[c-nsp] Trouble in an ASA migration from CheckPoint
Tony Varriale
tvarriale at comcast.net
Mon May 11 16:00:31 EDT 2009
What's the bug id for that?
Why are you running interim code?
tv
----- Original Message -----
From: "SHAM SHARMA" <wisesham at gmail.com>
To: "Marcelo Zilio" <ziliomarcelo at gmail.com>
Cc: "Cisco-nsp" <cisco-nsp at puck.nether.net>
Sent: Monday, May 11, 2009 1:01 PM
Subject: Re: [c-nsp] Trouble in an ASA migration from CheckPoint
> we just moved to ASA's from checkpoint
>
> - CPU Spike bug is confirmed by cisco .. tht has brought our network
> down 3 times so far ...currently we are running 8 0 (4) 28 ... now
> cisco is releasing 8 0 (4) 32 and they confident they have fixed cpu
> spike issue in it ..
>
> - plus doing changes from ASDM features are not as good as of checkpoint
> like u cannot search host/source ip's
>
> users complaining some of the application has become slow after we
> shifted to ASA's
>
> it has behaved few times so differntly .. that we are scared of
> logging into ... its so un-reliable ..edit a network object and next
> moment.. it dies ...
>
> first impression is same ..good marketing but not a solid product
>
>
>
> On 5/11/09, Marcelo Zilio <ziliomarcelo at gmail.com> wrote:
>> Hi Sham,
>>
>> I've been working with Cisco Firewalls for the past four years and until
>> now
>> they always worked well for me.
>>
>> The old PIXes before version 7.x really leave to be desired, but the new
>> ASA
>> have been greatly improved.
>>
>> However I have to agree with you in some points (using a lot of public
>> IPs
>> in this particular case).
>>
>> To compare different brands its complicated. There will always be
>> advantages
>> and disadvantages in using one or other.
>>
>> Thanks and regards
>> Marcelo
>>
>> 2009/5/11 SHAM SHARMA <wisesham at gmail.com>
>>
>> > Agree .. Cisco still has long way to go match with Checkpoint
>> >
>> > You will notice it as you will go with this transaction .... You will
>> > endup in using more public IP's ... finding lot of bugs ... helping
>> > Cisco not vice versa
>> >
>> > Sorry but tht's utter truth ...
>> >
>> >
>> >
>> >
>> > On 5/11/09, Rubens Kuhl <rubensk at gmail.com> wrote:
>> > > On Mon, May 11, 2009 at 10:11 AM, Marcelo Zilio
>> > > <ziliomarcelo at gmail.com>
>> wrote:
>> > > > Hi Rubens,
>> > > >
>> > > > Thanks for your response.
>> > > >
>> > > > I'm sorry, but I didn't understand what you meant...
>> > > >
>> > > > Remember IPs 200.1.1.1 and 190.1.1.1 are Internet address and I
>> > > > cannot
>> > > > control their DNS resolution.
>> > >
>> > > Yes we can! :-)
>> > >
>> > >
>> http://www.oreillynet.com/pub/a/oreilly/networking/news/views_0501.html
>> > >
>> > > In effect, you would answer based on the IP address of the DNS
>> > > recursor and not the client itself, but if we are talking big /8s,
>> > > that usually has a strong correlation.
>> > >
>> > >
>> > > Rubens
>> >
>> >
>> >
>> > > _______________________________________________
>> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
>> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
>> > >
>> >
>>
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list