BGP and Firewalls...
David
david at davidswafford.com
Fri Dec 9 16:05:41 UTC 2011
SSL interception was the most painful -- PaloAlto finally confirmed it as a bug in 3.1.9, havnt upgraded yet. it basicall eats ssl traffic sporadically.
had another issue during go-live where a "commit" caused the box to crash (3.1.9)
and anothere during that same week where a malformed ssl packet crashed the dataplane.
all cases involved significant interruptions because most did not trigger ha-related failovers. palo also support was extremely slow in all cases weve had and from that perspective alone i would not put all of my eggs into it. great box for web filtering from a feature perspective, but my bluecoats were much more stabile in their 4 yr life than the first 2weeks on our 2050s
david.
Sent from an email server.
On Dec 8, 2011, at 10:11 AM, "Gregory Croft" <gcroft at shoremortgage.com> wrote:
> What kind of Bugs are you running into?
> I have two PA500's at the moment and haven't really had any issues with
> web filtering.
>
>
>
> Thank you,
> Gregory S. Croft
>
> -----Original Message-----
> From: David [mailto:david at davidswafford.com]
> Sent: Thursday, December 08, 2011 9:50 AM
> To: Gregory Croft
> Cc: <nanog at nanog.org>
> Subject: Re: BGP and Firewalls...
>
> I wouldn't do it. We have 8 x PA-2050s and run into a lot of wierd
> bugs.... (just doing web filtering)
>
> David
>
> Sent from an email server.
>
> On Dec 7, 2011, at 12:31 PM, "Gregory Croft" <gcroft at shoremortgage.com>
> wrote:
>
>> Hi All,
>>
>>
>>
>> Does anyone have any experience with using firewalls as edge devices
>> when BGP is concerned?
>>
>> Specifically the Palo Alto series of devices.
>>
>>
>>
>> If so please contact me off list.
>>
>>
>>
>> Thank you.
>>
>>
>>
>>
>>
>> Thank you,
>>
>> Gregory S. Croft
>>
>>
>>
>>
>>
More information about the NANOG
mailing list