounded by booze AND the imminent liquid ingress in to the machines chassis... well...

I think I'll reduce my offer to just the slightly soiled cat ass picture as frankly we can already tell for certain that the item in question:

1) Hasn't been kept in a climate controlled environment.
2) Hasn't been properly maintained.
3) Potentially has liquid damage.
4) Is being sold by an obvious alcoholic which means it's unlikely to ever arrive as all the money will be spent on booze not shipping.

I honestly don't think he's going to get a better deal than the cat ass picture when you consider how beaten up this piece of kit may be.
 
2013-08-10 09:44:03 AM  
So what did you bump up to?  ASA5520?  the 5540 or 5580?  If it's the 5580 it's pretty overkill, but if you're willing to verify a few parts inside, you can possibly beef that farker up beyond reason.
 
gja [TotalFark]
2013-08-10 09:48:18 AM  

Vaneshi: gja: Pfffft. No WONDER Fark.com loads slow sometime.
C'mon Mike old boy.
Get some real-deal throughput.

[a248.e.akamai.net image 500x255]

Does Fark actually need that kind of throughput though?  Sure every once in a while it's traffic goes through the roof (9/11, some other disaster) but doesn't seem worth going out of your way to cater to a statistical anomaly in your usage.


Web farm with mirrors, FTW.
Also, you don't buy the ISG series for just the thoughtput, it's for the reliability and ability to deal with single component failures w/o going offline.
 
2013-08-10 10:50:46 AM  

Cubansaltyballs: Landis: Vlad_the_Inaner: minimum bid $1,250.00?

$900 used on amazon.com

I suppose someone might consider the historical value

The Security Plus license adds a good $250 to it at least.  Not sure if you'd need 20+ vLANs, let alone the ability to route among them, but there you go.

\Set up a lot of 5505s and 5510s in my day.
\\Mostly deal with Cisco and Fortinet.
\\\Now, if that was a 2960s or a 39xx I'd probably buy it...

The VLANs come in handy if you're:

A) Using VRFs or VRF-Lite on a small network and want your inter-VRF routing to be filtered or done on a firewall instead screwing around with route-leaking across VRFs. If you set up 5 VLANs on your ASA and map each of those VLANs on your switch to an SVI bound to a VRF, you configure OSPF/EIGRP for each address family to connect to your ASA. The ASA has all the route tables from all your VRFs, and thusly can route between them.

B) You are using your ASA in multicontext mode and/or combined with scenario A. You can burn through VLANs really fast with bridge groups for transparent contexts, or if you're adding lots of sub-interfaces to a routed context.

C) You have a single physical DMZ, but want to create logical zones to separate different types of servers and have their inter-zone traffic arbitrated by a stateful firewall.

D) You have no need for any of the above secure separations and you're using it as a router-on-a-stick... In which case you should be dragged into the town square and publicly executed in front of all the villagers to shame your family for not murdering you in your sleep when you first showed signs of retardation, as well as sacrificing you to the gods of good networking so your death may be: a) used as a warning to others to not be stupid, and b) to have the world's networking sins washed away with the blood of a retard.


This is all very true, and 'D' made my morning.  Most of my clients aren't large enough to need more than 5 vLANs, though I've had a couple in the 11-12 range.  Even then, some of those are for NFS and iSCSI traffic, so they never reach the firewall; they just kind of stop at the switch.  Which then brings us to the question of why wouldn't you just let the firewall be a firewall and move your routing to a nice, hefty layer 3 switch instead?

CSB time:
We once (about three years ago) had a client who managed to used 20 vLANs internally.  Some were for VPLs, some were storage, most were regular old traffic segmented by functional group and/or department, and, of course, the 1 public-facing vLAN.  It was all very secure at first; different security levels, limited routing between the vLANs, and strict ACLs.  The customer then gets acquired one day and proceeds to demand that we set the security level on all of the vLANs (except public) to 75 and configure them to cross-talk freely.  I looked at him in a meeting and asked why he even bothered with vLANs and multiple subnets when it was obvious what he wanted was a /16 in a single broadcast domain.
/CSB

\Off to research F5 firewalls...  I thought they mostly made load-balancers.
 
2013-08-10 11:08:32 AM  
gja:
Web farm with mirrors, FTW.
Also, you don't buy the ISG series for just the thoughtput, it's for the reliability and ability to deal with single component failures w/o going offline.


All things being equal I think a hot standby for the database machine would serve them better.
 
2013-08-10 11:28:53 AM  
Guaranteed free of beer/bourbon stains

No beer or bourbon, but smells like farts.

/they kept the one that smelled like pussy.
 
2013-08-10 11:35:53 AM  

Cubansaltyballs: eCurmudgeon: .../work for a network-security reseller...

You sound like a firewall noob: Someone that thinks a pretty UI means it's a better firewall.


Youse kids!  In MY day we wrote our firewall rules by hand at the command line and got all of our latest technical information from the firewalls majordomo email list.

//Get offa my LAN!
 
2013-08-10 11:57:27 AM  

sharphead: So uh.... how do I connect it to my computer?

Does it come with a remote and free lifetime technical support?


Is it PC compatible?

Does it have HDMI?
 
2013-08-10 12:39:44 PM  
I think there's a network person in this thread that has an over-inflated sense of importance.

I have the F5 LTMs and several 5500 series Cisco appliances. They both work well. Don't know much about the F5 FW offering. The Juniper gear seems solid too, though I must admit my knowledge of the NetScreen and the MX series switches is rather limited.

The CheckPoint FWs I exposed to 15 or so years ago, they were not very good. They tended to have some very ugly exploits that would spit back quite a bit of juicy information. Since then I've never looked at them again.

I use the Cisco stuff primarily because of two reasons. 1) I'm extremely familiar with the CLI and can be very productive with it and 2) because there is an arse-ton of information about the devices out there if I need help. Which is good because Cisco's TAC can be spotty (that's being nice) at times.
 
gja [TotalFark]
2013-08-10 12:51:08 PM  

Thorazine: Cisco's TAC can be spotty (that's being nice) at times


NICE? You are a frikking diplomat of global proportions. TAC is a portal-O-pain in many instances.
My only reason for putting up the ISG pic is its ability to have critical stuff hot-swapped w/o going offline or into 'limp-along' mode.
Also, the IDS/IDP proc's are awesome and very easy to back-end to 3rd party s/w products.
 
2013-08-10 01:01:01 PM  
Anyone who goes for an SRX needs their head examining. We're Juniper partners and have been selling them since they came out. Our sales guys sold them on the throughput/price combo, and customers lapped then up, then returned them in droves. There's a reason why juniper stopped selling them as firewalls for a period and was selling them as secure routers. Awful pieces of crap. I'm Checkpoint and F5 all the way, though I'm not a fan of this new "do everything in one box". Let firewalls firewall, proxies proxy and IPS's IPS. I've done a lot of projects lately where I've had to convert bluecoat proxy policies to Checkpoint URL filtering, then having to explain to clients why it won't do exactly the same as a device designed as a proxy. /don't even get me started on McAfee Sidewinder//multi vendor, multi skin is the way to go (and not just because it means more consultancy for me)
 
2013-08-10 01:07:30 PM  
If it works as well as your moderators, can you tell me what the difference is between it and a cat5 bridge cable?
 
2013-08-10 01:20:55 PM  

Day_Old_Dutchie: Geez. We have a geek-dick-waving contest.


Well yeah, but I kinda expected that.
 
2013-08-10 01:32:10 PM  

Day_Old_Dutchie: Geez. We have a geek-dick-waving contest.

:My FW's better than your FW.


Waving?

/showing, maybe
 
2013-08-10 01:54:57 PM  
Meh.  I've always hated the ASA line of products.  They're way too complicated to set up.  I'm not a Cisco guy, but I have taken a couple CCNA classes and can fumble around the command line.  The ASA has a GUI that works for about 1/2 of the stuff.  The other 1/2 just doesn't work like it's supposed to.  A call to Cisco support usually ended in "oh, that doesn't work in the GUI.  you gotta do the command line".  Um, how about if you fix your GUI?  Seemingly simple stuff I could never get working.  Stuff that would take about 10 seconds to do on a cheap crappy Linksys router.  I have had support calls last 6+ hours, and got transferred to techs in other time zones to keep the call going.  We also had to reboot that crappy ASA at least once a week when random shiat stopped working.  I have had extremely good luck with the Checkpoint Safe@Office line.  It's a web-based GUI that actually works.  It does everything most places would ever want to do, and does have a command line if you need to get really crazy with a workaround.  It also never ever ever ever needs a reboot.  As easy as a Linksys to configure.  Easier than Sonicwall by far.
 
2013-08-10 03:01:59 PM  

Thorazine: I think there's a network person in this thread that has an over-inflated sense of importance.


Think maybe he's hanging out here because he got tired of people kicking sand in his face over at Slashdot?
 
2013-08-10 03:02:39 PM  

Mr. Eugenides: Folks should read this before bidding.


Is that a technical requirement (product will not function without it) in addition to a licensing requirement or just a licensing requirement?
 
2013-08-10 03:11:42 PM  
Does it have slats?
 
2013-08-10 03:19:50 PM  

HoratioGates: Does it have slats?


Dozens along the front edge.  With very thin gaps between. Do not use an ASA as a chair, you will need help soonish.
 
2013-08-10 03:33:05 PM  
I also guarantee I've never sat on it or had anything stuck in it, or mistaken it for a street light.
 
2013-08-10 03:38:52 PM  
(I can also guarantee it handled IPv6 quite well for years.  Like it or not, that does matter.)
 
2013-08-10 04:03:50 PM  

Mike: (I can also guarantee it handled IPv6 quite well for years.  Like it or not, that does matter.)


Did you add more memory to make it ASA v.9.x capable?
 
2013-08-10 04:22:10 PM  

Cubansaltyballs: Did you add more memory to make it ASA v.9.x capable?


Yeah, "show version" output is in the auction listing.
 
2013-08-10 04:33:36 PM  

Mike: Cubansaltyballs: Did you add more memory to make it ASA v.9.x capable?

Yeah, "show version" output is in the auction listing.


TLDR
 
2013-08-10 05:05:03 PM  

tenpoundsofcheese: honestly disclose the operating environment this thing was in


Here ya go
 
2013-08-10 05:58:25 PM  

deeeznutz: Cisco>Juniper>Checkpoint....Anything else is non enterprise crap that is only good for basic functions like NAT and Access-lists


Snort
 
2013-08-10 06:02:09 PM  
0 bidders?

You'll get over it.
 
2013-08-10 07:50:56 PM  

dirtyeffinhippie: Meh.  I've always hated the ASA line of products.  They're way too complicated to set up.  I'm not a Cisco guy, but I have taken a couple CCNA classes and can fumble around the command line.  The ASA has a GUI that works for about 1/2 of the stuff.  The other 1/2 just doesn't work like it's supposed to.  A call to Cisco support usually ended in "oh, that doesn't work in the GUI.  you gotta do the command line".  Um, how about if you fix your GUI?  Seemingly simple stuff I could never get working.  Stuff that would take about 10 seconds to do on a cheap crappy Linksys router.  I have had support calls last 6+ hours, and got transferred to techs in other time zones to keep the call going.  We also had to reboot that crappy ASA at least once a week when random shiat stopped working.  I have had extremely good luck with the Checkpoint Safe@Office line.  It's a web-based GUI that actually works.  It does everything most places would ever want to do, and does have a command line if you need to get really crazy with a workaround.  It also never ever ever ever needs a reboot.  As easy as a Linksys to configure.  Easier than Sonicwall by far.


The ASA GUI was developped by the marketing dept. To cater to IT directors who don't understand technology.

As you said, not everything works via the GUI, and once you start adding stuff via the CLI, you run the risk of having the GUI not understand and ignore it, or worse, overwrite it.

Learn the CLI for configuration, and if you have the uncontrollable urge to use the GUI, only do so to view the performance stats.
 
2013-08-10 08:00:41 PM  

Landis: Cubansaltyballs: Landis: Vlad_the_Inaner: minimum bid $1,250.00?

$900 used on amazon.com

I suppose someone might consider the historical value

The Security Plus license adds a good $250 to it at least.  Not sure if you'd need 20+ vLANs, let alone the ability to route among them, but there you go.

\Set up a lot of 5505s and 5510s in my day.
\\Mostly deal with Cisco and Fortinet.
\\\Now, if that was a 2960s or a 39xx I'd probably buy it...

The VLANs come in handy if you're:

A) Using VRFs or VRF-Lite on a small network and want your inter-VRF routing to be filtered or done on a firewall instead screwing around with route-leaking across VRFs. If you set up 5 VLANs on your ASA and map each of those VLANs on your switch to an SVI bound to a VRF, you configure OSPF/EIGRP for each address family to connect to your ASA. The ASA has all the route tables from all your VRFs, and thusly can route between them.

B) You are using your ASA in multicontext mode and/or combined with scenario A. You can burn through VLANs really fast with bridge groups for transparent contexts, or if you're adding lots of sub-interfaces to a routed context.

C) You have a single physical DMZ, but want to create logical zones to separate different types of servers and have their inter-zone traffic arbitrated by a stateful firewall.

D) You have no need for any of the above secure separations and you're using it as a router-on-a-stick... In which case you should be dragged into the town square and publicly executed in front of all the villagers to shame your family for not murdering you in your sleep when you first showed signs of retardation, as well as sacrificing you to the gods of good networking so your death may be: a) used as a warning to others to not be stupid, and b) to have the world's networking sins washed away with the blood of a retard.

This is all very true, and 'D' made my morning.  Most of my clients aren't large enough to need more than 5 vLANs, though I've had a couple in the 11-12 range.  Even then, some of those are for NFS and iSCSI traffic, so they never reach the firewall; they just kind of stop at the switch.  Which then brings us to the question of why wouldn't you just let the firewall be a firewall and move your routing to a nice, hefty layer 3 switch instead?

CSB time:
We once (about three years ago) had a client who managed to used 20 vLANs internally.  Some were for VPLs, some were storage, most were regular old traffic segmented by functional group and/or department, and, of course, the 1 public-facing vLAN.  It was all very secure at first; different security levels, limited routing between the vLANs, and strict ACLs.  The customer then gets acquired one day and proceeds to demand that we set the security level on all of the vLANs (except public) to 75 and configure them to cross-talk freely.  I looked at him in a meeting and asked why he even bothered with vLANs and multiple subnets when it was obvious what he wanted was a /16 in a single broadcast domain.
/CSB

\Off to research F5 firewalls...  I thought they mostly made load-balancers.


Mobile Fark sucks as far as quoting goes, so I'm really answering this:

"Which then brings us to the question of why wouldn't you just let the firewall be a firewall and move your routing to a nice, hefty layer 3 switch instead?"

Because he needs to filter between the various vlans. For example, various 3rd party networks that you want to isolate from each other.
 
2013-08-10 11:45:33 PM  
I am no eBay expert, but if you have the kind of exposure that other sellers would kill for, why not start low and let the market do its magic? The risk of it selling for substantially less than market value should have been very manageable.
 
2013-08-11 01:12:43 AM  

deeeznutz: Cisco>Juniper>Checkpoint


Junos > CiscoIOS.

/ftfy
 
2013-08-11 01:15:04 AM  

Myria: Wow, the Plug tag used for its original purpose =)


Literally AND figuratively!
 
2013-08-11 02:02:24 AM  

etherknot: Myria: Wow, the Plug tag used for its original purpose =)

Literally AND figuratively!


That's just how I roll, mang.
 
Displayed 137 of 137 comments

View Voting Results: Smartest and Funniest


This thread is closed to new comments.

Continue Farking
Submit a Link »
On Twitter





In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report