[177838] in North American Network Operators' Group
RE: Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Darden, Patrick)
Fri Feb 6 11:50:46 2015
X-Original-To: nanog@nanog.org
From: "Darden, Patrick" <Patrick.Darden@p66.com>
To: Colin Johnston <colinj@gt86car.org.uk>
Date: Fri, 6 Feb 2015 16:47:29 +0000
In-Reply-To: <D174E7B1-51E8-479F-BD1A-C23BE06E9BC7@gt86car.org.uk>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Auto-Update can cause problems. I take the stance that updates should be v=
erified in a CERT or ISO first, before being operationalized.
--p
-----Original Message-----
From: Colin Johnston [mailto:colinj@gt86car.org.uk]=20
Sent: Friday, February 06, 2015 10:46 AM
To: Darden, Patrick
Cc: Colin Johnston; Roland Dobbins; nanog@nanog.org
Subject: [EXTERNAL]Re: Checkpoint IPS
Yes, update can cause problems, same as router code updates as well.
but update is price of progress.
Col
> On 6 Feb 2015, at 16:44, Darden, Patrick <Patrick.Darden@p66.com> wrote:
>=20
>=20
> Sorry, didn't mean to imply otherwise. Had an incident back in ~2004 whe=
re an IPS signature update closed ALL network traffic. Including fix-it up=
dates. Definitely a case where the IPS caused major difficulties for a net=
work.
>=20
> --p
>=20
> -----Original Message-----
> From: Colin Johnston [mailto:colinj@gt86car.org.uk]=20
> Sent: Friday, February 06, 2015 10:32 AM
> To: Darden, Patrick
> Cc: Colin Johnston; Roland Dobbins; nanog@nanog.org
> Subject: [EXTERNAL]Re: Checkpoint IPS
>=20
> Thought I would add
>=20
> Astaro IPS works great, great functionality and does prevent ddos and exp=
loits.
>=20
> Colin
>=20
