Educause Security Discussion mailing list archives
Re: Fortinet vs. Palo Alto
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Fri, 25 Feb 2011 16:02:18 -0600
Not much of the "first time asked" in the last year or so. We're big enough that almost any product that works for us is imagined to be a potential US-Federal sale, so v6 is not completely unknown. Known, ready, capable, fully-featured... it's pretty much all on the lefthand side of the scale. A few in the middle. For fun, ask an Enterprise Vulnerability Management vendor about asset discovery and v6 sometime. You can really separate those with clue from the poseurs. The really long poles, however, seem to be in address-based policy enforcement, network management, and network monitoring. There's an *awful* lot of fields in databases and UIs that need to be changed. As well, the field-validation routines. Those are just the ones I've seen recently. Setting up the networks is work, especially for those who haven't run multiple addressing and service schemes over a single network like us graybeards did back in the day. The applications (server or client) that will have to talk dual-stack or 6-only are gonna be work. Touching all the applications to monitor and manage all the information around v4+v6... that's gonna be quite an effort. And there's gonna be surprises. "Hey, this is gonna be OK - we'll terminate v6 at the front of the load balancer, leave all the datacenter apps on v4! Win!" "Didn't you mention once that we inject a synthesized header into the inside http stream from the LB to the app servers, carrying the apparent global IP address of the client inside?" "Oh. Um..." "Don't we write that into a table for session-state tarcking? And log it?" "Hm." -jml
Valdis Kletnieks <Valdis.Kletnieks () VT EDU> 2011-02-25 15:37 >>>
On Fri, 25 Feb 2011 15:30:35 CST, John Ladwig said:
I ask that question a lot.
How often do the vendors lie and say "You're the first customer to ask about IPv6"? ;)
Current thread:
- Fortinet vs. Palo Alto Consolvo, Corbett D (Feb 25)
- Re: Fortinet vs. Palo Alto Nathaniel Hall (Feb 25)
- Re: Fortinet vs. Palo Alto Kevin Wilcox (Feb 25)
- Re: Fortinet vs. Palo Alto Roderick Cook (Feb 25)
- Re: Fortinet vs. Palo Alto Basgen, Brian (Feb 25)
- Re: Fortinet vs. Palo Alto Tim Nance (Feb 25)
- Re: Fortinet vs. Palo Alto Kellogg, Brian D. (Feb 25)
- Re: Fortinet vs. Palo Alto Valdis Kletnieks (Feb 25)
- Re: Fortinet vs. Palo Alto John Ladwig (Feb 25)
- Re: Fortinet vs. Palo Alto Valdis Kletnieks (Feb 25)
- Re: Fortinet vs. Palo Alto John Ladwig (Feb 25)
- Re: Fortinet vs. Palo Alto Nathaniel Hall (Feb 25)
- <Possible follow-ups>
- Re: Fortinet vs. Palo Alto Joe Guenther (Mar 03)
- Re: Fortinet vs. Palo Alto Will Froning (Mar 06)