Re: Checkpoint IPS

["Roland Dobbins" <rdobbins () arbor net>]

On 6 Feb 2015, at 4:24, Terry Baranski wrote:

> It highlights the importance of knowing what you're doing in the real 
> world, on networks that exist and which you actually understand 
> intimately,
> end-to-end.

Absolutely.  At least one of the parties in this discussion has such 
knowledge of and experience on real-world networks of considerable 
scale, and is not infrequently engaged hands-on in the preservation of 
availability on said networks in fraught circumstances.

> And maybe also of not working for vendors, since these two things are 
> often mutually exclusive.

Again, absolutely.  At least one of the parties has seen firsthand the 
extremely negative impact of the devices in question on a broad array of 
large-scale production networks ever since said devices were first 
introduced in the 1990s, having been awakened at 0Dark30 on numerous 
occasions with pleas for assistance because 'the network is down', 'the 
data center is offline', 'our entire wireless broadband network is 
down', et. al., due to the manifest failings of such devices.

Anyways, enough.  This topic has been thoroughly discussed multiple 
times on this list and on others of an operational nature; if you 
believe it wise to discount the well-understood negative impact of such 
devices on availability, that is your choice.

-----------------------------------
Roland Dobbins <rdobbins () arbor net>