[147402] in North American Network Operators' Group
Re: BGP and Firewalls...
daemon@ATHENA.MIT.EDU (David)
Fri Dec 9 11:07:42 2011
In-Reply-To: <1F4D60B00DE5FB42AD4BB2BC06DC309220756375@mail.shoremortgage.com>
From: David <david@davidswafford.com>
Date: Fri, 9 Dec 2011 11:05:41 -0500
To: Gregory Croft <gcroft@shoremortgage.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
SSL interception was the most painful -- PaloAlto finally confirmed it as a b=
ug in 3.1.9, havnt upgraded yet. it basicall eats ssl traffic sporadically.=
had another issue during go-live where a "commit" caused the box to crash (3=
.1.9)
and anothere during that same week where a malformed ssl packet crashed the d=
ataplane.
all cases involved significant interruptions because most did not trigger ha=
-related failovers. palo also support was extremely slow in all cases weve h=
ad and from that perspective alone i would not put all of my eggs into it. g=
reat box for web filtering from a feature perspective, but my bluecoats were=
much more stabile in their 4 yr life than the first 2weeks on our 2050s
david.
Sent from an email server.
On Dec 8, 2011, at 10:11 AM, "Gregory Croft" <gcroft@shoremortgage.com> wrot=
e:
> What kind of Bugs are you running into?=20
> I have two PA500's at the moment and haven't really had any issues with
> web filtering.=20
>=20
>=20
>=20
> Thank you,=20
> Gregory S. Croft=20
>=20
> -----Original Message-----
> From: David [mailto:david@davidswafford.com]=20
> Sent: Thursday, December 08, 2011 9:50 AM
> To: Gregory Croft
> Cc: <nanog@nanog.org>
> Subject: Re: BGP and Firewalls...
>=20
> I wouldn't do it. We have 8 x PA-2050s and run into a lot of wierd
> bugs.... (just doing web filtering)
>=20
> David
>=20
> Sent from an email server.
>=20
> On Dec 7, 2011, at 12:31 PM, "Gregory Croft" <gcroft@shoremortgage.com>
> wrote:
>=20
>> Hi All,
>>=20
>>=20
>>=20
>> Does anyone have any experience with using firewalls as edge devices=20
>> when BGP is concerned?
>>=20
>> Specifically the Palo Alto series of devices.=20
>>=20
>>=20
>>=20
>> If so please contact me off list.=20
>>=20
>>=20
>>=20
>> Thank you.=20
>>=20
>>=20
>>=20
>>=20
>>=20
>> Thank you,
>>=20
>> Gregory S. Croft
>>=20
>>=20
>>=20
>>=20
>>=20
