Totally... I'd never consider a Cisco solution for any firewall
application... Anyone who does nowadays is just asking to be added to
Shinder's List. ;)
The real reason I posted to this thread is because someone referenced
Pussonasore's quote as if it had some sort of bearing on reality.
t
http://www.ISAserver.org
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Sunday, October 30, 2005 2:00 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Nortel ISA Hardware Firewall
http://www.ISAserver.org
Hi Dr. Shanker-
I have several about the country at my different facilities- mainly for t1's and integrated voice/data circuits. Damn good routers, if you asked me. I've got some that are still in operation after 8 years of constant use, and have never had a single problem with any of them-not even a fan going out.
But yes, it is that sort of performance that make people forget they even have them, and thus, do not think they need attention. I totally agree with you on that point. If Pescatoodles had any real insight (as you do) then he would have made that point rather than blithe on about how "really really really hard" it is to update the IOS. But hey, it may actually be really, really, really hard for him. Copying over a .bin file, or just replacing one in the tftp boot server and cycling the router is something my 4 year can do, but I guess not everyone has his skilz ;)
t
http://www.ISAserver.org
Hi Tungsten, I hear a lot of how difficult it is to upgrade the IOS, but I don't know from personal experience, since the only way Cisco will ever get any of my money is by prying it out of my cold, dead hands.
The problem is more related to the perception that its not requried -- since these devices were forged by Zeus with alloys created by all the pantheon, why monkey around with the eternal?
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
-----Original Message----- From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx] Sent: Friday, October 28, 2005 7:22 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Nortel ISA Hardware Firewall
http://www.ISAserver.org
I must be lucky... I just copy over the .bin file, reload, confirm my config, re-save the running config to startup and move on. I've never really had a problem updating my IOS, and I was one of the early deployers of Voice over Frame with the MC3810 series (which went through several revisions). I've been doing it for years and years now.
Do you other folks really have that much trouble upgrading Cisco IOS? I was not surprised to hear Pescatore bitch about it, but that is for a different matter completely..
t
----- Original Message ----- From: "Tiago de Aviz" <Tiago@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, October 28, 2005 1:56 PM
Subject: [isalist] RE: Nortel ISA Hardware Firewall
http://www.ISAserver.org
Hell, who wouldn't want a self-update mechanism? Updating IOS is so painful that you're almost giving up when you think about it.
That's a Cisco-Engineer trouble ticket generator, that's what it is. Same old story as the hardware firewall: As long as it's flowing hot air, it's ok.
Tiago de Aviz SoftSell - Curitiba (41) 3340-2363 www.softsell.com.br
Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação.
>>> DBall@xxxxxxxxxxx 27/10/2005 23:08 >>>
http://www.ISAserver.org
Here is it, from Tuesday's SANS NewsBites Vol. 7 Num. 47: -------------------------------------------------------------- ---------- --- --Cisco Customers Unaccustomed to Updates (20 October 2005) Cisco CSO John Stewart says that because Cisco customers are unaccustomed to updating their network hardware operating system on a regular basis, many are still running old versions of the company's Internetwork Operating System (IOS). Mr. Stewart says Cisco has not adopted automatic patching because its customers do not want it. He hopes that the outcome of an unexpected vulnerability disclosure earlier this year will be that Cisco IOS users upgrade to the latest version to protect their systems. http://www.zdnet.com.au/news/security/print.htm?TYPE=story&AT= 39217949-2 000061744t-10000005c [Editor's Note (Pescatore): The issue is more that it has been really, really painful to update IOS. It isn't a patch action, it is a shut down and reload the OS action, which is very disruptive to the network and very manpower intensive. While the best solution is always better software development processes to reduce vulnerabilities, software vendors (and switch vendors ship a lot of software) have to invest a lot to make the patch process easier and faster for their customers. Microsoft learned this back during the worms of 2001 and now most enterprises can patch Windows much, much faster with much less pain.] -------------------------------------------------------------- ---------- ---
-----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, October 27, 2005 3:41 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Nortel ISA Hardware Firewall
http://www.ISAserver.org
Hi Dan,
That would be great! Thanks! Tom
Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?**
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx