SSL interception was the most painful -- PaloAlto finally confirmed it as a bug in 3.1.9, havnt upgraded yet. it basicall eats ssl traffic sporadically. had another issue during go-live where a "commit" caused the box to crash (3.1.9) and anothere during that same week where a malformed ssl packet crashed the dataplane. all cases involved significant interruptions because most did not trigger ha-related failovers. palo also support was extremely slow in all cases weve had and from that perspective alone i would not put all of my eggs into it. great box for web filtering from a feature perspective, but my bluecoats were much more stabile in their 4 yr life than the first 2weeks on our 2050s david. Sent from an email server. On Dec 8, 2011, at 10:11 AM, "Gregory Croft" <gcroft@shoremortgage.com> wrote:
What kind of Bugs are you running into? I have two PA500's at the moment and haven't really had any issues with web filtering.
Thank you, Gregory S. Croft
-----Original Message----- From: David [mailto:david@davidswafford.com] Sent: Thursday, December 08, 2011 9:50 AM To: Gregory Croft Cc: <nanog@nanog.org> Subject: Re: BGP and Firewalls...
I wouldn't do it. We have 8 x PA-2050s and run into a lot of wierd bugs.... (just doing web filtering)
David
Sent from an email server.
On Dec 7, 2011, at 12:31 PM, "Gregory Croft" <gcroft@shoremortgage.com> wrote:
Hi All,
Does anyone have any experience with using firewalls as edge devices when BGP is concerned?
Specifically the Palo Alto series of devices.
If so please contact me off list.
Thank you.
Thank you,
Gregory S. Croft
participants (1)
-
David